GRC
SDLC
Threat Modelling
Vulnerability Management
Security Monitoring
100

What is the name of our internal controls framework?

ICS - In Control Statements

100

What SCA stands for ?

Software Composition Analysis

100

'RISDET' Which threat modelling term was scrambled

STRIDE

100

What's the expected timeline to apply high risk patches?

30 days

100

What is a false positive in secmon?  

An alert that incorrectly flags a suspicious activity, malware or policy violation.

200

Which PCI program/certification provides assurance for end to end encryption for in-store payments?

P2PE - Point to Point Encryption

200

According to the "container image security" guideline we recently adopted, what are the facts we check before approving them ?


1. Security & license evaluation:
- No critical or high vulnerabilities for production/external images

- No critical vulnerabilities for other images

2. Maintainability evaluation

200

Which company played a major role in popularising the term 'threat modelling' and the general approach we also apply?

Microsoft

200

How often do we scan our systems for internal vulnerabilities and which solution is used?

Monthly - Nessus 

200

What is the industry standard for classifying and describing cyberattacks and intrusions?

Mitre Attack Framework

300

According to which european rule or guidelines are we mandated to stablish our Risk Management processes.  

EBA Guidelines. 

300

Name the new SCA scanner we are going to adopt ?

XRAY by JFrog

300

Threat modelling isn't applied across different critical infrastructure sectors. Which sectors jumps out in a positive sense?

Financial services

300

In penetration testing teams colour scheme, what is the color for teams that gather improvements, learnings and recommendations from testing?

Purple Team

300

What alert did we see the most in secmon in 2023?

Firewall drops