11 - Enterprise Flashcards

1
Q

Enterprise Security Management

A

Process of controlling config, deployment and monitoring of security policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Security Governance

A

Ensure compliance with its policies, processes, standards and guidelines

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Goal/Focus of Security Governance

A

Goal: Meet business requirements
Focus: Ensure all are following rules

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Security Management vs Security Governance

A

Sec man is about decisions to mitigate risks but governance determines who can make decisions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Before ESM deployment can begin:
(3 things)

A
  • Identify critical resources
  • Perform risk assessment
  • Develop security policy
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Policy

A

A doc that states how the org is to perform and conduct business functions and transactions with a desired outcome

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Security Policy should cover …

A

every threat to the system, people and information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Security policy guides..

A

the day-to-day security operations, processes and procedures in orgs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Security policy discusses the types of control but not…

A

how to build a control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Examples of security policy topics

A
  • Network access
  • Password
  • Policy enforcement
  • Support
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

policy vs standards

A

Policy implement controls on a system to make it compliant
Standards influence the creation of policies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Procedures

A

The how to of a task
including responding to an incident

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Developing a security policy
(7 steps)

DOADDDE

A
  • Define problem
  • Obtain stakeholder support
  • analyse problem
  • define policy content
  • define evaluation criteria, monitoring, review and update procedures
  • develop implementation plan
  • evaluate policy impact
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

3 business drivers for security policies

A
  • Cost
  • Customer satisfaction
  • Compliance
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Why do we need a security policy?

A

To ensure the consistent protection of info flowing through the entire system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Dangers of not having security policies

A
  • Lack of regulatory compliance
  • Higher cost
  • Customer dissatisfaction
17
Q

Should you write a policy to manage tech that is not yet in your org?

A

No need

18
Q

You have a process that all your employees know, it is undocumented.

The key employee is leaving next month, what myust you do?

A

Document the process

19
Q

Enforcing and winning acceptance of policies is challenging because:

A
  • All levels of org must support
  • Employees must be motivated
  • Employees must understand the policies
20
Q

CISO

A

Chief Information Security Officer

21
Q

CISO is responsible for

A

org’s entire security
coordinating security/compliance
communication/contact
3rd party compliance
audits