iSACA Cybersecurity Fundamentals Certification Exam Questions & Answers Solved 100% Correct!!

Confidentiality - Protection from unauthorized access integrity - Protection from unauthorized modification Availability - protection from disruptions in access Cybersecurity - the protection of information assets (digital assets) by addressing threats to information processed, stored, and transported by internetworked information systems NIST Functions to Protect Digital Assets - IPDRR 1) Identify 2) Protect 3) Detect 4) Respond 5) Recover Nonrepudiation - Def: ensuring that a message or other piece of information is genuine Examples: digital signatures and transaction logs Risk - combination of the probability of an event and its consequences, mitigated through controls Threat - Anything that is capable of acting against an asset in a harmful mannerAsset - something of either tangible or intangible value that is worth protecting Vulnerability - A weakness in the design, implementation, operation or internal control of a process that could expose the system to adverse threats from threat events Inherent risk - The risk level or exposure without taking into account the actions that management has taken or might take (e.g., implementing controls) Residual risk - the risk that remains after management implements internal controls or some other response to risk Likelihood - A.K.A probability measure of frequency of which an event may occur, which depends on the threat and vulnerability Approaches to Cybersecurity Risk - Dependent on: 1) Risk tolerance 2) Size & scope of the environment 3) Amount of data available Approaches: 1) Ad hoc 2) Compliance-based 3) Risk-based Threat Agents - The actors causing the threats that might exploit a vulnerability Types:1) Corporations - competitive advantage 2) Cybercriminals - profit 3) Cyberterrorists - critical infrastructures/government 4) Cyberwarriors - politically motivated 5) Employees - revenge 6) Hacktivists - politically motivated 7) Nation states - government/private entities 8) Online social hackers - identity theft, profit 9) Script kiddies - learning to hack