Cybersecurity and Audit's Role Flashcards

1
Q

Which NIST cybersecurity framework function focuses on prevention controls, such as network perimeter security and identity management?

A

Protect

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which line of defense is responsible for formal risk evaluations?

A

Second

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Cybersecurity is focused on protection of information assess from loss of:

A

Confidentiality
Integrity
Availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which NIST control function includes control objectives relating to security continuous monitoring?

A

Detect

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Cybersecurity controls are related to which of the following network environments?

A

The internet network
Internal network
Wireless network
Business partner connections

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are the categories of the Identify function?

A
Asset Management
Business Environment
Governance
Risk Management
Risk Management Strategy
Supply Chain Risk Management
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are the functions of the NIST Cybersecurity Framework

A
Identify
Protect
Detect
Respond
Recover
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are the categories of the Protect function?

A

-Identity Management and Access Control
-Awareness and Training
-Information Protection Processes and Procedures
Maintenance
-Protective Technology

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are the categories of the Detect function?

A
  • Anomalies and Events
  • Security Continuous Monitoring
  • Detection Processes
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are the categories of the Respond function?

A
  • Response Planning
  • Communications
  • Analysis
  • Mitigation
  • Improvements
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are the categories of the Recover function?

A
  • Recovery Planning
  • Improvements
  • Communications
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are the three lines of defense?

A
  1. ownership, implementation, execution
  2. risk management, including monitoring/measurement
  3. independent testing and assurance
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are the typical review activities for the first line of defense (management)?

A
  • Formal risk acceptance
  • control self-assessments
  • attack/breach penetration testing
  • functional/technical testing
  • social/behavioral testing
  • regular management review
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

what are the typical activities for the second line of defense (risk management)?

A
  • threat, vulnerabilities, risk
  • formal risk evaluation
  • business impact analysis (BIA)
  • emerging risk
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are the typical activities for the third line of defense (internal audit)?

A
  • internal control testing
  • cybersecurity compliance
  • investigation/forensics
How well did you know this?
1
Not at all
2
3
4
5
Perfectly