COMPARING SECURITY ROLES AND SECURITY CONTROLS

Question 1

What is a security Control?

Answer 1

Something designed to give a system or data asset the properties of Confidentiality, Integrity, Availability, and Non-repudiation

Question 2

What is a technical Control?

Answer 2

Control, implemented as a system (hardware,software,firmware)

Question 3

What is an Operational Control?

Answer 3

Implemented by people rather than systems (security Guards, training)

Question 4

What is a Managerial Control?

Answer 4

Gives oversight of information System (risk ID tool)

Question 5

Security Control Categories?

Answer 5

Technical, Managerial, Operational

Question 6

Security Control Function Types?

Answer 6

Preventative, Detective, Corrective, Physical, Deterrent, Compensating

Question 7

Preventative Control Function?

Answer 7

Acts to eliminate or reduce likelihood of attack

Question 8

Detective Control Function

Answer 8

Does not prevent or Deter, but will ID/record any attempt intrustion

Question 9

Corrective Control Function

Answer 9

Acts to eliminate or reduce the impact of an intrusion

Question 10

Physical Control Function

Answer 10

Deter/Detect Physical access (Alarms/locks cameras)

Question 11

Deterrent Control Function

Answer 11

May not prevent access, but discourages it

Question 12

Compensating Control Function

Answer 12

Substitute for principal control

Question 13

What is A Cybersecurity Framework?

Answer 13

A list of activities and objectives undertaken to mitigate risks

Question 14

What is NIST (CSF)?

Answer 14

National Institute of Standards and Technology : Focuses solely on IT security

Question 15

What Does ISO 27k Focus on?

Answer 15

Personal Data and Privacy

Question 16

What does ISO 31k Focus on?

Answer 16

Overall framework for enterprise risk management (ERM)

Question 17

What Is the Cloud Security Alliance? (CSA)

Answer 17

Organization that produces various resources to assist cloud service providers (CSP) in setting up and delivering secure cloud platforms.

Question 18

What is the statements on Standards for Attestation Engagements (SSAE) Service organization Control (SOC)

Answer 18

SSAE is audit specifications developed by the American Institute of certified Public Accountants

Question 19

SSAE SOC2 vs SOC3

Answer 19

SOC2 is detailed;DnD
SOC3 is Unclassified

Question 20

What is the Center for internet Security (CIS)

Answer 20

the 20 CIS
Controls.” The CIS-RAM (Risk Assessment Method) can be used to perform an overall
evaluation of security posture

Question 21

Open Web Application Security Project (OWASP)

Answer 21

community that publishes several secure application development resources,

Question 22

Sarbanes-Oxley Act (SOX)

Answer 22

mandates the implementation of risk assessments, internal controls, and
audit procedures.

Question 23

he Computer Security Act (1987)

Answer 23

equires federal agencies to
develop security policies for computer systems that process confidential information

Question 24

General Data Protection
Regulation (GDPR)

Answer 24

personal data cannot be collected, processed, or
retained without the individual’s informed consent

Question 25

Payment Card Industry Data Security Standard (PCI DSS

Answer 25

defines the safe handling and storage of financial information