Left of Boom
The training we wished every user took seriously so they would just stop clicking those links in emails.
What is Cyber or Security Awareness Training?
The very first control. CIS 1.1: Establish and Maintain a Detailed Enterprise __________.
What is Asset Inventory?
The magical act of writing stuff down so teammates and new hires in IT are not in the dark.
What is Documentation and/or SOPs?
The meeting with a customer that confirms... "Here's why you still pay us." :)
What is the QBR - Quarterly Business Review?
Requiring two forms of verification to access an account or system.
What is MFA - Multi-factor Authentication?
The control you hope is in place on a laptop to protect PII data when a user reports that their laptop is stolen.
What is endpoint encryption?
(Bitlocker, FileVault, etc.)
CIS 5.1: Establish and Maintain an Inventory of _______.
What is Accounts?
What is context switching or the shoulder tap?
What a customer says to you when an internet domain expires on your watch, causing an outage.
What is... "Didn't we hire you to take care of this?"
The acronym, ASM, stands for a solution that combines asset discovery, inventory, configurations, and vulnerabilities into one system.
What is Attack Surface Management?
The required remediation for a vulnerability identified with a CVE.
What is a Patch or Security Update?
CIS 2.1: Establish and Maintain a _________ Inventory.
What is Software?
The most used word in Managed Services... the opposite of reactive.
What is proactive?
The process that failed when a customer says "Why does Bob still have access? He left the company last month."
What is proper deprovisioning and the associated HR processes to indicate departure?
Endpoint solution that leverages behavioral analysis rather than signatures to detect malware.
What is EDR - Endpoint Detection and Response?
The 2 core functions in the original 5 within NIST that are Left of Boom.
CIS 3.2: Establish and Maintain a _____________.
What is a Data Inventory?
The symptom detected when someone made an unexpected DNS change.
What is email downtime or website down?
What is Governance, Risk and Compliance?
When a system's setup degrades from it's desired state.
The 3rd step in MITRE's Attack Framework where the adversary is trying to get into your network.
What is Initial Access?
CIS 4.1: Establish and Maintain a Secure _________ Process.
What is Configuration?
Two critical teams that bring order to left and right of boom in IT & Security. Hint: They rhyme with the word "rock".
What is the NOC and the SOC? Bonus if you mentioned ROC. :)
In Cyber, Impact and Probability are multiplied to calculate this.
What is Risk?
(vCIOs use this to prioritize initiatives.)
What cloud-based network architecture converges network and security into a single solution and is replacing VPN?
What is SASE - Secure Access Service Edge?