* * * Cyber Security Jeopardy * * *

Grand Theft Data

Breach Me Baby

Securely Ever After

It's Risky Business

100

If you are leaving your computer unattended you must Ctrl-Alt-Delete + Enter to lock your screen, but this is another, shorter key sequence to do the same thing.

What is the Windows button + L key sequence?

100

This type of review ensures security controls are in place and effective.

What is a security audit?

100

This is the action taken when a CIP employee does not complete their annual training.

What is access revocation?

100

An approved online cloud storage service being used by our employees.

What is Microsoft OneDrive?

200

The process of scrambling messages or information in such a way that only authorized parties can read it.

What is encryption?

200

These are the three key components of an effective internal control system.

What are preventive, detective, and corrective controls?

200

This CIP requirement focuses on ensuring personnel receive training and authorization.

What is CIP-004?

200

Type of software specifically designed to gain access or damage a computer without the knowledge of the owner.

What is malware?

300

A cyber attack targeting an individual or entity for the purpose of maliciously controlling or disrupting a computing environment to destroy or steal data.

What is a cyber breach?

300

This document identifies audit findings and tracks remediation progress.

What is an audit report?

300

During a grid-impacting cyber event, the CSO team must coordinate directly with this federal agency for threat intel.

What is Cybersecurity and Infrastructure Security Agency (CISA)?

300

*** DOUBLE JEOPARDY***

A technique used to attack data-driven applications in which nefarious statements are inserted into an entry field for execution.

What is a SQL injection?

400

Performing this action after opening an email from an unknown source could compromise your computer.

What is clicking on a link / opening an attachment?

400

*** DOUBLE JEOPARDY***

This term describes when an auditor evaluates compliance with security standards.

What is a compliance audit?

400

This plan outlines how the company coordinates cyber and physical responses during incidents affecting critical systems.

What is the Incident Response and Recovery Plan?

400

A type of malware that prevents or limits users from accessing their system, either by locking the system's screen or by locking the users' files unless money is paid.

What is ransomware?

500

Public, General Use and Sensitive

What are our company Information Classification Levels?

500

This process involves continuous review and testing of security and operational controls.

What is continuous monitoring?

500

The security controls that protect critical infrastructure, particularly in the utility sector, from unauthorized entry.

What is CIP access

500

This self-proclaimed whistleblower was able to steal copious amounts of data while being employed by the National Security Agency (NSA) of the USA.

Who is Edward Snowden?