Security Capabilities
This encryption algorithm is commonly used for securing internet traffic and is known for its ability to provide both confidentiality and integrity. What is the name of this algorithm?
What is AES (Advanced Encryption Standard)?
This phase of the incident response process involves identifying the signs of a potential security incident and determining if an incident has occurred. What is the name of this phase?
What is the detection phase?
This regulatory compliance standard sets requirements for protecting controlled unclassified information (CUI) in non-federal systems and organizations. What is the name of this standard?
What is NIST?
This process involves identifying and prioritizing risks based on their likelihood and impact on an organization's objectives. What is the name of this process?
What is Risk Prioritization?
This regulation requires organizations to implement measures to protect the privacy and security of personal data belonging to EU residents. What is the name of this regulation?
What is the General Data Protection Regulation (GDPR)?
This principle of access control ensures that individuals only have access to the resources they need to perform their job functions. What is the term for this principle?
What is the principle of least privilege?
This type of indicator provides evidence that a security incident has occurred or is currently underway, such as unusual network traffic or unexpected system behavior. What is the term for this type of indicator?
What are behavioral indicators?
This concept in governance emphasizes the need for organizations to establish clear guidelines and procedures for handling security incidents and breaches. What is the term for this concept?
What is an Incident Response Plan (IRP)?
This risk response strategy involves reducing the likelihood or impact of a risk by implementing controls or countermeasures. What is the term for this strategy?
What is Risk Remediation?
This principle of data protection requires organizations to ensure that personal data is accurate, up-to-date, and relevant for the purposes for which it is processed. What is the name of this principle?
What is Data Accuracy?
This network security device examines incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules. What is the name of this device?
What is a firewall?
This phase of the incident response process involves containing the impact of the incident to prevent it from spreading further throughout the organization's network. What is the name of this phase?
What is the containment phase?
This type of security policy outlines the acceptable use of organization-owned IT resources by employees and typically includes guidelines for internet usage, email communication, and software installation. What is the name of this policy?
What is an Acceptable Use Policy (AUP)?
This risk response strategy involves accepting the potential impact of a risk without taking any specific action to mitigate it. What is the term for this strategy?
What is Risk Acceptance?
This document outlines the terms and conditions governing the collection, use, storage, and sharing of personal data by an organization. What is the name of this document?
What is a Privacy Policy?
This phase of the incident response process involves documenting the details of the incident, including what happened, when it happened, and the actions taken to mitigate the incident. What is the name of this phase?
What is the documentation phase?
This type of indicator provides information about the tactics, techniques, and procedures (TTPs) used by threat actors during a security incident, helping analysts understand the nature of the attack. What is the term for this type of indicator?
What are TTP (Tactics, Techniques, and Procedures) indicators?
This principle of governance highlights the importance of ensuring that individuals only have access to the information and resources necessary to perform their job functions. What is the name of this principle?
What is the principle of least privilege?
This risk response strategy involves reducing the likelihood or impact of a risk by implementing controls or countermeasures. What is the term for this strategy?
What is Risk Mitigation?
This regulatory compliance standard provides guidelines for securing payment card transactions to prevent fraud and data breaches. What is the name of this standard?
What is the Payment Card Industry Data Security Standard (PCI DSS)?
This risk assessment methodology assigns values to assets, threats, vulnerabilities, and safeguards to calculate the potential impact of various risks. What is the name of this methodology commonly used in risk management?
What is quantitative risk assessment?
This phase of the incident response process involves eradicating the root cause of the incident and restoring affected systems to a known good state. What is the name of this phase?
What is the eradication phase?
This international standard specifies requirements for establishing, implementing, maintaining, and continually improving an information security management system (ISMS) within the context of the organization's overall business risks. What is the name of this standard?
What is ISO/IEC 27001?
This risk assessment methodology uses qualitative analysis to categorize risks based on their likelihood and impact using terms such as high, medium, and low. What is the name of this methodology?
What is Qualitative Risk Assessment?
This principle of data protection requires organizations to limit access to personal data to authorized individuals and processes. What is the name of this principle
What is Data Minimization?