Cyber Security - Defend

Question 1

DE.AE-1

Answer 1

A baseline of network operations and expected data flows for users and systems is established and managed

Question 2

DE.AE-2

Answer 2

Detected events are analyzed to understand attack targets and methods

Question 3

DE.AE-3

Answer 3

Event data are aggregated and correlated from multiple sources and sensors

Question 4

DE.AE-4

Answer 4

Impact of events is determined

Question 5

DE.AE-5

Answer 5

Incident alert thresholds are established

Question 6

DE.CM-1

Answer 6

The network is monitored to detect potential cybersecurity events

Question 7

DE.CM-2

Answer 7

The physical environment is monitored to detect potential cybersecurity events

Question 8

DE.CM-3

Answer 8

Personnel activity is monitored to detect potential cybersecurity events

Question 9

DE.CM-4

Answer 9

Malicious code is detected

Question 10

DE.CM-5

Answer 10

Unauthorized mobile code is detected

Question 11

DE.CM-6

Answer 11

External service provider activity is monitored to detect potential cybersecurity events

Question 12

DE.CM-7

Answer 12

Monitoring for unauthorized personnel, connections, devices, and software is performed

Question 13

DE.CM-8

Answer 13

Vulnerability scans are performed

Question 14

DE.DP-1

Answer 14

Roles and responsibilities for detection are well defined to ensure accountability

Question 15

DE.DP-2

Answer 15

Detection activities comply with all applicable requirements

Question 16

DE.DP-3

Answer 16

Detection processes are tested

Question 17

DE.DP-4

Answer 17

Event detection information is communicated to appropriate parties

Question 18

DE.DP-5

Answer 18

Detection processes are continuously improved