Cyber Security - Identify Flashcards

1
Q

ID.AM-1

A

Physical devices and systems within the organization are inventoried

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

ID.AM-2

A

Software platforms and applications within the organization are inventoried

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

ID.AM-3

A

Organizational communication and data flows are mapped

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

ID.AM-4

A

External information systems are catalogued

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

ID.AM-5

A

Resources (e.g., hardware, devices, data, and software) are prioritized based on their classification, criticality, and business value

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

ID.AM-6

A

Cybersecurity roles and responsibilities for the entire workforce and third-party stakeholders (e.g., suppliers, customers, partners) are established

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

ID.BE-1

A

The organization’s role in the supply chain is identified and communicated

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

ID.BE-2

A

The organization’s place in critical infrastructure and its industry sector is identified and communicated

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

ID.BE-3

A

Priorities for organizational mission, objectives, and activities are established and communicated

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

ID.BE-4

A

Dependencies and critical functions for delivery of critical services are established

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

ID.BE-5

A

Resilience requirements to support delivery of critical services are established

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

ID.GV-1

A

Organizational information security policy is established

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

ID.GV-2

A

Information security roles & responsibilities are coordinated and aligned with internal roles and external partners

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

ID.GV-3

A

Legal and regulatory requirements regarding cybersecurity, including privacy and civil liberties obligations, are understood and managed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

ID.GV-4

A

Governance and risk management processes address cybersecurity risks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

ID.RA-1

A

Asset vulnerabilities are identified and documented

17
Q

ID.RA-2

A

Threat and vulnerability information is received from information sharing forums and sources

18
Q

ID.RA-3

A

Threats, both internal and external, are identified and documented

19
Q

ID.RA-4

A

Potential business impacts and likelihoods are identified

20
Q

ID.RA-5

A

Threats, vulnerabilities, likelihoods, and impacts are used to determine risk

21
Q

ID.RA-6

A

Risk responses are identified and prioritized

22
Q

ID.RM-1

A

Risk management processes are established, managed, and agreed to by organizational stakeholders

23
Q

ID.RM-2

A

Organizational risk tolerance is determined and clearly expressed

24
Q

ID.RM-3

A

The organization’s determination of risk tolerance is informed by its role in critical infrastructure and sector specific risk analysis