MODULE 1

5.0(2)
studied byStudied by 49 people
5.0(2)
full-widthCall Kai
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
GameKnowt Play
Card Sorting

1/20

flashcard set

Earn XP

Description and Tags

Adv Info QuaSsurance

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

21 Terms

1
New cards

Cybersecurity

The practice of protecting systems, networks, and programs from digital attacks. These cyberattacks are usually aimed at accessing, changing, or destroying sensitive information; extorting money from users; or interrupting normal business processes.

2
New cards

NIST Cybersecurity Framework (NIST CSF)

A voluntary framework based on

existing standards, guidelines, and

practices for managing cybersecurity

risk. Widely adopted globally for its

flexible and adaptable nature.

3
New cards

ISO/IEC 27001

An international standard that

provides a systematic approach to

managing sensitive company

information so that it remains

secure. It includes a process for

assessing and treating information security risks.

4
New cards

CIS Critical Security

Controls (CIS Controls)

A prioritized set of actions to protect

organizations and data from known

cyberattack vectors. Developed by a

global community of cybersecurity

experts, focusing on actionable steps.

5
New cards

 The National Institute of Standards and Technology (NIST) CSF

offers a flexible, risk-based approach to managing cybersecurity. Its

strength lies in its simplicity and adaptability across various industries and organizational sizes.

6
New cards

NIST 6 framework core functions

  1. Identify

  2. Protect

  3. Detect

  4. Respond

  5. Recover

  6. Govern

7
New cards

ISO/IEC 27001

is the world's leading standard for Information Security Management

Systems (ISMS). It provides a holistic approach, ensuring information is systematically protected through policies, procedures, and controls.

8
New cards

International Organization of Standardization/International Electrotechnical Commission

ISO/IEC stands for

9
New cards

  • Confidentiality

  • Integrity

  • Availability

focus areas of ISO/EIC

10
New cards

Confidentiality

Ensuring information is accessible only to those authorized to

have access.

11
New cards

Integrity

Safeguarding the accuracy and completeness of information and

processing methods.

12
New cards

Availability

Ensuring authorized users have access to information and associated assets when required.

13
New cards

CIS Controls

are a robust set of prioritized, actionable cybersecurity best

practices. They provide a clear roadmap for organizations to improve their

cyber defense, focusing on specific and effective safeguards.

14
New cards

CIS Controls

They serve as a practical, foundational layer for any organization looking to

enhance its security posture, complementing broader frameworks by offering

concrete steps.

15
New cards

CIS Critical Security Controls: Actionable Defense

  1. Inventory & Control of Enterprise Assets

  2. Inventory & Control of Software Assets

  3. Data Protection – Secure sensitive info. (Ex: Encryption)

  4. Secure Configuration of Assets – Harden systems. (Ex: Disable unused ports)

  5. Account Management – Control user accounts. (Ex: Role-based access)

  6. Access Control Management – Enforce least privilege. (Ex: MFA)

  7. Continuous Vulnerability Management

  8. Audit Log Management – Collect & review logs. (Ex: SIEM tools)

  9. Email & Web Browser Protections – Secure gateways. (Ex: Anti-phishing filters)

  10. Malware Defenses – Detect & block malware. (Ex: AV tools)

  11. Data Recovery – Backup & restore data. (Ex: Daily backups)

  12. Network Infrastructure Management – Secure routers, firewalls.

  13. Network Monitoring & Defense – Detect intrusions. (Ex: IDS/IPS)

  14. Security Awareness & Training – Train users. (Ex: Phishing simulations)

  15. Service Provider Management – Vet 3rd-party vendors.

  16. Application Software Security – Secure coding practices.

  17. Incident Response Management – Prepare & test response plan.

  18. Penetration Testing – Simulate attacks to improve defenses.

16
New cards

Republic Act 10175: Cybercrime Prevention Act of 2012

This landmark legislation defines

and penalizes cybercrimes,

including illegal access, data

interference, cyber libel, and cyber

squatting. It also grants law

enforcement agencies specific

powers to investigate and prosecute

cyber offenses.

17
New cards

Republic Act 10173: Data Privacy Act of 2012

A comprehensive law protecting

individual personal information in

information and communications

systems. It sets strict guidelines for

data collection, processing, and

storage, aligning the Philippines

with global data protection

18
New cards

Republic Act 8792: E-Commerce Act of 2000

This act gives legal recognition to electronic

data messages, electronic

documents, and electronic

signatures. It facilitates

e-commerce transactions and

defines specific offenses related to

the misuse of electronic

documents.

19
New cards

SIM Registration Act (RA 11934, 2022)

Mandates registration of all SIM cards to curb text scams and

other mobile-related crimes, improving traceability.

20
New cards

PDCA Model:
Plan – Identify risks, define policies & objectives

Do – Implement controls (access, firewalls, training)

Check – Monitor, audit, review effectiveness

Act – Improve policies & update controls

ISO/IEC 27001 Core Process

21
New cards