MODULE 8 A software quality confirmation action in

which one or a few individuals check a

Causing a piece of machinery or other program basically by seeing and perusing
mechanism to revert to a safe condition in parts of its source code
the event of a breakdown or malfunction.
- Code Review
- Fail safe
It gives security groups and other partners
It has an element of human intent, with the data they got to analyze and
negligence or error involving a failure of a prioritize dangers for potential remediation
man-made system within the appropriate setting.
-Man-made disasters - Vulnerability Scanners
The act of taking steps to move A system that proactively scans for network
responsibility for a risk to a third party vulnerabilities
through insurance or outsourcing.
- Network Vulnerability Scanner
- Risk transference
The process of accumulating data regarding
It is the degree to which of something, a specific network environment, usually for
particularly a bit of substance or data, can the purpose of finding ways to intrude into
be found in a search of a record, database, the environment.
or other data system.
- Foot Printing
- Discoverabiltiy
It can be considered a plan that
These was the rating may be high, medium, incorporates a structure and addresses the
or low based on its inherent capacity to association between the components of that
cause both direct and indirect damage to structure
systems or networks.
- Security Architecture
- damage potential
They learn and perform hacking in a
The handle of making a duplicate, professional manner, based on the direction
representation, or near impersonation of the client, and later, present a maturity
scorecard highlighting their overall risk and
- Reproductivity
vulnerabilities and suggestions to improve.
These are a critical component of the
- Ethical Hacking
vulnerability management and IT risk
management lifecycles, helping protect It keeps an eye on your web activity
systems and data from unauthorized access counting websites you visit and anything
and data breaches. you download or transfer in genuine time,
making them possibly very obtrusive
- Vulnerability Assessment
-
It is also known as Clear Box testing, Open
Box testing, Structural testing, Transparent They are usually skilled computer
Box testing, Code-Based testing, and Glass programmers with knowledge of computer
Box testing. security.
- White Box Testing - Hacker
It is detailed examination of the elements or - Security architecture
structure of something.
It is valuable as a surveillance and early-
- Analysis warning tool
It is a weakness or some area where you - Honeypot
are exposed or at risk.
It is just a collection of honeypots used to
- Vulnerability present an attacker with an even more
realistic attack environment.
It is generally defined as the probability that
an event will occur. - Honey net
- Risk It is also known as Clear Box testing, Open
Box testing, Structural testing, Transparent
These is how many users will be affected
Box testing, Code-Based testing, and Glass
- Affected users Box testing.

These are used for IT rooms or other - White box Testing

sensitive areas.
It is a complete, ordered listing of all the
- Fail secure items in a collection.

It consists of taking steps to reduce the - Enumeration

likelihood or impact of a risk.
It alludes to the method of distinguishing
- Risk acceptance dangers and vulnerabilities in computer
networks, systems, equipment, applications,
A statement of an intention to inflict pain, and other parts of the IT biological system.
injury, damage, or other hostile action on
someone in retribution for something done - Vulnerability Assessment
or not done.
It is usually performed by developers.
- Threat
- White Box Testing
It is how much harm can be delivered on
These are a critical component of the
our system
vulnerability management and IT risk
- Damage potential management lifecycles, helping protect
systems and data from unauthorized access
It also indicates when and where to apply and data breaches.
security controls.
- Vulnerability Assessment
- Security architecture

This type of testing is based entirely on

software requirements and specifications.
- Black Box Testing
It also specifies when and where to apply
security controls.
 Module 9 & 10 It incorporates arranging what to do to avoid
an information breach or attack from
An organization must be able to detect happening within the first place
cyber incidents and have tools and
technologies in place to collect, document, - Preparation
and analyze data relevant to the incident.
Its own brand of forensics using
- Detection and analysis investigative processes to collect, analyze
and present digital evidence for legal
Stealing or using another person's
proceedings.
Copyrighted material without permission.
- Computer Forensics
- Copyright Violation
It is the methodology an organization uses
It utilizes a combination of appliances,
to respond to and manage a cyberattack
software systems, and human-driven
investigation and analysis. - Incident Responses
- Security Incident Management Disable access to user accounts used in the
attack and search for backdoor software is
The computer is vulnerable to cyberattacks,
part of "Guidelines for Recovering from a
cybercriminals can counterfeit and fabricate
Security Incident".
evidence stored on the computer in
question - True

- Capture System Image Business impact of the incident is part of

"Guidelines for Recovering from a Security
Participating in the illegal act of buying or Incident"
selling other humans.
- True
- Human Trafficking
It is the process for determining the nature
It is a set of instructions to help IT staff and extent of the loss, suffering, and/or
detect, respond to, and recover from harm to the community resulting from a
network security incidents. natural, accidental or human-caused
- Incident Response Plan disaster.

An investigation process is expensive, the - Damage Assessment

total man-hours and expenses associated It is additionally known as an accident
with that investigation must be tracked and report.
reviewed
- Damage Assessment
- Track Man-Hours and Expenses
Disconnect servers is part of "Guidelines for
It includes all the executive authorities who Recovering from a Security Incident".
are privy to information about the evidence.
- False
- Chain of custody
These are unexpected occurrences that This could be, for example, checking the
resulted in serious physical or psychological databases and logs, making sure the
injury or death applications or services are running and are
available.
- Sentinel Events
- WRT
It is the process of notifying a user or
administrator of an abnormal event, process The plan ensures that personnel and assets
or action identified on a computing device, are protected and are able to function
system or environment. quickly in the event of a disaster

- Incident Reporting - BCP

It requires a diagnosis of the problem, and It can therefore be considered a subset of

then finding and implementing a solution. business continuity

- Incident Recovery - Disaster Recovery

In IT, an event is anything that has It’s more comprehensive than a disaster
significance for system hardware or recovery plan and contains
software and an incident is an event that contingencies for business processes,
disrupts normal operations. assets, human resources and business
partners – every aspect of the business
- Security Incident
that might be affected
Identify back-up locations and network is
- BCP
part of Goals of Business Continuity Plan
- False It determines the maximum tolerable
amount of time needed to bring all critical
In most cases this part is carried out by systems back online
system administrator, network
administrator, storage administrator etc. - RTO
Offsite storage has some disadvantages
- RTO
that the data will be preserved in the event
It is a document that outlines how a of failure taking place within the business
business will continue operating during an
- False
unplanned disruption in service
It shortens restore time compared to a full
- BCP
back up or an incremental backup.
A business stakeholder wants to know,
- Differential Backup
“What are we doing to prevent ransomware
situations like the one I just read about in All selected files that have changed since the
the news?” last full or differential backup are backed up.
- Outline existing preventative measures - Incremental Backup
This is another reason for your BCP It is designed with control, phone, network
etc.
- Outline existing preventative measures
- Alternate Site
It is another backup site, isn't as prepared as
a Hot Site.

- Warm site

It allows a company to continue normal

business operations, within a very short
period after a disaster.

- Hot site

It is another backup site, is not as equipped

as a Hot Site.

- Warm site

A group of individuals responsible for

maintaining the business recovery
procedures and coordinating the recovery of
business functions and processes.

- Recovery Team

It may be an office to be occupied within the

event that access to the primary location is
anticipated.

- Alternate site

It permits a company to proceed ordinary

business operations, within a very brief
period after a disaster.

- Hot site