Skip to main content

Skillber v1.0 is here!

Learn more
On this page

    Flashcards

    Checking access...

    Q1: What are the three elements of the CIA triad?

    Tip

    A: Confidentiality (data accessible only to authorised parties), Integrity (data is accurate and unmodified), Availability (systems and data are accessible when needed).

    Q2: What is the risk formula?

    Tip

    A: Risk = Threat × Vulnerability × Impact. A high risk requires all three elements: a threat that can exploit a vulnerability, resulting in significant business impact.

    Q3: What is the difference between symmetric and asymmetric encryption?

    Tip

    A: Symmetric encryption uses one key for both encryption and decryption (AES) — fast, good for bulk data. Asymmetric encryption uses a public/private key pair (RSA, ECC) — slower, good for key exchange and digital signatures.

    Q4: What are the five functions of the NIST Cybersecurity Framework?

    Tip

    A: Identify (understand risk), Protect (safeguard assets), Detect (find attacks), Respond (contain and mitigate), Recover (restore operations).

    Q5: What is the difference between a policy, standard, and procedure?

    Tip

    A: A policy is a high-level requirement (“what” — must have MFA). A standard is a specific requirement (“how much” — MFA must use FIDO2). A procedure is a step-by-step instruction (“how” — follow this guide to configure FIDO2 in Azure AD).

    Q6: What was the total cost of the Equifax 2017 data breach?

    Tip

    A: Over $1.4 billion in direct costs (fines, lawsuits, remediation). Root cause: known vulnerability (CVE-2017-5638, Apache Struts RCE) that was not patched despite a patch being available for 2+ months.

    Q7: What is the most effective phishing simulation strategy?

    Tip

    A: Regular (monthly), varied simulations targeting high-risk behaviours. Combine with instant feedback training (1-2 minute lesson immediately after clicking). Track: click rate (target < 5%), report rate (target > 50% of simulated phishing emails reported).

    Q8: What is the Parkerian Hexad?

    Tip

    A: An extension of the CIA triad adding: Possession/Control (data ownership), Authenticity (data is genuine), Utility (data is useful). Provides a more complete model for information security analysis.

    Q9: What is quantitative vs qualitative risk assessment?

    Tip

    A: Quantitative uses numerical values (ALE = SLE × ARO, e.g., “this risk costs $500K/year”). Qualitative uses descriptive scales (High/Medium/Low). Quantitative is more precise but harder; qualitative is faster but more subjective. Use both.

    Q10: What is the single most important control for reducing breach risk?

    Tip

    A: Multi-Factor Authentication (MFA). MFA blocks 99.9% of automated credential attacks, and compromised credentials are involved in over 50% of breaches. It is the highest-ROI security control.