learning outcome 1.7-2.5

What is pertinent data?

Directly relevant information for a specific context.

How can pertinent data be preserved?

Through documentation, securing, and using forensic tools.

What types of evidence exist in digital forensics?

Digital, physical, and testimonial evidence.

What steps are involved in incident response?

Preparation, detection, analysis, containment, eradication, recovery, and review.

What should be documented during incident response?

Detection details, response actions, recovery measures, and lessons learned.

What is the purpose of a cybersecurity risk assessment?

To identify assets, threats, vulnerabilities, and evaluate risks.

What are the components of IT risk assessment?

Assets, threats, vulnerabilities, impact, and likelihood.

What is the formula for calculating risk?

Risk = Likelihood of Threat × Impact of Threat.

Why are regular IT security assessments important?

They identify new threats and ensure compliance.

What are the steps in risk identification?

Identify assets, threats, vulnerabilities, assess impact, and document findings.

What is the asset-threat-vulnerability identification cycle?

A continuous process of recognizing assets, threats, and vulnerabilities.

What are signs of vulnerability to cybersecurity attacks?

Unpatched software, lack of training, inadequate controls, and suspicious activity.

What are the benefits of risk analysis?

Clarifies risks, prioritizes them, and supports informed decision-making.

What types of risk exist?

Operational, financial, technical, legal, and reputational risks.

What does a risk management plan include?

Identification, assessment, mitigation, monitoring, and communication.

What do firewalls do?

They protect networks by controlling traffic flow.

How does antivirus software function?

It identifies and eliminates harmful software.

What is the purpose of PKI services?

They enable secure communication through encryption.

What distinguishes MDR services from traditional security measures?

MDR provides ongoing monitoring and threat response.

What is penetration testing?

It assesses security by simulating cyber attacks.

Why is staff training important in cybersecurity?

It helps employees understand security best practices.

What is a key step in troubleshooting cybersecurity risks?

Regularly updating systems to close vulnerabilities.

What does multifactor authentication enhance?

It improves security by requiring multiple verification methods.

What challenge does managing security complexity present?

It can lead to increased risk of oversight and errors.

What does the CIA model stand for?

Confidentiality, Integrity, Availability.

What does confidentiality ensure?

Sensitive information is only accessible to authorized users.

How does integrity protect information?

It prevents unauthorized alterations or tampering.

What is a common type of cybersecurity threat?

Malware includes viruses and ransomware.

What systems can be affected by security breaches?

Network infrastructure and end-user devices are vulnerable.

What is a critical step in incident response?

Documenting actions taken during the detection phase.

What is the NIST Cybersecurity Framework?

A guideline for managing cybersecurity risks.

What components are included in an IT risk assessment?

Assets, threats, vulnerabilities, and their interactions.

Why are regular IT security assessments necessary?

They help identify and mitigate emerging risks.

What is the Asset – Threat – Vulnerability Identification Cycle?

A process for identifying and managing cybersecurity risks.

What are the benefits of conducting a risk analysis?

It informs decision-making and prioritizes security efforts.

What should a risk management plan include?

Risk assessment, mitigation strategies, and monitoring plans.