Domain 1: Security and Risk Management Flashcards
What is the CIA Triad?
Confidentiality
Integrity
Availability
What is a Security Program?
- People
Training and Awareness
Knowledge and Skill Set
Company Culture
What is a Security Program
- Process
Strategic Planning
Management
Systems
Frameworks
Compliance with Standards
Audit
What is a Security Program
- Technology
The success of the technology is driven by the people and processes of the organisation.
What is GRC?
Governance, Risk, Compliance
What is Governance
Top leadership being accountable. Buy in from Executive Level.
What is Risk?
The likelihood of a threat exploiting a vulnerability and the costs associated with it.
Controls for risk must be cost effective.
What is Compliance?
Auditing and monitoring to ensure methods of risk control are actioned.
How do you make any security activity successful?
You get support and buy-in from Senior Leadership.
All security decisions should relate to…
Risk Management.
Due diligence is…
… doing the research.
Due care is…
… acting on the due diligence.
Prudent Person rule means…
…asking “have I done what any Prudent Person would do”?
Who is ULTIMATELY responsible (sometimes called “Accountable”) for the security within an organisation?
Senior management.
What are the five desirable goals of NIST CSF?
1: Identify
2: Protect
3: Detect
4: Respond
5: Recover