Cyber Security - Category Definitions Flashcards

1
Q

Asset Management (ID.AM)

A

The data, personnel, devices, systems, and facilities that enable the organization to achieve business purposes are identified and managed consistent with their relative importance to business objectives and the organization’s risk strategy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Business Environment (ID.BE)

A

The organization’s mission, objectives, stakeholders, and activities are understood and prioritized; this information is used to inform cybersecurity roles, responsibilities, and risk management decisions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Governance (ID.GV)

A

The policies, procedures, and processes to manage and monitor the organization’s regulatory, legal, risk, environmental, and operational requirements are understood and inform the management of cybersecurity risk.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Risk Assessment (ID.RA)

A

The organization understands the cybersecurity risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Risk Management Strategy (ID.RM)

A

The organization’s priorities, constraints, risk tolerances, and assumptions are established and used to support operational risk decisions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Access Control (PR.AC)

A

Access to assets and associated facilities is limited to authorized users, processes, or devices, and to authorized activities and transactions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Awareness and Training (PR.AT)

A

The organization’s personnel and partners are provided cybersecurity awareness education and are adequately trained to perform their information security-related duties and responsibilities consistent with related policies, procedures, and agreements.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Data Security (PR.DS)

A

Information and records (data) are managed consistent with the organization’s risk strategy to protect the confidentiality, integrity, and availability of information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Information Protection Processes and Procedures (PR.IP)

A

Security policies (that address purpose, scope, roles, responsibilities, management commitment, and coordination among organizational entities), processes, and procedures are maintained and used to manage protection of information systems and assets.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Maintenance (PR.MA)

A

Maintenance and repairs of industrial control and information system components is performed consistent with policies and procedures.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Protective Technology (PR.PT)

A

Technical security solutions are managed to ensure the security and resilience of systems and assets, consistent with related policies, procedures, and agreements.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Anomalies and Events (DE.AE)

A

Anomalous activity is detected in a timely manner and the potential impact of events is understood.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Security Continuous Monitoring (DE.CM)

A

The information system and assets are monitored at discrete intervals to identify cybersecurity events and verify the effectiveness of protective measures.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Detection Processes (DE.DP)

A

Detection processes and procedures are maintained and tested to ensure timely and adequate awareness of anomalous events.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Response Planning (RS.RP)

A

Response processes and procedures are executed and maintained, to ensure timely response to detected cybersecurity events.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Communications (RS.CO)

A

Response activities are coordinated with internal and external stakeholders, as appropriate, to include external support from law enforcement agencies.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Analysis (RS.AN)

A

Analysis is conducted to ensure adequate response and support recovery activities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Mitigation (RS.MI)

A

Activities are performed to prevent expansion of an event, mitigate its effects, and eradicate the incident.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Improvements (RS.IM)

A

Organizational response activities are improved by incorporating lessons learned from current and previous detection/response activities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Recovery Planning (RC.RP)

A

Recovery processes and procedures are executed and maintained to ensure timely restoration of systems or assets affected by cybersecurity events.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Improvements (RC.IM)

A

Recovery planning and processes are improved by incorporating lessons learned into future activities.

22
Q

Communications (RC.CO)

A

Restoration activities are coordinated with internal and external parties, such as coordinating centers, Internet Service Providers, owners of attacking systems, victims, other CSIRTs, and vendors.

23
Q

Definition

The data, personnel, devices, systems, and facilities that enable the organization to achieve business purposes are identified and managed consistent with their relative importance to business objectives and the organization’s risk strategy.

A

Asset Management (ID.AM)

24
Q

Definition

The organization’s mission, objectives, stakeholders, and activities are understood and prioritized; this information is used to inform cybersecurity roles, responsibilities, and risk management decisions.

A

Business Environment (ID.BE)

25
Q

Definition

The policies, procedures, and processes to manage and monitor the organization’s regulatory, legal, risk, environmental, and operational requirements are understood and inform the management of cybersecurity risk.

A

Governance (ID.GV)

26
Q

Definition

The organization understands the cybersecurity risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals.

