3.1 Explain use cases and purpose for frameworks, best practices and secure configuration guides Flashcards
regulatory
Government controlled
inter-national
Not American
Industry-specific Frameworks
These are aspects that pertain to specific fields, ie, HIPAA to medical records; SOX to accounting, etc
Platform/Vendor-specific Guides
Specific to the HW / SW you have in your enterprise
Network Infrastructure Devices
A Router, a Switch, hopefully not a Hub, any device on your network that allows your device to communicate with other devices, on you local network or the Internet as a whole.
Sarbanes-Oxley
Accounting laws - CEO and CFO in an organization are accountable if someone under them is caught breaking a finance law. called SOX on the test.
Defense in depth
the use of multiple types of access controls in literal or theoretical concentric circles or layers.
Layer Security
Defense in Depth.
Vendor Diversity
Do not use the same vendor for all devices on your network.
User Training
conducted during on-boarding, and your policy should give guidance on the frequency of additional training.
In order to avoid creating a monolithic security structure, organizations should adopt a wide range of security mechanisms. What is this concept is known as?
A. Defense in depth
B. Control Diversity
C. Intranet buffering
D. Layered Security
B. Control Diversity
Of the following, which BEST defines a regulatory security framework?
A. A security guidance established by a government regulation or law.
B. A security guidance crafted by a nongovernment entity.
C. A security guidance crafted to be applicable to one specific industry.
D. A security guidance designed for use within a particular country.
A. A security guidance established by a government regulation or law.
