1A: Compare and Contrast Information Security Roles Flashcards
Any external responsibility for an organization’s security lies mainly with which individuals?
Senior Executives
Which security related phrase relates to the integrity of data?
Modification
An engineer looks to implement security measures by following the five functions in the National Institute of Standards and Technology (NIST) Cybersecurity Framework. When documenting the “detect” function, what does the engineer focus on?
Ongoing proactive monitoring
The National Institute of Standards and Technology (NIST) provides a framework that classifies security-related functions. Which description aligns with the “respond” function?
Identify, analyze, and eradicate threats
What is the CIA Triad?
Confidentiality, Integrity, Availability
What is condifentiality?
certain information should only be known to certain people.
What is Integrity?
data is stored and transferred as intended and that modification is only done by authorized sources.
What is availability?
information is accessible to those authorized to view or modify it.
What is non-repudiation?
The security goal of ensuring that the party that sent a transmission or created data remains associated with that data and cannot deny sending or creating that data.
a subject cannot deny doing something, such as creating, modifying, or sending a resource.
Ex. Something is witnessed, witness can provide evidence
What are the 5 Functions of security developed by NIST?
Identify
Protect
Detect
Respond
Recover
The National Institute of Standards and Technology (NIST) provides a framework that classifies security-related functions. Which description aligns with the “identify” function?
develop security policies and capabilities. Evaluate risks, threats, and vulnerabilities and recommend security controls to mitigate them.
The National Institute of Standards and Technology (NIST) provides a framework that classifies security-related functions. Which description aligns with the “protect” function?
procure/develop, install, operate, and decommission IT hardware and software assets with security as an embedded requirement of every stage of this operations life cycle.
The National Institute of Standards and Technology (NIST) provides a framework that classifies security-related functions. Which description aligns with the “recover” function?
implement cybersecurity resilience to restore systems and data if other controls are unable to prevent attacks.
What are some of the basic responsibilities of someone in IT?
-Participate in risk assessments and testing of security systems and make recommendations.
-Specify, source, install, and configure secure devices and software.
-Set up and maintain document access control and user privilege profiles.
-Monitor audit logs, review user privileges, and document access controls.
-Manage security-related incident response and reporting.
-Create and test business continuity and disaster recovery plans and procedures.
-Participate in security training and education programs.
Who is in charge of overall internal responsibility for Security?
Director of Security, Chief Security Officer (CSO), Chief Information Security Officer (CISO)
How might the goals of basic network management not align with the goals of security?
Management focuses on availability over confidentiality
What are IT managers typically in charge of?
Managers may have responsibility for a domain, such as building control, ICT, or accounting.
What is the responsibility of Technical and specialist staff?
implementing, maintaining, and monitoring the policy
Who has external responsibility for security (due care/laibility)
Directors and owners
What responsibility does non-technical staff have?
complying with policy and with any relevant legislation.
What is an SOC
Security Operations Center?
location where security professionals monitor and protect critical information assets across other business functions, such as finance, operations, sales/marketing, etc
What is DevOps?
A combination of software development and systems operations, and refers to the practice of integrating one discipline with the other.
What is DecSevOps?
A combination of Development + Operations + Security?
What does CIRT stand for?
cyber incident response team
What does CSIRT stand for?
Computer security incident response team
What are the properties of a secure information processing system?
Confidentiality, Integrity, and Availability (and Non-repudiation).
What term is used to describe the property of a secure network where a sender cannot deny having sent a message?
Non-repudiation
A multinational company manages a large amount of valuable intellectual property (IP) data, plus personal data for its customers and account holders. What type of business unit can be used to manage such important and complex security requirements?
A security operations center (SOC).
A business is expanding rapidly and the owner is worried about tensions between its established IT and programming divisions. What type of security business unit or function could help to resolve these issues?
Development and operations (DevOps) is a cultural shift within an organization to encourage much more collaboration between developers and system administrators. DevSecOps embeds the security function within these teams as well.
A business is expanding rapidly and the owner is worried about tensions between its established IT and programming divisions. What type of security business unit or function could help to resolve these issues?
Development and operations (DevOps) is a cultural shift within an organization to encourage much more collaboration between developers and system administrators. DevSecOps embeds the security function within these teams as well.
What is confidentiality?
The fundamental security goal of keeping information and communications private and protecting them from unauthorized access.
What us a CISO (Chief Information Security Officer)?
Typically the job title of the person with overall responsibility for information assurance and systems security. Sometimes referred to as Chief Information Officer (CIO).
What is a CSIRT (Computer Security Incident Response Team)?
Team with responsibility for incident response. The CSIRT must have expertise across a number of business domains (IT, HR, legal, and marketing for instance).
What is an ISSO (Information Systems Security Officer)
Organizational role with technical responsibilities for implementation of security policies, frameworks, and controls.
