Compare and Contrast Information Security Roles Topic 1A and 1B

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

what is a Security operations center?

+ is a location where security professionals monitor and protect critical information assets across another business function. + Difficult to establish, maintain and finance. Usually for larger companies

Security Control Function Types - Preventative

- Acts to eliminate or reduce that an attack can succeed. - Preventative operates before an attack can take place Ex. Access Control List configured on fire walls Ex. Standard Operating Procedure (SOP) act as administrative versions of preventative controls

what is DevSecOps

-the principle that security is a primary consideration at every stage of software development and deployment. -Security considerations need to be made during requirement and planning phases, not grafted at the end

what is Development and Operations (DevOps)

A set of practices, tools, and a cultural philosophy that automates and integrates developers and system administrators. + IT personnel and developers can build, set and release software faster and more reliably

what is a cyber security framework?

A tool to organize & improve your cyber security program. Helps organizations build & improve their cyber security posture.

what is an incident response team?

Acts as a single point-of-contact for the notifications of security incidents. + can be handled by the SOC or established Independent business Cyber Incident Response Team (CIRT), Computer Security Incident response team (CSIRT), Computer emergency Response Team (CERT.

Security Control Function Types - Corrective

Acts to eliminate or reduce the impact of an intrusion event. - Used after an attack Ex. Backup system can restore data that was damaged during an intrusion Ex. Patch management systems

What is defense in depth?

An attacker must get past multiple security controls to fully compromise a network.

Non-repudiation

Assurance someone cannot deny the validity of so something.

the ___ requires federal agencies to develop security policies for computer systems that process confidential information

Computer Security Act

Security Control Function Types - Deterrent

Control may not physically or logically prevent access, but psychologically discourages an attacker from attempting an intrusion. Ex. Signs, warnings of legal penalties against trespass or intrusion

Security Control Function Types - Physical

Controls such as alarms, gateways, locks, lighting, security cameras and guards that terror and detect access to premises and hardware are often classed separately.

What are security control?

Designed Items to give a system or data asset the properties of confidentiality, integrity, availability and non-reputation.

What are the parts of the NIST Cybersecurity Framework?

Identify Protect Detect Respond Recover

Cybersecurity Framework - Protect

Implement appropriate safeguards to ensure protection of the enterprises assets.

Security Controls - Technical Controls

Implemented as systems. Firewalls, anti-virus software, and logical controls, etc.

What is a security policy?

Is a formalized statement that defines how security will be implemented within an organization

what is a Cybersecurity Framework (CSF)?

Is a list of activities and objectives undertaken to mitigate risks. Focuses solely on IT Security

Cybersecurity Framework - Respond

Is to identify, analyze, contain, and eradicate threats to systems and data security.

Security Control Function Types - Detective

May not prevent or deter access, but it will identify and record any attempted or successful intrusion. - Operates during the progress of an attack Ex. Logs provide detective Control

Confidentiality

Means that certain information should only be known to certain people.

Availability

Means that informations is accessible to those authorized to view or modify it.

Integrity

Means the data is stored and transferred as intended and that any modification is authorized.

What is NIST and what is it responsible for?

National Institute for Standards and Technology, responsible for issuing the Federal Information Processing Standards (FIPS).

What is NIST Risk Management Framework (RMF)?

Pre dates the CSF, focuses on practical cybersecurity for businesses. RMF is more prescriptive and principle intended for use by federal agencies.

What are the security control function types?

Preventive, Detective, Corrective, Physical, Deterrent and Compensating

What is Information Security?

Refers to the protection of data resources from unauthorized access, attack, theft and damage.

Security Control Function Types - Compensating

Serves as a substitute for principal control as recommended by a security standard and afford the same level of protection but used a different methodology or technology.

What are the categories of security control?

Technical, Operational, and managerial

What describes a security policy?

The means the organization will take to protect the confidentiality, availably and integrity of sensitive data and resources.

Cybersecurity Framework - Recover

To implements cybersecurity resilience to restore systems and data if other controls are unable to prevent attacks.

Cybersecurity Framework - Detect

To preform ongoing, proactive monitoring to ensure that controls are effective and capable of protecting against new types of threats.

Cybersecurity Framework - Identify

What process and assess need protection. Is used to evaluate risks, threats, and vulnerabilities and reccomend security control to mitigate them

Security Controls - Operational Control

is implements primary by people rather than systems. Security guards, training programs, policies, etc. "Controls People"

What is cyber security?

the process of protecting network, devices and data from unauthorized access and practice of ensuring confidentiality, integrity, availability of information.


Set pelajaran terkait

Management of Care Practice Questions

View Set

Chapter 3 American govt Review question

View Set

Microbiology BIOL 2420 : Chapter 13, 14, 15

View Set