5.2 Importance of regulations, standards, frameworks that impact security posture Flashcards

1
Q

Security regulation & standards: what is GDPR?

A

Data protection & privacy for individual in EU.

Data: name, address, photo, email address, bank details, posts on social media networking websites, medical info, computer’s IP etc

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Security regulation & standards: what is PCI DSS?

A

Payment Card Industry Data Security Standard is a standard for protecting credit cards

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Security regulation & standards: what are the controls of PCI DSS?

A

6 control objectives:
- Build and maintain a secure network & systems
- Protect cardholder data
- Maintain a vulnerability management program
- Implement strong access control measures
- Regularly monitor and test networks
- Maintain an information security policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Security frameworks: what is the CIS CSC?

A

Center for Internet Security Critical Security Controls for Effective Cyber Defense

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Security frameworks: what is the NIST RMF?

A

NIST Risk Management Framework helps to handle data. It’s a 6 step process:
- Categorize - define the env
- Select - pick appropriate controls
- Implement - Define proper implementation
- Assess - determine if controls are working
- Authorize - make a decision to authorize a system
- Monitor - check for ongoing compliance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Security frameworks: what is the NIST CFS?

A

NIST Cybersecurity Framework with framework core (identify, protect, detect, respond, recover), framework implementation, framework profile (alignment of standards, and practices to the framework core)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Security frameworks: what is the ISO/IEC?

A
  • ISO/EIC 27001: Information Security Management System
  • ISO/EIC 27002: Practice for information security controls
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Security frameworks: what is the SSAE SOC 2?

A

Audit standard focuses on topic such as firewall, intrusion detection, and multi factor authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Security configuration: where to find hardening guides ?

A

Hardening guides are specific to the software or OS, so you can get it from the manufacturer or on internet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Security configuration: how to harden a web server?

A
  • Manage permission
  • Configure SSL: manage and install certificates
  • Log files: monitor access and error logs
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Security configuration: how to harden OS?

A
  • Ensure OS is updated
  • Set up password complexity and permission
  • Limit network access
  • Monitor antivirus/ malware
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Security configuration: how to harden network infrastructure?

A
  • Configure authentication (don’t use defaults credentials)
  • Check with the manufacturer for security updates
How well did you know this?
1
Not at all
2
3
4
5
Perfectly