IT security

A proactive action taken to enhance or maintain information assets' confidentiality, integrity and availability is called a ____

Security measure, control or Counter measure

The occurrence of an undesirable event that has detrimental impact on information assets is an _____

Incident

CIA

Confidentiality, Integrity, Availability

The ability to ensure that data is not modified or destroyed by unauthorizes parties is known as ____

Integrity

In the context of information security, ensuring that information is accessible and usable upon demand by an authorized entity is called _____

Availability

_____ is defined as ensuring that information is not made available or disclosed to unauthorized individuals, entities, or processes

Confidentiality

The massive leak of patient records in the ______ case is a primary example of a failure in ______

Vastaamo, confidentiality

The ______ attack, which manipulated data to cause physical damage to centrifuges, specifically targeted the ______ of the industrial control systems

Stuxnet, integrity

The process of transforming readable plaintext into unreadable ciphertext to ensure authorized access is called ______

Encryption

A tool used to manage and control who has access to which resources based on their roles and identity is known as _______

IAM (Identity and Access Management)

The security protocol used to provide encrypted communication and secure identification for web pages is called _______

HTTPS

A ______ is a tool used to create a secure tunnel for data transmission, commonly used for secure remote access

VPN (Virtual Private Network)

A mathematical function used to create a digital fingerprint of a file to verify that its content has not been altered is called a ______

Hash function

To guarantee the origin of a message and ensure it hasn't been tampered with, organizations use _______

Digital signatures

In digital forensics, a hardware device called a ________ is used to ensure that the original data on a drive cannot be modified during the acquisition process

Write blocker

________ is a critical tool for maintaining the integrity of logs by ensuring that all system clocks are accurately synchronized

NTP (Network Time Protocol)

To detect unauthorized changes to production files, organizations can implement _________

File integrity checks

To avoid a single point of failure and ensure availability, organizations implement _________

Redundancy

A structured response plan that focuses specifically on restoring IT resources and data after a major incident is called a ________

DRP (Disaster recovery plan)

The proactive process of regularly installing software updates to fix vulnerabilities that could be used to take down systems is called ________

Patching or patch management

_______ are primary corrective control used to restore data to an available state after a ransomware attack or system failure

Backups

AAA-model

Authentication, Authorisation, Accounting

The process of verifying a user's identity (answering "Who are you?") is called _______

Authentication

Defining what an identified user is allowed to do within a system is the process of _______

Authorization

__________ is the process of tracking and recording the actions a user performs while accessing a system

Accounting

A common open protocol used for handling AAA in networks is ______, while a similar protocol developed specifically by Cisco is ________

RADIUS, TACACS+

_______ is an open protocol frequently used to read and edit information in directory services för authentication purposes

LDAP

Risk, threats, vulnerability

:)

A weakness in a system, process, or person that can be exploited by a threat is called a _______

Vulnerability

A potential event or action that could cause harm to an information asset is a _____

Threat

In risk management, the formula for ______ is often expressed as the product of ______ and _______

Risk, Probability, Consequence

A proactive action taken to reduce a vulnerability or mitigate a threat is called a _______ or _______

Control, Countermeasure

When a threat successfully exploits a vulnerability, it results in an _______

Incident

McCumber Cube model

:)

The McCumber Cube identifies three information states _____, _____ and _____

Storage, transmission, processing

According to the McCumber model, the three types of security controls are _____, _________ and _________

Technology, policy & practice, education, training & awareness

Data that is currently being moved across a network is considered to be in the ________ state

Transmission

Zero Trust and MFA

:)

What does MFA stand for?

Multi-factor Authentication

The core principle of a _______ architecture is _______________

 Zero Trust, Never trust, always verify

__________ required at least two factors from the categories of something you _____, something you _____ or something you _____

 Multi-factor authentication (MFA), know, have, are

The principle of __________ ensures that users only have the minimum access rights necessary to perform their jobs.

Least privilege

Digital forensics

:)

Pollitt defined digital forensics as the application of science and engineering to the legal problem of digital ______

evidence

Evidence that is intended to help explain technical data to non-specialists (like a judge or jury) through visual aids or expert interpretation is called ________ evidence

Demonstrative

The process of ensuring that evidence remains unchanged from the moment it was collected is known as preservation of the ________________

Collected state

To verify that data has not been modified or tampered with, forensic investigators use a mathematical function to calculate a _______ value

Hash

A running documentation that meticulously records every action and transfer of ownership for a piece of evidence is called the ______________

Chain of custody

The principle that dictates collecting the most transient data (like RAM och cache) before it disappears is known as the ___________

Order of volatility

A hardware device used during acquisition to prevent any data from being written to the original evidence drive is called a ___________

