CISSP Practice question #147

Bob has been tasked with adding content-based access control in addition to our existing security controls. What could be something he would implement?
A: Hiding or showing menus in an application.
B: Access to data only between 0800 and 1700 (5PM).
C: Access to data depending on labels and clearance.
D: Access to data dependent on job title.

CBK 5: Identity and Access Management
Source: ThorTeaches.com practice tests

Answer


A: Content-based access control: Access is provided based on the attributes or content of an object, then it is known as a content-dependent access control. Hiding or showing menus in an application, views in databases, and access to confidential information are all content-dependent. In this type of control, the value and attributes of the content that is being accessed determines the control requirements.

show less

Continue Reading

CISSP Practice question #146

In our risk analysis we are looking at the total risk, what would that comprise of?
A: Threat + vulnerability.
B: Threat x vulnerability.
C: Threat * vulnerability * asset value.
D: (threat * vulnerability * asset value) – countermeasures.

CBK 1: Security and Risk Management
Source: ThorTeaches.com practice tests

Answer


C: Total Risk = Threat * Vulnerability * Asset Value.

show less

Continue Reading

CISSP Practice question #142

We are performing a security audit, what would that entail?
A: Testing against a published standard.
B: External auditors comes in.
C: Internal auditors looking for flaws.
D: Internal IT Security employees double checking their work.

CBK 6: Security Assessment and Testing
Source: ThorTeaches.com practice tests

Answer


A: Security audit: A test against a published standard. Purpose is to validate/verify that an organization meets the requirements as stated in the published standard.

show less

Continue Reading

Cybercrime Damage Costs $6 Trillion in 2021, Cybersecurity Market Data

Cybersecurity Ventures predicts cybercrime damages will cost the world $6 trillion annually by 2021

Cybercriminal activity is one of the biggest challenges that humanity will face in the next two decades.

– Steve Morgan, Editor-In-Chief

Menlo Park, Calif. — Oct. 16, 2017

Cybercrime is the greatest threat to every company in the world, and one of the biggest problems with mankind. The impact on society is reflected in the numbers.

Last year, Cybersecurity Ventures predicted that cybercrime will cost the world $6 trillion annually by 2021, up from $3 trillion in 2015. This represents the greatest transfer of economic wealth in history, risks the incentives for innovation and investment, and will be more profitable than the global trade of all major illegal drugs combined.

The cybercrime prediction stands, and over the past year it has been corroborated by hundreds of major media outlets, universities and colleges, senior government officials, associations, industry experts, the largest technology and cybersecurity companies, and cybercrime fighters globally.

The damage cost projections are based on historical cybercrime figures including recent year-over-year growth, a dramatic increase in hostile nation state sponsored and organized crime gang hacking activities, and a cyber attack surface which will be an order of magnitude greater in 2021 than it is today.

Cybercrime costs include damage and destruction of data, stolen money, lost productivity, theft of intellectual property, theft of personal and financial data, embezzlement, fraud, post-attack disruption to the normal course of business, forensic investigation, restoration and deletion of hacked data and systems, and reputational harm.

Source: cybersecurityventures.com/hackerpocalypse-cybercrime-report-2016/

Continue Reading

CISSP Practice question #141

Which intrusion system blocks malicious traffic?
A: IPS.
B: IDS.
C: Heuristic.
D: Pattern.

CBK 7: Security Operations
Source: ThorTeaches.com practice tests

Answer


A: IPS (Intrusion Prevention System): Similar to IDS, but they also take action to malicious traffic, what they do with the traffic is determined by configuration. Events trigger an action, drop/redirect traffic, often combined with the trigger monitoring/administrator warnings, emails or text messages.

show less

Continue Reading

Cybersecurity Workforce Shortage Projected at 1.8 Million by 2022

Cybersecurity Workforce Shortage Projected at 1.8 Million by 2022

The results from the eighth Global Information Security Workforce Study (GISWS) have been released this week. The workforce gap is estimated to be growing, with the projected shortage reaching 1.8 million professionals by 2022. While the gap is not news, the fact that it is growing is of great concern to an already exhausted workforce. The question of how to fill the gap has been answered, and millennials are an integral part of the plan. “For years, we’ve known about the impending shortage of the information security workforce, as evidenced by our study year over year,” said David Shearer, CEO,…

Source: blog.isc2.org/isc2_blog/2017/02/cybersecurity-workforce-gap.html

Continue Reading
1 2 3 30