Info security 101
Terms/Tools
Intrusion attack
True/False
Vendor Intake Form
100

Cyber security is a discussion amongst who?

Teams: Cyber security is a group effort and team discussion

100

These are measures and actions regarding threats, put in place to  protect the business and reduce info security risks.

Controls

100

What is the 3rd step to an intrusion attack chain

Delivery: Weapon is sent target

100

Cyber security is a IT issue 

False: It's a business problem


100

This person is the responsible for filling out the Intake form and providing it to the security team

Business owner


200

This process is used to fix vulnerabilities 

Patching

200

This is a type of authentication where you  first you must log with in a user name and password . Then, receive a confirmation through an email, phone, or text message

Two Factor authentication 

200

What must you do to stop a hacker's progress in attack.

break on chain link.

200

Cyber security is protecting data

True

200

What is a vendor?

Products, service, tools, or software used to sell to the user or company

300

What one main purpose of a cybersecurity analyst ?

to promote sales and business opportunities. Remember we are advisors and not decision makers!

300

What does SAAS stand for? Provide a definition and give an example?

Software As a Service.

Service need the internet to use. Examples: Whatsapp, Facebook, Youtube, Netflix


300

This is a type of intrusion you must pay for the hacker to unlock and get access to your files.

What is Ransomware?

300

There is no requirement to fill out a vendor Intake form if the data is public.

False. Still fill out form to determine if there will be a security risk.

300

What is purpose of a vendor risk management?

To highlight risks and make recommendations

400

What is the 1st step in building a security program?

Need to know how the business sensitive data is used, stored, and/or sent. 

400

This a place where multiple servers are store.

What is the Data Center?

400

Name one of each examples (physical, administrative  and technical ) controls used in cyber security.


Physical: badges, receptionist, locks, security

administrative : policies,  procedures, code of conduct

technical: password, 2fa, Multi-FA,

400

A firewall can block traffic coming in the network.

True. A firewall is software installed or a physical device connected to the network to filter traffic coming in and out of the network.

400

Name Three things the security team focuses(look out for) when using a vendor?

1. Data classification

2. Data description: describes what data the vendor will handle/access. Example: internal, financial, customer data 

3. What the vendor will be doing with the data and How will they be using it?

500

What is the Key mission of Info security?

Protecting sensitive and confidential data.

500

What is GRC and what are the three relevant areas

Governance Risk Compliance

Three relevant areas: Security, compliance and contact requirement

500

What is a solid cybersecurity program built upon?

a good vendor risk management program

500

PCI DSS ( Payment Card Industry Data Security Standard) is considered a  type of regulation. 

false. It's a framework

500

List the three steps of filling a Vendor Intake form

1. The business owner in the company will fill out the form 

2. The business owner explains why they need the vendor. They also will explain the data the vendor has access to whether it's public or restricted 

3. After reviewing the form you 

determine if assessment is required based on how you'll be receiving the data from the company

M
e
n
u