GRC WEEK 3 CHAPTERS 5 & 6 Flashcards

1
Q
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the primary purpose of NIST SP 800-53?

A

To help organizations strengthen their risk management processes by providing a catalog of security controls.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

How many controls does NIST SP 800-53 contain?

A

More than 1,000 controls.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What types of threats does NIST SP 800-53 help protect against?

A
  • Cybersecurity incidents
  • Privacy breaches
  • Malicious attack
  • Mistakes and human error
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

How many distinct control families are there in NIST SP 800-53?

A

20 distinct control families.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What does the Access Control family focus on?

A

Controls that cover access to systems, networks, and devices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the goal of the Awareness and Training family?

A

To ensure users are adequately trained to identify threats.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What does the Audit and Accountability family provide guidance on?

A

Procedures for event logging and auditing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the focus of the Assessment, Authorization and Monitoring family?

A

Continuous monitoring and improvement of security and privacy controls.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What does the Configuration Management family aim to lower?

A

The risk of unauthorized hardware or software being installed on the system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What type of planning does the Contingency Planning family cover?

A

Planning for system failures and breaches.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is the purpose of the Identification and Authentication family?

A

Reliable identification of users and devices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What does the Incident Response family encompass?

A

All aspects of responding to serious incidents.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What does the Maintenance family deal with?

A

System maintenance, including software updates and logging.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What does the Media Protection family focus on?

A

The use, storage, and safe destruction of media and files.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What does the Physical and Environmental Protection family cover?

A

Physical access to devices and facilities.

17
Q

What is included in the Planning family of controls?

A

Privacy and system security plans (SSPs).

18
Q

What does the Program Management family of controls cover?

A

Management of an information system, including processes and plans.

19
Q

What does the Personnel Security family focus on?

A

Policies and procedures around the management of personnel.

20
Q

What is the aim of the Personally Identifiable Information (PII) Processing and Transparency family?

A

To safeguard sensitive data, focusing on consent and privacy.

21
Q

What does the Risk Assessment family focus on?

A

Assessment of system vulnerabilities and relevant risk.

22
Q

What does the System and Services Acquisition family include?

A

Allocation of resources and creation of system development life cycles.

23
Q

What is the focus of the System and Communications Protection family?

A

Protection of system boundaries and management of collaborative devices.

24
Q

What does the System and Information Integrity family maintain?

A

The integrity of the information system.

25
Q

What does the Supply Chain Risk Management family cover?

A

Policies and procedures to counter risks in the supply chain.