Cybersecurity Risks and Controls Flashcards
What are the phases of an attack?
Before, During, After
What is the risk equation for managed assets?
Risk = { Threats * Vulnerabilities * Asset Value } / Strong Controls
What is the risk equation for unmanaged assets?
Risk = { Threats * Vulnerabilities * Asset Value } / Weak Controls
What are the Business Controls that NIST references?
ISO 27002 Code of Practice
What are the Technical Controls that NIST references?
CIS 20 Critical Controls
What is Critical Infrastructure?
Assets, systems and networks, whether physical or virtual, so vital to the United States that their incapacitation or destruction would have a debilitating effect on national security, economic security, national public health or safety, or any combination thereof.
What is EO ?
Executive Order
Who issued EO 13800?
Trump
What is EO 13800?
Strengthing Cybersecurity of Federal Networks and Critical Infrastructure
What is the purpose of EO 13800?
To improve the nation’s cyber posture and capabilities in the face of intensifying cybersecurity threats to its digital and physical security.
What are the deliverable for EO 13800 ?
- Cybersecurity
* Workforce development
What does NIAC stand for?
National Infrastructure Advisory Council
What were the NIAC Report recommendations?
- Establish separate, secure communication networks for critical cyber control system traffic and reserved spectrum for backup communications.
- Facilitate cyber threat sharing.
- Identify the best scanning tools and assessment practices.
- Strengthen the capabilities of today’s cyber workforce.
- Establish outcome based market incentives to encourge owners to upgrade cyber infrastructure.
- Streamline security clearance process for owners of the nation’s most critical cyber assets.
- Establish protocols to rapidly declassify cyber threat information.
- Pilot an operational task force of experts to respond to cyber threats.
- Perform the Gridex-IV Exercise to test Federal Authorities during a cyber incident.
- Establish a governance approach.
What are the steps to mitigate risks?
- Strategy -aligned with business strategy
- Program - establish the target profile
- Controls - should be used to establish the new current profile
- Assessment - gap analysis compares current & target profiles
- Report - detailed scorecard that identifies current capabilities and an improvement plan for cyber maturity.
What are the NIST CFW Strategic Goals?
- Protect Information Systems
- Reduce Cyber Risk
- Best-in-Class Cybersecurity Capabilities
- Enterprise Approach to Cybersecurity
- A Cyber-Secure Enterprise
What are the Objectives of NIST CFW Goal #1 ?
Objective 1.1 Safeguard Confidential Information from Compromise
Objective 1.2 Protect the Integrity of Information
Objective 1.3 Ensure the Availability of Critical information systems
Objective 1.4 Provide Cyber-Resilient Information Sytstems
Objective 1.5 Maintain a Secure Technology Infrastructure
What are the Objectives of NIST CFW Goal #2 ?
Objective 2.1 Drive cybersecurity Priorities and Initiatives Based on Effective Risk Management
Objective 2.2 Create and Nurture a Culture of Cyber-Risk Awareness
Objective 2.3 Establish Risk Ownership and effectively Communicate Risk
What are the Objectives of NIST CFW Goal #3 ?
Objective 3.1 Align information and Cyber Security Efforts with the Business Needs
Objective 3.2 Deliver Technology Solutions that are Secure
Objective 3.3 Enhance the Ability to Detect Cyber-Attacks
Objective 3.4 Respond Rapidly and Effectively to Security Incidents
Objective 3.5 Build and Maintain a Robust Cyber-Defence Capability
Objective 3.6 Develop and Sustain a capable and Competent Cybersecurity Workforce
What are the Objectives of NIST CFW Goal #4 ?
Objective 4.1 Establish Enterprise Information and Cyber security program
Objective 4.2 Embrace a Common Cyber security Framework
Objective 4.3 Enact Effective Enterprise-Wide Security Policies
Objective 4.4 Improve Cyber security through the Enterprise Technology Transformation
What are the Objectives of NIST CFW Goal #5 ?
Objective 5.1 Improve Cyber security through leadership, Partnerships and National Participation.
What is Strategic Goal #1 ?
Protect Information and Systems
What is Strategic Goal #2 ?
Reduce Cyber Risk
What is Strategic Goal #3 ?
Best-in-Class Cyber security Capabilities
What is Strategic Goal #4 ?
Enterprise Approach to Cyber security
What is Strategic Goal #5 ?
A Cyber-Secure Enterprise
What does NCSF mean?
NIST Cyber Security Framework
What are the functions of the NCSF Framework Core?
- Identify
- Protect
- Detect
- Respond
- Recover
What are the Categories of the NCSF Framework Core’s Identify function?
