GRC WEEK 3 CHAPTERS 5 & 6 Flashcards
What is the primary purpose of NIST SP 800-53?
To help organizations strengthen their risk management processes by providing a catalog of security controls.
How many controls does NIST SP 800-53 contain?
More than 1,000 controls.
What types of threats does NIST SP 800-53 help protect against?
- Cybersecurity incidents
- Privacy breaches
- Malicious attack
- Mistakes and human error
How many distinct control families are there in NIST SP 800-53?
20 distinct control families.
What does the Access Control family focus on?
Controls that cover access to systems, networks, and devices.
What is the goal of the Awareness and Training family?
To ensure users are adequately trained to identify threats.
What does the Audit and Accountability family provide guidance on?
Procedures for event logging and auditing.
What is the focus of the Assessment, Authorization and Monitoring family?
Continuous monitoring and improvement of security and privacy controls.
What does the Configuration Management family aim to lower?
The risk of unauthorized hardware or software being installed on the system.
What type of planning does the Contingency Planning family cover?
Planning for system failures and breaches.
What is the purpose of the Identification and Authentication family?
Reliable identification of users and devices.
What does the Incident Response family encompass?
All aspects of responding to serious incidents.
What does the Maintenance family deal with?
System maintenance, including software updates and logging.
What does the Media Protection family focus on?
The use, storage, and safe destruction of media and files.
What does the Physical and Environmental Protection family cover?
Physical access to devices and facilities.
What is included in the Planning family of controls?
Privacy and system security plans (SSPs).
What does the Program Management family of controls cover?
Management of an information system, including processes and plans.
What does the Personnel Security family focus on?
Policies and procedures around the management of personnel.
What is the aim of the Personally Identifiable Information (PII) Processing and Transparency family?
To safeguard sensitive data, focusing on consent and privacy.
What does the Risk Assessment family focus on?
Assessment of system vulnerabilities and relevant risk.
What does the System and Services Acquisition family include?
Allocation of resources and creation of system development life cycles.
What is the focus of the System and Communications Protection family?
Protection of system boundaries and management of collaborative devices.
What does the System and Information Integrity family maintain?
The integrity of the information system.
What does the Supply Chain Risk Management family cover?
Policies and procedures to counter risks in the supply chain.