CISM Flashcards
What is a Metric
Quantifiable entity that allows the measurement of the achievement of a process goal
Phases of Incidence Response
Prepare Identify Contain Eradicate Restore
GRC
Governance, Risk Management, Compliance
IRT Role ensures incident Response actions and procedures comply with legal and regulatory requirements
Legal Representative
Component in GRC is the responsibility of senior management and the BoD, and focuses on creating mechanisms to ensure personnel follow established Processes and policies
Governance
IRT role writes incident response reports and documents lessons learned
Incident handler
What is meant by Incident Repsonse?
Planning, coordinating, and executing appropriate mitigation, containment, and recovery strategies and actions
According ISACA, 5 main components of a Security Review?
Objective, Scope, Constraints, approach, result
IRT role that writes reports of investigation findings
Investigator
Role that develops the security strategy with business objectives
CISO ir Info Sec manager
Acronym CSF mean?
Critical Success Factor
In which risk assessment phase are specific risk scenarios and possible outcomes developed?
Risk Identification
IRT role documents the steps taken when executing the incident response plan?
Incident handler
Purpose of a RACI Chart
Define various roles associated with aspects of an info Sec program
Control category provides warnings that can deter potential compromise?
Deterrent Controls
What is Cobit 5
Framework that cofuses on value from IT by maintaineng a balance between releazing benefits and optimizing risk levels and resource use
5 principles of Cobit 5
Meeting the stakeholders needs Covering the enterprise end to endpoint Applying a single integrated Framework Enabling a holistic approach Separating governance from management
ALE
Single loss expect (SLE) X Annualized Rate of occurance (ARO)
ALE=SLE x ARO
ARO
Annualized rate of occurance
AUP
Acceptable Use Policy
SDO= Service Delivery Objective
Level of service supported durign alternate process mode until the normal situation is restored.
4 commonly accepted subsets of enterprise architecture according to ISACA
Business Architecture
Data “” “”
Applications “” “”
Technology “” ””
GRC
Governance, Risk Management, Compliance
Intangible assets
Patents, copyrights, reputation, data
What control deters potential compromise
Deterrent Controls
IRT role performs proactive and reactive measures to control info risk level
Info Sec manager
IRT role takes responsibility for overall incident management and response concept
sec steering group
IRT role Makes final decisions regarding incidents
Security Steering Group
IRT role Finds root cause of incident
Investigator
IRT role performs IT Sec assess/audit as a proactive mensure and part of the vuln management
IT Sec Specialist
IRT role Develops and maintains incident management and response capability
Info Sec Manager
IRT role Approves incident management team (IMT) Charter
sec steering group
IRT role Approves deviations and exceptions to the Incident Response Plan
sec steering group
IRT role responsible for coordingating the activities of all other recovery teams and handling key decision making
Emergency Management team
4 PERSPECTIVES IN A BALANCED SCORECARD
Financial
Customer
Business Process
Learning and growth
Accept the risk
Cost of mitigation to risk is higher than value of asset
Exposure
– Extent to which vuln is exposed to threat
FRaaS
- Forensics as a service
IdaaS
- Identity as a Service
PDCA
- Plan, Do, Check, Act
IMT
- Incident management Team
3 goals of a BIA
Criticality Prioritization
Downtime estimation
Resource Requirement
6 outcomes of the info security program according to ISACA
Strategic Alignment Risk Management Value Delivery Resource Management Performance Measurement Assurance process integration
What is a qualitative risk analysis?
Determines the magnitude and likelihood of the potential consequences of identified risks
5 ISACA phases of incident management lifecycle
Planning and prep Detection, triae, and invetigate Containment, analysis, tracking, and recovery Post incident assessment Incident closure
What are compensation controls?
control category to reduce risk of exisiting or potential control weakness
Least risky cloud deployment model-
Private Cloud
Identifies emerging risks and identifies compliance issues
Steering committee
Cloud service model LEAST risky
Infrastructure as a service (IaaS)
Security Review Scope
mapping of the objective to the aspect that is to be reviewed.
Resource management-
ensures human, financial, technical, and knowledge resources are utilized efficiently and effectively
Security review objective
= Statement of what is to be determined in the course of the reviewed
3 main categories of info Sec threats
Environmental
technical
Man-made
SLE
Single Loss Expectancy
IRT Role provides assistance in incident management / response when there is a need to investigate an employee?
HR
IRT Role performs incident response tasks to contain exposure from an incident?
