3.1 Use cases and purpose for frameworks, best practices, and secure configuration guides. Flashcards

1
Q

Industry-standard frameworks and reference architecture

A

Provide best practice guides to implementing IT and cybersecurity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Regulatory

A

Frameworks which demonstrate compliance with a country’s legal regulatory compliance requirements or with industry specific regulations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Non-regulatory

A

Frameworks which don’t attempt to address the specific regulations of a specific industry, but represent general “best practices”.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Application server

A

The deployment of servers and applications is covered by benchmarks and secure configuration guides.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Defense in depth/layered security

A

Configuring security controls on hosts (endpoints) as well as providing network (perimeter) security, physical security, and administrative controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Vendor Diversity

A

Sourcing security controls from a variety of vendors.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Control Diversity

A
  • Administrative
  • Technical
  • Physical
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Administrative controls

A

Controls that determine the way people act, including policies, procedures, and guidance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Technical controls

A

Controls implemented in operating systems, software, and security appliances. ex. access control lists, intrusion detection systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Physical controls

A

Controls such as alarms, gateways, and locks that deter access to premises and hardware are often classed separately.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly