Confidentiality
Integrity
Availability
Education, Awareness, and Training
Cybersecurity Policies and Procedures
100

What is confidentiality in cybersecurity?

Confidentiality in cybersecurity refers to the protection of sensitive information from unauthorized access, disclosure, or alteration.

100

This cybersecurity principle ensures that data remains unaltered and trustworthy throughout its lifecycle.

What is integrity?

100

This cybersecurity principle ensures that information and resources are accessible and usable when needed.

What is availability?

100

Training programs often emphasize the importance of recognizing and avoiding this common social engineering tactic.

What is phishing?

100

This policy outlines the process for identifying, testing, and applying software updates to address security vulnerabilities.

What is a Patch Management Policy?

200

This crucial technique transforms data into an unreadable format to protect confidentiality.

What is encryption?

200

Unauthorized modification of data, compromising its integrity, is commonly referred to by this term.

What is data tampering?

200

SLAs often include this metric, indicating the maximum acceptable downtime for a service.

What is downtime or service outage duration?

200

Employees are educated about organizational rules and guidelines through the dissemination of these documents.

What are security policies?

200

These procedures define how access to information and information systems is granted, modified, or revoked.

What are access control procedures?

300

This mechanism ensures that only authorized users can access specific resources or information.

What is access control?

300

Cybersecurity incidents like ransomware attacks often compromise the integrity of data through this means.

What is encryption or data encryption?

300

Fault-tolerant systems are designed to continue operating even in the presence of these.

What are hardware or software faults or failures?

300

Training addresses the human factor in cybersecurity, aiming to reduce susceptibility to manipulative techniques like this.

What is social engineering?

300

This documented procedure outlines the steps an organization should take in response to a cybersecurity incident.

What is an incident response plan?

400

Categorizing information based on sensitivity and importance is known as this and helps apply appropriate security measures.

What is data classification?

400

Ensuring input data is correct, complete, and secure before processing is an essential aspect of maintaining the integrity of a system, known as this.

What is data validation?

400

This plan outlines procedures to resume normal operations after a catastrophic event, ensuring availability.

What is a disaster recovery plan?

400

Employees are educated on the proper steps to take in the event of a cybersecurity incident through this type of training.

What is incident response training?

400

This policy ensures that employees receive regular training on cybersecurity best practices to enhance their awareness and knowledge.

What is a Security Awareness Training Policy?

500

These include unauthorized access, data breaches, insider threats, and inadequate security measures.

What are risks to confidentiality?

500

This process ensures the integrity of the system boot process by validating the authenticity of the firmware and operating system.

What is Secure Boot?

500

This technique distributes network traffic across multiple servers to prevent overloading and ensure even resource utilization.

What is load balancing?

500

These programs aim to foster a culture of security consciousness throughout an organization.

What are security awareness programs?

500

This policy establishes requirements for creating, managing, and securing passwords to prevent unauthorized access.

What is a Password Policy?