Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

xx. Udemy - CISM Domain 1 - Information Security Governance > 24. NIST 800-53 > Flashcards

24. NIST 800-53 Flashcards

1
Q

NIST 800-53

NIST 800-53 Rev. 5

A

Security and Privacy Controls for Infomration Systems and Organisations

  • Detailed security controls for US Federal systems
  • How to guides on ceate, operate and maintain security systems
  • Comprehensive risk based approach to info Sec
  • US government make this framework for their own systems
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

NIST 800-53

Exam Tip

A

Need to know high level publication;
Why, when, where, how, what

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

NIST 800-53

Public sector systems

A

Highly customizable framework

  • Although NIST 800-53 rev 5 is for federal systems, it is customizable
  • It is useful therefore for public sector systems
  • Can select and implement controls, conduct risk assessements etc..
  • pick and chose risk controls based on organisations risk appetite
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

NIST 800-53

Risk based approach

A

Organisation wide
Has a risk based approach to info sec

  • looks at entire lifecycle - System, people, processes
  • Does not focus purely on technical
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

NIST 800-53

Aligns with other NIST frameworks

A
  1. RMF - Risk Management Framework
  2. CSF - Cybersecurity Framework
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

NIST 800-53

Control Families

A

Specific aspect of security and privacy

  • 20 control families in the publication i.e. AC = access control

FAMILY FRAMEWORK

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

NIST 800-53

Control Classes

A
  1. Management
  2. Operational
  3. Technical

  • Management - strategic and tachnical level i.e. risk assessment, security planning, program management, policies
  • Operational - day to day procedures i.e. controls related to personnel security, incident response, contingency planning
  • Technical - Hands on technical focused i.e. access control, audit logs, system integrity

FAMILY FRAMEWORK

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

NIST 800-53

Baseline Controls

A

Minimum Level of Security

  • Suggestions for basline levels based on the impact level
  • i.e. low impact level, implement controls that are suitable for that system
  • Select baseline controls based on risk tolerance, modify them to our needs, add organisation measures
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

NIST 800-53

Privacy Controls

New to Rev. 5

A

Included in revision 5

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

NIST 800-53

Outcome based approach

New to Rev. 5

A

This is the goal you want to achieve
This is how you get there

  • provides flexibility to the organisation needs and risk tolerance
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

NIST 800-53

Supply Chain Management

New to Rev. 5

A

Source of major risk

  • Companies use outsourcing and offshoring more
  • Making the organisation aware of the risk associated with suppliers
  • Monitor supplier security practices
  • Plan for contingency if there is supply chain disruption
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

NIST 800-53

Protection against insider threats

New to Rev. 5

A

Threats from;
1. Employees
2. Contractors
3. Anyone inside who has access to data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

xx. Udemy - CISM Domain 1 - Information Security Governance (34 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions