Information Security
Q1. Briefly explain the relationship between risk, threats, and vulnerabilities in the context of securing digital assets from attack
Q2. Describe three reasons why we are so significantly behind in catching up with the cyber threats in information technology.
Q3. Name three motivations driving cyber security defense efforts in today’s highly inter-connected world.
Q4. What is the difference between targeted, adversarial, infrastructure and capability attacks?
Q5. What are the three tenants of information security and how do they help our security position
Q6. How does BYOD popularity in computing domains affect information security strategies?
q.7 What Black Hat attack mechanism makes the attacks very hard to detect and trace back?
Q8. Where is the dark web? And what makes it so attractive to the nefarious?
Q9. What is the number one vulnerability to the IT domain? What aspects make this so hard to get it front of?
Q10. Name 3 ways the cyber security community is trying to gain ground against the bad guys?
Q11. Name 5 information security defensive strategies.
multi-layered approach (divide & conquer)
align with IT domains
race to be proactive
be ready to be reactive (DRP)
Planning & Discipline
Q12. What makes the stealth or passive attacks so dangerous?
Q13. What is the “Kill Chain” and how does it help the fight against malicious software?
Q14. What three general criteria define the logical access policy of an organization and how are they related to the formal access models (big3)
Q15. Name the dangers of not establishing system life cycle policies within your organization.
Q16. As stewards of the code of ethics, security administration is in charge of what aspects of security management and specifically reducing risk throughout the organization?
Q17. Discuss the dangers in implementing de-centralized access control?
Q18. What benefits do security framework brings to the implementation of security throughout the organization
Q19. Describe the risks of poor data classification and what should be done about it
Q20. Discuss the aim and downside of security intelligence and telemetry and how we might alleviate