Control/framework/Roles

Question 1

What are the three types of controls in cybersecurity?

Answer 1

Preventative
Detective
Corrective

Question 2

What is a preventative control?

Answer 2

They are designed to stop bad things from happening by preventing attacks before they occur.

Question 3

What are some examples of preventative controls?

Answer 3

Unique usernames and passwords for each user

Locking accounts after multiple incorrect password attempts

Keeping software updated

Training users to be cautious when clicking on links in emails

Question 4

What do detective controls do?

Answer 4

They are used to detect something bad that is happening, such as a security breach or attack.

Question 5

What are some examples of detective controls?

Answer 5

Antivirus and antimalware applications

Systems that monitor network activity for malicious behavior

Analyzing log files created by systems during use

Question 6

What are corrective controls used for?

Answer 6

They are used after an attack to restore things to normal.

Question 7

What are some examples of corrective controls?

Answer 7

Incident response
Forensic analysis
Restoring data from backups

Question 8

What are the five functions of the NIST Cybersecurity Framework?

Answer 8

Identify
Protect
Detect
Respond
Recover

Question 9

identify?

Answer 9

To identify assets and threats to those assets, ensuring that an organization spends its resources in the right places.

Question 10

Protect?

Answer 10

Selecting, managing, and optimizing controls to protect the organization from cyber threats.

Question 11

Why do the detect, respond, and recover functions exist in the NIST framework?

Answer 11

Because good cybersecurity assumes that a threat actor may succeed, so organizations need the capabilities to detect, respond to, and recover from an incident.

Question 12

What is the goal of the respond function in the NIST framework?

Answer 12

To respond to detected incidents in a controlled way with the objective of containing the incident.

Question 13

What is the goal of the recover function in the NIST framework?

Answer 13

To recover normal operations after an incident has been contained.

Question 14

Process for Using a Control Framework

Answer 14

Benchmark: Assess where the organization is currently against the framework.
Set Target Posture: Define the desired cybersecurity posture based on the framework.
Manage Change: Plan and manage the changes needed to achieve the target posture.

Question 15

What are some essential controls that almost every organization will use in cybersecurity?

Answer 15

Applying updates (patching) to computer operating systems and applications.
Application whitelisting.
Hardening computers against attacks.
Limiting the number of people with administrative access to systems.
Implementing multifactor authentication (MFA).
Ensuring data is safely backed up.

Question 16

Why is patching an important cybersecurity control?

Answer 16

Patching software fixes vulnerabilities in the system that could be exploited by attackers.

Question 17

What is application whitelisting?

Answer 17

Configuring a computer to only run software that the organization explicitly permits, making it difficult for attackers to run malicious software.

Question 18

What does hardening a computer’s defenses mean?

Answer 18

Configuring all settings for security.

Removing unnecessary software and components to reduce vulnerabilities.

Question 19

What is multifactor authentication (MFA)?

Answer 19

A security control requiring users to provide something in addition to a username and password, such as a fingerprint, smartcard, or one-time code from a smartphone.

Question 20

Why is backing up data essential in cybersecurity?

Answer 20

It allows an organization to restore data and recover operations without paying a ransom if the data is tampered with, erased, or encrypted by an attacker.

Question 21

What is control assurance?

Answer 21

Control assurance ensures that cybersecurity controls are both operational and effective. It involves monitoring systems and testing controls to verify that they function as intended.

Question 22

Why do controls fail?

Answer 22

They are not enabled or are in an error condition.
They have flaws and haven’t been updated.
They were never configured properly.

Question 23

How can organizations ensure controls are operational?

Answer 23

Organizations can deploy monitoring systems and report key performance indicators (KPIs) for controls to ensure they are operational.

Question 24

How can organizations ensure controls are effective?

Answer 24

Organizations can test controls by simulating attacker behavior and verifying that the control works as expected.

Question 25

What is the Capability Maturity Model?

Answer 25

A framework that mature organizations often use to manage control assurance and ensure controls are operational and effective.

Question 26

What does OWASP stand for and what does it do?

Answer 26

The Open Web Application Security Project (OWASP) lists the top 10 most critical web application security risks and provides guidance on how to avoid them.

Question 27

Why is it important to embed security into the software development lifecycle?

Answer 27

Embedding security into the software development lifecycle ensures that developers write secure code, identify vulnerabilities early, and continuously test for security flaws.

Question 28

What is a penetration test?

Answer 28

A penetration test involves hiring someone to pretend to be a cyber attacker and try to exploit any vulnerabilities in an application or system.

Question 29

How is DevOps different from traditional software development in terms of security?

Answer 29

In DevOps, many small updates are released daily, making it important to continuously integrate security practices and test code for vulnerabilities throughout development.

Question 30

What is the role of a security architect in cybersecurity?

Answer 30

A security architect designs secure systems to ensure that the organization’s technology infrastructure is protected against cyber threats.

Question 31

What does a security operations specialist do?

Answer 31

A security operations specialist monitors detective controls for attacker behavior and responds to attacks when detected.

Question 32

What is the role of a penetration tester (ethical hacker)?

Answer 32

A penetration tester finds vulnerabilities in systems and applications by simulating attacks to identify weaknesses before malicious actors can exploit them.

Question 33

What does a GRC (Governance, Risk, and Compliance) specialist do?

Answer 33

A GRC specialist conducts risk assessments and ensures the organization complies with internal policies and external regulations.

Question 34

What is the role of a cybersecurity auditor?

Answer 34

A cybersecurity auditor tests and attests to the effectiveness of controls within the organization and ensures they are properly managed and working.

Question 35

Why is it important for every technology team member to have security skills?

Answer 35

It’s important that all technology team members (e.g., network builders, system developers, application developers) are responsible for building secure systems to reduce the risk of vulnerabilities.