Chap 1 Flashcards
NIST 5 Functions
National Institute of Standards and Technology-
Identify, Protect, Detect, Respond, and Recover
Gap Analysis
a process that identifies how an organization’s security systems deviate from those required or recommended by a framework.
IAM
Identity and Access Management- Controls who has access to resources and what they can do with them. IAM includes Identification, Authentication, Authorization, and Accounting.
Accounting
the system must record the actions a customer takes (to ensure that they cannot deny placing an order, for instance).
Managerial Control
provide oversight and management of the information system. Examples include:
Risk identification
Tools for evaluating and selecting other security controls
Operational Control
carried out by people. Examples include:
Security guards
Training programs for employees
Technical Control
These are implemented using technology such as hardware, software, or firmware. Examples include:
Firewalls
Antivirus software
Operating system access control models
Physical Control
These deter and detect unauthorized physical access. Examples include:
Security cameras
Alarms
Locks
Lighting
Security guards
ISSO
Information Systems Security Officer-
Organizational role with technical responsibilities for implementation of security policies, frameworks, and controls.
SOC
Security Operations Center-
The location where security professionals monitor and protect critical information assets in an organization
DevOps
Development and Operations-
a set of practices that combines software development (Dev) and IT operations (Ops) to shorten the development lifecycle and deliver high-quality software continuously
DevSecOps
security expertise must be embedded into any development project regarding software development and operations
CIRT
Computer Incident Response Team
CSIRT
Computer Security Incident Response Team
CERT
computer emergency response team
