Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

601 Review Questions > 5.2 Security Frameworks > Flashcards

5.2 Security Frameworks Flashcards

1
Q

Center for Internet Security (CIS)

A

Commonly known as “CIS CSC”.
Critical Security Controls for Effective Cyber Defense

Focused on improving security poster.
Strategies differ depending on organization size.
Run by IT professionals.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

NIST RMF

A

National Institute of Standards and Technology Risk Management Framework. MANDITORY for US federal agencies

Six Steps:
Step 1 - Categorize - Define environment
Step 2 - Select - Pick the right controls
Step 3 - Implement - Define proper implementation
Step 4 - Assess - Determine if controls are working
Step 5 - Authorize - Make a decisions to authorize system
Step 6 - Monitor - Check for ongoing compliance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

NIST CSF

A

NIST Cybersecurity Framework (CSF)

Framework Core:
Identify
Protect
Detect
Respond
Recover

Implementation Tier:
Org determines their approach to cybersecurity and how they plan to manage the risks.

Framework Profile:
Standards, guidelines, practices align with framework core

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

International Organization for Standardization and International electrotechnical Comission (ISO/IEC)

ISO/IEC 27001

A

Standard for Information Security Management Systems (ISMS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

International Organization for Standardization and International electrotechnical Comission (ISO/IEC)

ISO/IEC 27002

A

Code of practice for information security controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

International Organization for Standardization and International electrotechnical Comission (ISO/IEC)

ISO/IEC 27701

A

Privacy Information Management Systems (PIMS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

International Organization for Standardization

ISO 31000

A

International standards for risk management practices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

SSAE SOC 2 Type I/II

A

Performed by The American Institute of Certified Public Accountants (AICPA)

It’s an auditing standard called “Statement on Standards for Attestation Engagements #18” (SSAE 18)

SOC 2 - Trust Services Criteria (security controls)
- Focuses on firewalls, intrusion detection, multifactor authentication.

Type 1 Audit - Tests controls at a certain point in time

Type 2 Audit - Test over period of at least 6 months

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Cloud Security Alliance (CSA)

A

Not-for-profit organization

Cloud Controls Matrix (CCM)

  • Cloud-specific security controls
  • Controls are mapped to standards and best practices and regulations for the cloud
How well did you know this?
1
Not at all
2
3
4
5
Perfectly

601 Review Questions (29 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions