2026 QUESTIONS WITH ANSWERS
GRADED A+
◍ Strategic planning (1:8).
Answer: deep analysis and understanding of the state of business and the
threats faced by the organization
◍ Value to the organization (1:8).
Answer: develop your objectives based on the organization's vision and
mission, stake holder risk appetite and opportunities
◍ Information Security.
Answer: The practice of protecting information by mitigating information
risks and vulnerabilities.
◍ Driving engagement (1:8).
Answer: execute on the plan by navigating the internal values and culture,
developing a business case to get support and funding, and promoting your
activities
◍ Organizational Transformation (1:8).
Answer: as a leader you must strive to lead, motivate, and inspire your team
members and colleagues to accomplish their goals of the overall strategic
planning process
◍ Security planning - Need (1:11).
Answer: requires an understanding of not only security threats and
capabilities but also a deep understanding of the business environment &
organizational goals.
◍ Verizon Data Breach Investigations Report (1:14).
, Answer: Shows the percentages of breaches per threat action, i.e. Hacking,
malware, social engineering
◍ Understanding the business (1:29).
Answer: 1. Understand where you've been 2.Understand business Strategy
3.Understand macro factors that affect business 4.understand and develop
relationships with key stakeholders
◍ Risk Management Framework (RMF).
Answer: A structured process that integrates security and risk management
activities into the system development life cycle.
◍ Threat Modeling.
Answer: A process used to identify, assess, and prioritize potential threats to
a system.
◍ Business Model (1:41).
Answer: 1. describes how you operate 2. generate revenue and make profit
3. deliver value at a reasonable cost
◍ Vertical Business Model (1:45).
Answer: combines multiple steps in a value chain into one organization e.g.
development -> distro
◍ Horizontal Business model (1:45).
Answer: focus on one area of the value chain e.g. Product development
◍ Vulnerability Assessment.
Answer: The systematic examination of an information system to determine
its security weaknesses.
◍ Incident Response.
Answer: The approach taken to prepare for, detect, contain, and recover
from a security incident.
◍ PFF -Porter's Five Forces (1:47).
Answer: Developed by Micheal E Porter in 1979 who was an authority on
competitive strategy and economic development. Method used to develop
, business strategy by understanding where power lies in a business situation
◍ Defense in Depth.
Answer: A security strategy that employs multiple layers of defense to
protect information and resources.
◍ Access Control.
Answer: The selective restriction of access to a place or resource, often
implemented through authentication and authorization.
◍ PFF - Power of Customers (1:47).
Answer: Impact Customers have on your business. Force Driven by the # of
customers you have, their importance to your business, and cost of
switching them from you to another company
◍ Security Policy.
Answer: A formal set of rules that dictate how an organization manages,
protects, and distributes its information.
◍ Malware.
Answer: Malicious software designed to harm, exploit, or otherwise
compromise a computer system.
◍ Phishing.
Answer: A fraudulent attempt to obtain sensitive information by disguising
as a trustworthy entity in electronic communication.
◍ PFF - Substitute Products (1:48).
Answer: The ability for your customer to find substitute products or an
easier way to do what you do
◍ PFF - Power Of Suppliers (1:48).
Answer: how easy is it for suppliers to influence and drive up your prices.
Uniqueness of their products, their strength/control of you
◍ PFF - Threats of new entrants (1:48).
Answer: how easy is it for people to join the market and can they become a
threat and compete with your company
, ◍ Encryption.
Answer: The process of converting information or data into a code to
prevent unauthorized access.
◍ PFF - Competitive Rivalry (1:48).
Answer: Look at the competition and their capabilities. If no one can do
what you do, e.g. products/services, you will have tremendous strength
◍ Firewall.
Answer: A network security device that monitors and controls incoming and
outgoing network traffic based on predetermined security rules.
◍ Strategic objectives (1:56).
Answer: -Based on understanding the business model, strategy and
competitive forces-Very high level and often vague
◍ Strategy Maps (1:56).
Answer: - Links high-level strategic objectives to specific projects,
initiatives-Shows how to turn strategy into tangible outcomes-highlights
gaps in strategy implementation-helps communicate strategy to entire
organization
◍ Intrusion Detection System (IDS).
Answer: A device or software application that monitors a network or
systems for malicious activity or policy violations.
◍ PEST Analysis (1:65).
Answer: Management tool to identify external forces that impact a particular
market, industry, or country.
◍ Penetration Testing.
Answer: An authorized simulated attack on a computer system to evaluate
its security.
◍ PEST Analysis - Why (1:66).
Answer: Helps you understand macro trends of external environment in
which your company operates, and it provides an understanding of risks