Control, Monitoring, and Audit Flashcards
What is control?
- Minimise deviation from standards and foreseeing action
- Control = Monitor + Action
What are the component of PDCA?
Plan, Do , Check, and Act
What is risk management about?
- Effective and efficient controls
- Obtaining further information
- Learn lessons from incidents
- Detecting changes
- Identify emerging risks
What are the key issues in monitoring /controlling?
- Learning process
- Specific experts
- Cost-benefit
- Frameworks, KPIs
What are the best practices in security training?
- Someone directly responsible
- Testing
- Every 4-6 months
- Open communication policy
Which types of control exist?
- Before an event (feedforward)
- During an event (concurrent)
- After an event (feedback)
Which cybersecurity frameworks exist?
- NIST
- ISO 27001 and ISO 27002
- SOC2
- NERC CIP
- HIPAA
- GDPR
- FISMA
What is the NIST about?
Guidance to help organisation focus on the most critical security considerations
What is ISO27001 and ISO27002 about?
Information security controls that organisations might choose to implement
What is SOC2?
Auditing procedure
What is NERC CIP?
Set of standards in North America
What is HIPAA?
Cybersecurity framework for Health
What is the GDPR about?
Privacy and security law
What is FISMA about?
Government information protection
What is the upper left area in the VUCA graph?
Complexity - multiple key decision factors
