3.1 Use cases and purpose for frameworks, best practices, and secure configuration guides.

Question 1

Industry-standard frameworks and reference architecture

Answer 1

Provide best practice guides to implementing IT and cybersecurity.

Question 2

Regulatory

Answer 2

Frameworks which demonstrate compliance with a country’s legal regulatory compliance requirements or with industry specific regulations

Question 3

Non-regulatory

Answer 3

Frameworks which don’t attempt to address the specific regulations of a specific industry, but represent general “best practices”.

Question 4

Application server

Answer 4

The deployment of servers and applications is covered by benchmarks and secure configuration guides.

Question 5

Defense in depth/layered security

Answer 5

Configuring security controls on hosts (endpoints) as well as providing network (perimeter) security, physical security, and administrative controls

Question 6

Vendor Diversity

Answer 6

Sourcing security controls from a variety of vendors.

Question 7

Control Diversity

Answer 7

• Administrative
• Technical
• Physical

Question 8

Administrative controls

Answer 8

Controls that determine the way people act, including policies, procedures, and guidance.

Question 9

Technical controls

Answer 9

Controls implemented in operating systems, software, and security appliances. ex. access control lists, intrusion detection systems

Question 10

Physical controls

Answer 10

Controls such as alarms, gateways, and locks that deter access to premises and hardware are often classed separately.