Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

xx. Udemy - CISM Domain 1 - Information Security Governance > 25. NIST 800-37 Rev 1 & 2 > Flashcards

25. NIST 800-37 Rev 1 & 2 Flashcards

1
Q

NIST 800-37 Rev 1 & 2

Tier 1:
Organisation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

NIST 800-37 Rev 1 & 2

Tier 2:
Mission / Business Processes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

NIST 800-37 Rev 1 & 2

Tier 3:
Information Systems

A

  • NIST 800-53 is found at Tier 3
  • 6 step process for risk management lifecycle

3 TIER RISK MGMT APPROACH

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

NIST 800-37 Rev 1 & 2

7 major objectives updated in Rev 2.

A
  1. Provide closer linkage between risk management process and activities of C-suite
  2. Institutionalise critical risk management all risk management levels
  3. Demonstrate how NIST CSF can be aligned with RMF
  4. Integrate privacy risk management processes
  5. Promote/Develop trustworthy secure software and systems
  6. Integrate security-related supply chain risk management (SCRM)
  7. Organisation generated control selection approach to traditional baseline control selection
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

NIST 800-37 Rev 1 & 2

To provide closer linkage and communication between the risk management processes and activities at the C-suite

7 major objectives updated in Rev 2

A
  1. Senior Management Supports Initiative
  2. 2 way communication
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

NIST 800-37 Rev 1 & 2

To institutionalize critical risk management preparatory activities at all risk management levels.

7 major objectives updated in Rev 2

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

NIST 800-37 Rev 1 & 2

To demonstrate how the NIST Cybersecurity Framework [NIST CSF] can be aligned with the RMF and implemented using established NIST risk management processes

7 major objectives updated in Rev 2

A

Provides Defense in Depth

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

NIST 800-37 Rev 1 & 2

To integrate privacy risk management processes into the RMF to better support the privacy protection needs for which privacy programs are responsible

7 major objectives updated in Rev 2

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

NIST 800-37 Rev 1 & 2

To promote the development of trustworthy secure software and systems

7 major objectives updated in Rev 2

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

NIST 800-37 Rev 1 & 2

To integrate security-related, supply chain risk management (SCRM) concepts into the RMF

7 major objectives updated in Rev 2

A

Supply Chain Management is critical

  • plans in place for mitigation i.e. when Datacenter breaks
  • How to get back to normal operations
  • Ensure redundancy for the things we need
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

NIST 800-37 Rev 1 & 2

To allow for an organization-generated control selection approach to complement the traditional baseline control selection approach and support the use of the consolidated control catalog in NIST Special Publication 800-53, Revision 5

7 major objectives updated in Rev 2

A

Make risk management processes more efficient, more effective, more cost effective

  • Implement security in design
  • Privacy requirements are in initial design i.e. SDLC
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

NIST 800-37 Rev 1 & 2

Cyber Security Framework

A

Ties all connecting frameworks / applications together

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

xx. Udemy - CISM Domain 1 - Information Security Governance (34 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions