3.1 Use cases and purpose for frameworks, best practices, and secure configuration guides. Flashcards
Industry-standard frameworks and reference architecture
Provide best practice guides to implementing IT and cybersecurity.
Regulatory
Frameworks which demonstrate compliance with a country’s legal regulatory compliance requirements or with industry specific regulations
Non-regulatory
Frameworks which don’t attempt to address the specific regulations of a specific industry, but represent general “best practices”.
Application server
The deployment of servers and applications is covered by benchmarks and secure configuration guides.
Defense in depth/layered security
Configuring security controls on hosts (endpoints) as well as providing network (perimeter) security, physical security, and administrative controls
Vendor Diversity
Sourcing security controls from a variety of vendors.
Control Diversity
- Administrative
- Technical
- Physical
Administrative controls
Controls that determine the way people act, including policies, procedures, and guidance.
Technical controls
Controls implemented in operating systems, software, and security appliances. ex. access control lists, intrusion detection systems
Physical controls
Controls such as alarms, gateways, and locks that deter access to premises and hardware are often classed separately.