2.2: Week 2 of Play It Safe: Manage Security Risks

What information is typically communicated to stakeholders after completion of an internal security audit? Select three answers.

A summary of the scope A list of existing risks Results and recommendations

How do organizations use security frameworks to develop an effective security posture?

As a guide to reduce risk and protect data and privacy

A security analyst discovers that certain data is inaccessible to authorized users, which is preventing these employees from doing their jobs efficiently. The analyst works to fix the application involved in order to allow for timely and reliable access. Which element of the CIA triad does this scenario describe?

Availability

You work as a security analyst at a bank and need to ensure that customers can access their account information. Which core principle of the CIA triad are you using to confirm their data is accessible to them?

Availability

What is availability?

Availability specifies that data is accessible to authorized users.

What is confidentiality?

Confidentiality specifies that only authorized users can access specific information.

What does a security analyst's work involve during the CSF recover function?

During the recover function, a security analyst's work involves returning affected systems back to normal operation.

What is the CIA triad?

Foundational security model used to set up security policies and systems.

What are some of the primary objectives of an internal security audit? Select all that apply.

Help security teams identify organizational risk Avoid fines due to a lack of compliance Determine what needs to be improved in order to achieve the desired security posture

What is integrity?

Integrity specifies that data is verifiably correct, authentic, and reliable.

A security team considers how to avoid unnecessarily complicated solutions when implementing security controls. Which OWASP principle does this scenario describe?

Keep security simple

Which of the following characteristics are examples of biometrics? Select all that apply.

Palm scan Eye scan Fingerprint

A security analyst performs an internal security audit. They determine that the organization needs to install surveillance cameras at various store locations. What are they working to establish?

Physical controls

What is the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF)?

The NIST CSF is a voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity risk. The confidentiality, integrity, and availability (CIA) triad represents the three foundational pillars of security.

Fill in the blank: A security professional uses _____ to verify that an employee has permission to access a resource.

authorization

Fill in the blank: The planning elements of an internal security audit include establishing scope and _____, then conducting a risk assessment.

goals

The five core functions that make up the CSF are:

identify, protect, detect, respond, and recover.

The CSF identify function relates to...

monitoring systems and devices in an organization's internal network to help security teams manage potential cybersecurity risks and their effects.