- Asset Management
- Business Environment
- Governance
- Risk Assessment
- Risk Management
- Supply Chain
What are the Categories of the NCSF Framework Core’s Protect function?
- Access Control
- Awareness and Training
- Data Security
- Information Protection Procedures
- Maintenance
- Protective Technology
What are the Categories of the NCSF Framework Core’s Detect function?
- Anomalies and Events
- Security Continuous Monitoring
- Detection Processes
What are the Categories of the NCSF Framework Core’s Respond function?
- Respond Planning
- Communications
- Analysis
- Mitigation
- Improvements
What are the Categories of the NCSF Framework Core’s Recover function?
- Recovery Planning
- Improvements
- Communications
Describe which function Asset Management category belongs to and how many sub-categories it has.
- It belongs to the Identify function
2. It contains 6 sub-categories
Describe which function Business Environment category belongs to and how many sub-categories it has.
- It belongs to the Identify function
2. It contains 5 sub-categories
Describe which function Governance category belongs to and how many sub-categories it has.
- It belongs to the Identify function
2. It contains 4 sub-categories
Describe which function Risk Assessment category belongs to and how many sub-categories it has.
- It belongs to the Identify function
2. It contains 6 sub-categories
Describe which function Risk Management category belongs to and how many sub-categories it has.
- It belongs to the Identify function
2. It contains 3 sub-categories
Describe which function Supply Chain category belongs to and how many sub-categories it has.
- It belongs to the Identify function
2. It contains 5 sub-categories
Describe which function Access Control category belongs to and how many sub-categories it has.
- It belongs to the Protect function
2. It contains 7 sub-categories
Describe which function Awareness and Training category belongs to and how many sub-categories it has.
- It belongs to the Protect function
2. It contains 5 sub-categories
Describe which function Data Security category belongs to and how many sub-categories it has.
- It belongs to the Protect function
2. It contains 8 sub-categories
Describe which function Information Protection Procedures category belongs to and how many sub-categories it has.
- It belongs to the Protect function
2. It contains 12 sub-categories
Describe which function Maintenance category belongs to and how many sub-categories it has.
- It belongs to the Protect function
2. It contains 2 sub-categories
Describe which function Protective Technology category belongs to and how many sub-categories it has.
- It belongs to the Protect function
2. It contains 5 sub-categories
Describe which function Anomalies and Events category belongs to and how many sub-categories it has.
- It belongs to the Detect function
2. It contains 5 sub-categories
Describe which function Security Continuous Monitoring category belongs to and how many sub-categories it has.
- It belongs to the Detect function
2. It contains 8 sub-categories
Describe which function Detection Processes category belongs to and how many sub-categories it has.
- It belongs to the Detect function
2. It contains 5 sub-categories
Describe which function Response Planning category belongs to and how many sub-categories it has.
- It belongs to the Respond function
2. It contains 1 sub-categories
Describe which function Communications category belongs to and how many sub-categories it has.
- It belongs to the Respond function
2. It contains 5 sub-categories
Describe which function Analysis category belongs to and how many sub-categories it has.
- It belongs to the Respond function
2. It contains 5 sub-categories
Describe which function Mitigation category belongs to and how many sub-categories it has.
- It belongs to the Respond function
2. It contains 3 sub-categories
Describe which function Improvements category belongs to and how many sub-categories it has.
- It belongs to the Respond function
2. It contains 2 sub-categories
Describe which function Recovery Planning category belongs to and how many sub-categories it has.
- It belongs to the Recovery function
2. It contains 1 sub-categories
Describe which function Improvements belongs to and how many sub-categories it has.
- It belongs to the Recovery function
2. It contains 2 sub-categories
Describe which function Communications belongs to and how many sub-categories it has.
- It belongs to the Recovery function
2. It contains 3 sub-categories
What are Tiers?
Tiers describe the maturity of an organization with regard to management of Cyber security risk.
How many Tiers are there?
4
What are the Tier ratings?
- Partial
- Risk Informed
- Repeatable
- Adaptive
What is a NCSF Framework Profile?
A NCSF Framework Profile represents the cyber security outcomes based upon business needs that an organization has selected from the Framework Categories and Subcategories.
What is the purpose of NCSF Framework Profiles?
To identify opportunities for improving cyber security posture by comparing a “Current” profile to a “Target” profile.
They can be used to conduct self- gap analyses.
What is the NCSF Implement or Improvement methodology?
- Prioritize
- Orient
- Create Current Profile
- Conduct Risk Assessment
- Create Target Profile
- Determine Analyze & Priortize Caps
- Implement Action Plan
What is a Controls Factory?
A concept used to help organize the engiineering, technical and business functions of a NIST cyber security program.
