Info security 101
Cyber security is a discussion amongst who?
Teams: Cyber security is a group effort and team discussion
These are measures and actions regarding threats, put in place to protect the business and reduce info security risks.
Controls
What is the 3rd step to an intrusion attack chain
Delivery: Weapon is sent target
Cyber security is a IT issue
False: It's a business problem
This person is the responsible for filling out the Intake form and providing it to the security team
Business owner
This process is used to fix vulnerabilities
Patching
This is a type of authentication where you first you must log with in a user name and password . Then, receive a confirmation through an email, phone, or text message
Two Factor authentication
What must you do to stop a hacker's progress in attack.
break on chain link.
Cyber security is protecting data
True
What is a vendor?
Products, service, tools, or software used to sell to the user or company
What one main purpose of a cybersecurity analyst ?
to promote sales and business opportunities. Remember we are advisors and not decision makers!
What does SAAS stand for? Provide a definition and give an example?
Software As a Service.
Service need the internet to use. Examples: Whatsapp, Facebook, Youtube, Netflix
This is a type of intrusion you must pay for the hacker to unlock and get access to your files.
What is Ransomware?
There is no requirement to fill out a vendor Intake form if the data is public.
False. Still fill out form to determine if there will be a security risk.
What is purpose of a vendor risk management?
To highlight risks and make recommendations
What is the 1st step in building a security program?
Need to know how the business sensitive data is used, stored, and/or sent.
This a place where multiple servers are store.
What is the Data Center?
Name one of each examples (physical, administrative and technical ) controls used in cyber security.
Physical: badges, receptionist, locks, security
administrative : policies, procedures, code of conduct
technical: password, 2fa, Multi-FA,
A firewall can block traffic coming in the network.
True. A firewall is software installed or a physical device connected to the network to filter traffic coming in and out of the network.
Name Three things the security team focuses(look out for) when using a vendor?
1. Data classification
2. Data description: describes what data the vendor will handle/access. Example: internal, financial, customer data
3. What the vendor will be doing with the data and How will they be using it?
What is the Key mission of Info security?
Protecting sensitive and confidential data.
What is GRC and what are the three relevant areas
Governance Risk Compliance
Three relevant areas: Security, compliance and contact requirement
What is a solid cybersecurity program built upon?
a good vendor risk management program
PCI DSS ( Payment Card Industry Data Security Standard) is considered a type of regulation.
false. It's a framework
List the three steps of filling a Vendor Intake form
1. The business owner in the company will fill out the form
2. The business owner explains why they need the vendor. They also will explain the data the vendor has access to whether it's public or restricted
3. After reviewing the form you
determine if assessment is required based on how you'll be receiving the data from the company