Write blocker

The Kruse & Heiser model for digital investigations is often referred to as the "three A's", which stand for _______, ________ and _________

Acquiring, authenticating, analyzing

The determination that evidence is acceptable and can be used in a court of law is its __________

Admissibility

In the DFRWS model, the phrase that involves searching for and extracting hidden data is called ________

Examination

The general process of searching for and recovering digital data specifically for legal or evidence purposes is known as ____________

E-discovery

The IDIP model (Integrated Digital Investigation Process) is unique because it introduces the concept of a digital _____________

Crime scene

Creating an exact, bit-by-bit duplicate of a hard drive for analysis is called creating a  ________ sound image

Forensically

According to the Abstract Digital Forensic Model (ADFM), a missing step in earlier models that involves organizing tools and obtaining search warrants is ________

Preparation

Data that is in a constant state of flux and cannot be preserved with consistent results if collected at different times (like network traffic) is called __________ data

dynamic

Threat landscape and actors

:)

The average eCrime __________, which is the time it takes for an adversary to move laterally from an initial foothold to high-value assets, fell to just 29 minutes in 2025

Breakout time

Threat actors who are economically motivated and often utilize Malware as a Service (Maas) are categorized as ________

Cybercriminals

Adversaries who conduct cyber operations to support a state's strategic objectives, such as economic espionage or surveillance, are known as __________ actors

Nation state

An event that compromises the integrity, confidentiality, or availability of an information system is defined as a ________

Cyber incident

_______ are threat actors primarily driven by ideological or political motives, often using low-level DDoS attacks for visibility

Hacktivists

Attack types & tactics

:)

________ remains the dominant intrusion vector, accounting for approximately 60% of all observed cases

Phishing

The type of attack where malicious code is planted in legitimate software updates to infect downstream customers is a ____________

Supply-chain attack

Phishing attacks conducted specifically via QR codes, often embedded in PDF attachments, are known as _______

Quishing

The 2021 attack on _______ was a major example of a supply-chain attack facilitated through the software ________

Coop, Kaseya VSA

________ is a type of malicious code that encrypts files and demands payment for their decryption

Ransomware

AI & emerging threats

:)

The measurement of the gap between a vulnerability disclosure and its confirmed exploitation is called _______

Time to exploit

The ________ refers to the fact that AI can reverse a security patch into a working exploit in minutes, while organizations often take weeks to roll out the same patch.

Patch paradox

AI models have been used to generate highly credible _______ and voice clones to increase the legitimacy of social engineering attacks

Deepfakes

Vulnerabilities and handling

:)

A previously unknown flaw in software or hardware that is exploited before a developer has a change to create a fix is a ________

Zero-day vulnerability

The process of organizing real-world adversary behaviors into a matrix of tactics and techniques is provided by the _________ framework

MITRE ATT&CK

Governance, law and frameworks

håll i er nu det här blir körigt

The Swedish implementation of the EU’s NIS2 directive is called _________, which entered into force on January 15, 2026

Cybersäkerhetslagen (Swedish Cybersecurity Act) eller CSL

Under the Swedish Cybersecurity Act, a significant incident must be reported to the designated authority within __________

24 hours

While ISO/IEC 27001 specifies the ____________ for an Information Security Management System (ISMS), ISO/IEC 27002 provides ________ for the implementation of security measures

Requirements (krav), guidance (vägledning)

In the updated NIST CSF 2.0, the core function that was newly introduced to focus on organizational context and strategy is called __________

Govern

The European Union Agency for Cybersecurity, known as _________, is responsible for publishing the annual Threat Landscape report and has its headquarters in __________, Greece

ENISA, Athens

The EU regulation that focuses specifically on the digital operational resilience of the financial sector is known as ________

DORA (Digital Operational Resilience Act)

In Sweden, the government agency that replaces MSB’s central role in cybersecurity coordination and resilience is called ___________

Myndigheten för civilt försvar (MCF)

A formal analysis used to classify an organisation’s functions as critical or non-critical and determine recovery requirements is called a __________

Business Impact Analysis (BIA)

The Riskbank’s central payment system, which handles both large-value payments and instant credit transfers, is called __________

RIX

According to the Swedish Cybersecurity Act, a final report following a significant incident must be submitted within ___________

One month

The __________ Act introduces mandatory security requirements for digital products and services, emphasizing “security-by-design” throughout their lifecycle

Cyber Resilience

Under the Swedish Cybersecurity Act, individuals in ____________ positions are legally required to undergo training regarding cybersecurity measures

management

The core principle of a _________ architecture, which assumes no user or entity is truster by default even with the network, is “Never trust, always verify”

Zero trust