Risk Management
A potential cause of an unwanted incident.
What is a threat?
HTTPS
What protocol secures web traffic?
Multi-Factor Authentication.
What is MFA?
(What does it mean, something you know and something you have?)
Users should only have access necessary to perform tasks.
What is incident response?
GDPR
What law protects EU citizen data?
The amount and type of risk an organization is willing to pursue.
What is risk tolerance?
A buffer zone between internal and external networks.
What is a DMZ?
Role-Based Access Control.
What is RBAC?
(Should roles be clearly defined?)
Security Information and Event Management.
What is a SIEM?
Health data privacy law in the US.
What is HIPAA
Risk that remains after controls are applied.
What is residual risk?
Secure Sockets Layer - used to encrypt traffic.
What is SSL?
Single Sign-On.
What is SSO?
(Why is it used?)
Business Continuity Planning.
What is BCP?
Sarbanes-Oxley Act for financial data.
What is SOX?
To document all identified risks.
What is the purpose of a risk register?
Virtual Private Network for secure remote access.
What is a VPN?
Linking digital identities across systems.
What is identity federation?
(Why is it important?)
Disaster Recovery Planning.
What is DRP?
Standard for securing credit card data.
What is PCI DSS?
Investigation or actions taken to prevent risk.
What is due diligence?
Intercepting network traffic to analyze it.
What is packet sniffing?
Users should only have access necessary to perform tasks.
What is least privilege?
(How does this concept improve network security?)
Reviewing logs for unusual or suspicious activity.
What is log analysis?
Legal rights to inventions and creative work.
What is intellectual property?