Incident Handler
Which control category warns of violations or attempted violations of a security policy
Detective controls
What are the 4 processes in the Total Quality Management (TQM) Cycle?
Plan, Do, Check, Act
Type of response that assigns a risk to 3rd party
Risk transfer
(BMIS) Buss Model for Info Sec- Interconnection connects the people and process elements
Emergence
Recovery site ready within a couple of hours
Hot site
According to ISACA purpose of defining an approach for a security review?
To identify the set of activities that cover the scope in a way that meets the objective of the review, given the constraints
Which role should require demonstrable alignment of security and business objectives
Board of Directors
What is the security review Approach
A set of activities that cover the scope in a way that meets the objective of the review, given the constraints
What phase of the incident management life cycle includes implementing IDS, IPS, and SIEM
Detection, Triage, and investigation
Which phase of the incident management lifecyle includes detecting and validating incidents?
Detection, Triage, and investigation
During which phase of incident response does the org verify if an incident has happened and find out more details about it?
Identify
Which outcome of an effective info security program ensures that it addresses the business or mission objectives?
Strategic alignment
(BMIS) Buss Model for Info Sec- interconnection connects the process and technology elements?
Enablement and Support
Role responsible for managing risk using external providers
Info Sec Manager
IRT rol maitains the change of custody and observes incident handling procedures for court purposes?
Incident Handler
Incident response role acts as the incident management Team (IMT) leader and main interface to the security Steering Group (SSG)?
Info Sec Manager
5 levels of the Capability Maturity Model Integration (CMMI)?
Lvl 1 - Iniital Lvl 2 - Managed Lvl 3 - Defined Lvl 4 - Quantitatively Managed Lvl 5 - Optimizing
3 main phases of risk management?
Risk identification
Risk analysis
Risk Evaluation
4 cloud deployment options
Private
Community
Public
Hybrid
Knowledge gained from a quantitative risk analysis
Numerical values assign to impact and likelihood of identified risks
Which roles should institute processes to integrate security with business objectives?
Exec or senior management
What is meant by external factors
Factors the arise from the environment in which the org operates
ISACA- 6 basic outcomes of a security program that is developed from info Sec Governance?
Strategic alignment Risk management Value Delivery Resource Optimization Performance measurement Assurance process integration
5 essential characteristics of the cloud?
On-demand self service Broad network access Resource pooling Elasticity Measured Service
GRC process that records and monitors the policies, procedures, and controls needed to ensure that polcies and standards are followed?
Compliance
What are operational metrics?
the common technical and procedural metrics
IRT Roles performs complex and in-depth IT security related tasks as part of the incident response plan
IT Security Specialist
Phase of the incident management life cycle includes prioritizing and rating incidents
Detection, Triage, investigation
What is meant by a metric being SMART?
Specific, Measurable, Attainable, Relevant, Timely
4 methods of risk response?
Avoid
Transfer
Mitigate
Access
Org role responsible for access authorization for individual or groups?
Department Management
Which outcome of an effective info sec program ensures that governance and assurance activities align with info sec activities?
assurance process integration
which metrics are often compiled from other management metrics that were designed to indicate that the security program is on track, and on budget to achieve the desired outcomes?
Strategic metrics
Which entity is the 1st line of defense in the sec on info?
employees
What is meant by the term due diligence?
Research | The idea that there are steps that should be taken by reasonable person of similar competency in similar circumstances
What must you FIRST protect against internal and external threats
Identify the potential threats
What are controls
The means of managing risk, including policies, procedures, guidelines, practices, or org structures, which can be of an administrative, technical, management, or legal nature
Used to determine the current state of risk for an org?
Risk Assessment
What are operational metrics?
The common technical and procedural metrics
Term defined as rules that run org, include policies, standards, and procedures to set direction and control of the org?
Governance
Role that creates the security strategy in alignment with business objectives
CISO or info sec manager
4 commonly ISACA subsets of overall enterprise architecture?
Business, Data, Applications, and technology architectures
Which org role is responsible for security strategy oversight and alignment
Exec management
Phase of the incident managment life cycle includes conducting log and audit analysis
Detection, triage, investigation
interconnection connects the People and tech elements in the business model for info sec? (BMIS)?
Human Factors
Roles responsible for due care and managing risk?
BoD and senior management
What does EF denote?
Exposure Factor
Risk assessment phase where identified risks are examined to determine their impacts
Risk Analysis
Org role responsible for the IT Audit, but does not usually perform the audit
Info Sec manager