A

Risk Assessment (ID.RA)

27
Q

Definition

The organization’s priorities, constraints, risk tolerances, and assumptions are established and used to support operational risk decisions.

A

Risk Management Strategy (ID.RM)

28
Q

Definition

Access to assets and associated facilities is limited to authorized users, processes, or devices, and to authorized activities and transactions.

A

Access Control (PR.AC)

29
Q

Definition

The organization’s personnel and partners are provided cybersecurity awareness education and are adequately trained to perform their information security-related duties and responsibilities consistent with related policies, procedures, and agreements.

A

Awareness and Training (PR.AT)

30
Q

Definition

Information and records (data) are managed consistent with the organization’s risk strategy to protect the confidentiality, integrity, and availability of information.

A

Data Security (PR.DS)

31
Q

Definition

Security policies (that address purpose, scope, roles, responsibilities, management commitment, and coordination among organizational entities), processes, and procedures are maintained and used to manage protection of information systems and assets.

A

Information Protection Processes and Procedures (PR.IP)

32
Q

Definition

Maintenance and repairs of industrial control and information system components is performed consistent with policies and procedures.

A

Maintenance (PR.MA)

33
Q

Definition

Technical security solutions are managed to ensure the security and resilience of systems and assets, consistent with related policies, procedures, and agreements.

A

Protective Technology (PR.PT)

34
Q

Definition

Anomalous activity is detected in a timely manner and the potential impact of events is understood.

A

Anomalies and Events (DE.AE)

35
Q

Definition

The information system and assets are monitored at discrete intervals to identify cybersecurity events and verify the effectiveness of protective measures.

A

Security Continuous Monitoring (DE.CM)

36
Q

Definition

Detection processes and procedures are maintained and tested to ensure timely and adequate awareness of anomalous events.

A

Detection Processes (DE.DP)

37
Q

Definition

Response processes and procedures are executed and maintained, to ensure timely response to detected cybersecurity events.

A

Response Planning (RS.RP)

38
Q

Definition

Response activities are coordinated with internal and external stakeholders, as appropriate, to include external support from law enforcement agencies.

A

Communications (RS.CO)

39
Q

Definition

Analysis is conducted to ensure adequate response and support recovery activities.

A

Analysis (RS.AN)

40
Q

Definition

Activities are performed to prevent expansion of an event, mitigate its effects, and eradicate the incident.

A

Mitigation (RS.MI)

41
Q

Definition

Organizational response activities are improved by incorporating lessons learned from current and previous detection/response activities.

A

Improvements (RS.IM)

42
Q

Definition

Recovery processes and procedures are executed and maintained to ensure timely restoration of systems or assets affected by cybersecurity events.

A

Recovery Planning (RC.RP)

43
Q

Definition

Recovery planning and processes are improved by incorporating lessons learned into future activities.

A

Improvements (RC.IM)

44
Q

Definition

Restoration activities are coordinated with internal and external parties, such as coordinating centers, Internet Service Providers, owners of attacking systems, victims, other CSIRTs, and vendors.

A

Communications (RC.CO)

45
Q

Definition

Recovery planning and processes are improved by incorporating lessons learned into future activities.

A

Improvements (RC.IM)

46
Q

Definition

Recovery processes and procedures are executed and maintained to ensure timely restoration of systems or assets affected by cybersecurity events.

A

Recovery Planning (RC.RP)

47
Q

Definition

Activities are performed to prevent expansion of an event, mitigate its effects, and eradicate the incident.

A

Mitigation (RS.MI)

48
Q

Definition

Response activities are coordinated with internal and external stakeholders, as appropriate, to include external support from law enforcement agencies.

A

Communications (RS.CO)

49
Q

Definition

Detection processes and procedures are maintained and tested to ensure timely and adequate awareness of anomalous events.

A

Detection Processes (DE.DP)

50
Q

Definition

The information system and assets are monitored at discrete intervals to identify cybersecurity events and verify the effectiveness of protective measures.

A

Security Continuous Monitoring (DE.CM)

51
Q

Definition

Technical security solutions are managed to ensure the security and resilience of systems and assets, consistent with related policies, procedures, and agreements.

A

Protective Technology (PR.PT)