Cybersecurity Questions and Answers
Graded A+
What is cybersecurity - answer preventing the unauthorized access to data and
information systems
what three goals does cybersecurity have - answer confidentiality, integrity, accessibility
what is the confidentiality goal of cybersecurity - answer ensuring no one with
authorized can access information
what is the integrity goal of cybersecurity - answer ensuring the data hasn't been
manipulated and is accurate
what is the availability goal of cybersecurity - answer ensuring the systems are available
to the end users
what are the three main methods or controls that shape cybersecurity? - answer people,
process, technology
what is the role of people in cybersecurity - answer- giving people the skills and
information to implement an effective cybersecurity program
- training, awareness, building skills
what is process in cybersecurity - answer the policies and organizational procedures
used to implement and manage the cybersecurity program
what role does technology play in cybersecurity - answer the tools or controls used to
implement the cybersecurity lifecycle
what is the cybersecurity lifecycle - answer the components of cybersecurity according
to NIST
what are the NIST components of the cybersecurity lifecycle - answer identify, monitor,
protect, detect, respond, recover
what is the old model to approach cybersecurity - answer the perimeter model (hard
shell, soft inside)
why is the perimeter model not fully effective in cybersecurity - answer- the perimeter is
not perfect and is only one layer
,- you have to violate the perimeter all the time to share information between authorized
users
- too many doors and windows
What is the Identify function in the NIST model? - answer Identify
The Identify Function assists in developing an organizational understanding to
managing cybersecurity risk to systems, people, assets, data, and capabilities.
Understanding the business context, the resources that support critical functions, and
the related cybersecurity risks enables an organization to focus and prioritize its efforts,
consistent with its risk management strategy and business needs.
Examples of outcome Categories within this Function include:
Identifying physical and software assets within the organization to establish the basis of
an Asset Management program
Identifying the Business Environment the organization supports including the
organization's role in the supply chain, and the organizations place in the critical
infrastructure sector
Identifying cybersecurity policies established within the organization to define the
Governance program as well as identifying legal and regulatory requirements regarding
the cybersecurity capabilities of the organization
Identifying asset vulnerabilities, threats to internal and external organizational
resources, and risk response activities as a basis for the organizations Risk
Assessment
Identifying a Risk Management Strategy for the organization including establishing risk
tolerances
Identifying a Supply Chain Risk Management strategy including priorities, constraints,
risk tolerances, and assumptions used to support risk decisions associated with
managing supply chain risks
what is the Protect function in the NIST model - answerThe Protect Function outlines
appropriate safeguards to ensure delivery of critical infrastructure services. The Protect
Function supports the ability to limit or contain the impact of a potential cybersecurity
event.
Examples of outcome Categories within this Function include:
Protections for Identity Management and Access Control within the organization
including physical and remote access
Empowering staff within the organization through Awareness and Training including role
based and privileged user training
,Establishing Data Security protection consistent with the organization's risk strategy to
protect the confidentiality, integrity, and availability of information
Implementing Information Protection Processes and Procedures to maintain and
manage the protections of information systems and assets
Protecting organizational resources through
Maintenance, including remote maintenance, activities
Managing Protective Technology to ensure the security and resilience of systems and
assists are consistent with organizational policies, procedures, and agreements
What is the Detect function in the NIST model? - answerDetect: Identifying the
occurrence of a cybersecurity event (an incursion or attempted incursion) in a timely
manner
Details:
The Detect Function defines the appropriate activities to identify the occurrence of a
cybersecurity event. The Detect Function enables timely discovery of cybersecurity
events.
Examples of outcome Categories within this Function include:
Ensuring Anomalies and Events are detected, and their potential impact is understood
Implementing Security Continuous Monitoring capabilities to monitor cybersecurity
events and verify the effectiveness of protective measures including network and
physical activities
Maintaining Detection Processes to provide awareness of anomalous events
What is the Respond function in the NIST model? - answerTo take action regarding .
detected cybersecurity incident to minimize impact
Details:
The Respond Function includes appropriate activities to take action regarding a
detected cybersecurity incident. The Respond Function supports the ability to contain
the impact of a potential cybersecurity incident.
Examples of outcome Categories within this Function include:
Ensuring Response Planning process are executed during and after an incident
Managing Communications during and after an event with stakeholders, law
enforcement, external stakeholders as appropriate
, Analysis is conducted to ensure effective response and support recovery activities
including forensic analysis, and determining the impact of incidents
Mitigation activities are performed to prevent expansion of an event and to resolve the
incident
The organization implements Improvements by incorporating lessons learned from
current and previous detection / response activities
What is the Recover function in the NIST model - answerTo maintain plans for
resilience and to restore services impaired during cybersecurity incidents
Details:
The Recover Function identifies appropriate activities to maintain plans for resilience
and to restore any capabilities or services that were impaired due to a cybersecurity
incident. The Recover Function supports timely recovery to normal operations to reduce
the impact from a cybersecurity incident.
Examples of outcome Categories within this Function include:
Ensuring the organization implements Recovery Planning processes and procedures to
restore systems and/or assets affected by cybersecurity incidents
Implementing Improvements based on lessons learned and reviews of existing
strategies
Internal and external Communications are coordinated during and following the
recovery from a cybersecurity incident
Why systems are vulnerable - answer- Accessibility of networks via unauthenticated
sources (e.e., open to the internet)
- Hardware problems (breakdowns, configuration errors, damage from improper use or
crime, failure to maintain patches to the hardware such as a firmware update.
- Software Problems (programming or installation errors, unauthorized changes, failure
to maintain patches to the software)
- Use of networks/computers outside of firm's control
- Loss and theft of end points with authenticated access to the systems such as portable
devices
Internet Vulnerabilities - answer- Network open to anyone
- Size of internet means abuses can have wide impact
- Use of fixed internet addresses (IPs) with cable/DSL modems creates fixed targets for
hackers
- encrypted VOIP
- E-mail, P2P, IM