Week 6

Question 1

What are the main areas in a security team?

Answer 1

Security Operations, Strategy & Policies, Risk Management, Assurance & Testing, Comms & Training, Projects, Physical Security & Business Continuity.

Question 2

What does Security Operations involve?

Answer 2

Monitoring, SOC, Incident Response, Threat Intelligence, Pen Testing, Network Security, Identity & Access Management, Recovery.

Question 3

What is the role of Strategy & Policies?

Answer 3

Create security strategy, write policies, assess current capabilities, and fix security gaps.

Question 4

What does Risk Management include?

Answer 4

Risk visuals, meetings, impact assessments, legal reviews, accepting risks, and managing GRC tools.

Question 5

What is Assurance & Controls Testing?

Answer 5

Test controls, plan assurance, work with auditors, handle third-party assessments, support certification.

Question 6

What does Communication & Training cover?

Answer 6

User training, phishing tests, awareness campaigns, training plans, stakeholder materials.

Question 7

What are key tasks in Security Projects?

Answer 7

Budgeting, planning delivery, securing resources, managing change and stakeholders.

Question 8

What does Physical Security & Business Continuity include?

Answer 8

Site access, insider threats, crisis planning, executive protection, high-risk travel.

Question 9

What does a CISO do?

Answer 9

Leads security, makes key decisions, manages security messages, and works with senior leaders.

Question 10

Who might a CISO report to?

Answer 10

CIO, CTO, Head of Operations, Corporate Security, Audit, Risk Controller, or CEO.

Question 11

What framework is used for cyber security best practices?

Answer 11

NIST Cybersecurity Framework.

Question 12

What are common real-world challenges in cyber security?

Answer 12

Complexity, competing priorities, and limited capacity.

Question 13

What makes a system complex?

Answer 13

Many parts (dimensions) and high interdependence.

Question 14

What are top risks in a company merger?

Answer 14

Mismatched systems, data issues, compliance, supply chain risks.

Question 15

Who should be in a merger security taskforce?

Answer 15

IT, Security, Legal, HR, Compliance, and Business Reps.

Question 16

What affects security over time in a business?

Answer 16

Evolving threats, business changes, and need for fast adaptation.

Question 17

What are examples of competing priorities?

Answer 17

Business speed vs. security needs, user convenience vs. protection.

Question 18

What limits security capacity?

Answer 18

Budget, skills shortage, low attention, and resistance to change.

Question 19

What traits help build a career in security?

Answer 19

Be practical, curious, and centred.