* * * Cyber Security Jeopardy * * *

Grand Theft Data

Breach Me Baby

Securely Ever After

It's Risky Business

100

If you are leaving your computer unattended you must Ctrl-Alt-Delete + Enter to lock your screen, but this is another, shorter key sequence to do the same thing.

What is Windows button + L key sequence?

100

This type of review ensures security controls are in place and effective.

What is a security audit?

100

This is the process of revoking access when an employee no longer meets CIP requirements.

What is access revocation?

100

An approved online cloud storage service being used by our employees.

What is Microsoft OneDrive?

200

The process of scrambling messages or information in such a way that only authorized parties can read it.

What is encryption?

200

These are the three key components of an effective internal control system.

What are preventive, detective, and corrective controls?

200

This CIP requirement focuses on ensuring personnel receive training and authorization.

What is CIP-004?

200

Type of software specifically designed to gain access or damage a computer without the knowledge of the owner.

What is malware?

300

A cyber attack targeting an individual or entity for the purpose of maliciously controlling or disrupting a computing environment to destroy or steal data.

What is a cyber breach?

300

This document identifies audit findings and tracks remediation progress.

What is an audit report?

300

During a grid-impacting cyber event, the CSO team must coordinate directly with this federal agency for threat intel and support.

What is Cybersecurity and Infrastructure Security Agency (CISA)?

300

*** DOUBLE JEOPARDY*** A technique used to attack data-driven applications in which nefarious SQL statements are inserted into an entry field for execution

What is an SQL injection?

400

Performing this action after opening an email from an unknown source could compromise your computer.

What is clicking on a link / opening an attachment?

400

This term describes when an auditor evaluates compliance with security standards.

What is a compliance audit?

400

This plan outlines how the company coordinates cyber and physical response during incidents affecting critical systems.

What is the Incident Response and Recovery Plan?

400

A type of malware that prevents or limits users from accessing their system, either by locking the system's screen or by locking the users' files unless money is paid.

What is ransomware?

500

Public, General Use and Sensitive

What are our company Information Classification Levels?

500

his process involves continuous review and testing of security and operational controls.

What is continuous monitoring?

500

The security controls that protect critical infrastructure, particularly in the electricity sector, from unauthorized entry

What is CIP access

500

This self-proclaimed whistleblower was able to steal copious amounts of data while being employed by the National Security Agency (NSA) of the USA.

Who is Edward Snowden?