Introduction to security frameworks and controls Flashcards
Where do you start as a security analyst when you want to implement additional security measures?
identifying your organization’s critical assets and risks. Then you’ll implement the necessary frameworks and controls.
What are security frameworks?
Security frameworks are guidelines used for building plans to help mitigate risks and threats to data and privacy. Security frameworks provide a structured approach to implementing a security lifecycle.
What is a security lifecycle?
The security lifecycle is a constantly evolving set of policies and standards that define how an organization manages risks, follows established guidelines, and meets regulatory compliance, or laws.
What is the purpose of security frameworks?
The purpose of security frameworks include protecting personally identifiable information, known as PII, securing financial information, identifying security weaknesses, managing organizational risks, and aligning security with business goals.
What are the four core components of security frameworks?
Identifying and documenting security goals, setting guidelines to achieve security goals, implementing strong security processes, monitoring and communicating results
What is GDPR?
General Data Protection Regulation
Give an example of identifying and documenting security goals
For example, an organization may have a goal to align with the E.U.’s General Data Protection Regulation, also known as GDPR. GDPR is a data protection law established to grant European citizens more control over their personal data. A security analyst may be asked to identify and document areas where an organization is out of compliance with GDPR.
Give an example of setting guidelines to achieve security goals.
For example, when implementing guidelines to achieve GDPR compliance, your organization may need to develop new policies for how to handle data requests from individual users.
Give an example of implementing strong security processes
In the case of GDPR, a security analyst working for a social media company may help design procedures to ensure the organization complies with verified user data requests. An example of this type of request is when a user attempts to update or delete their profile information.
Give an example of monitoring and communicating results
As an example, you may monitor your organization’s internal network and report a potential security issue affecting GDPR to your manager or regulatory compliance officer.
What do frameworks allow?
Frameworks allow analysts to work alongside other members of the security team to document, implement, and use the policies and procedures that have been created.
Why are frameworks essential for an entry-level analyst?
It’s essential for an entry-level analyst to understand this process because it directly affects the work they do and how they collaborate with others.
What are security controls?
Security controls are safeguards designed to reduce specific security risks.
Give an example of security control
For example, your company may have a guideline that requires all employees to complete a privacy training to reduce the risk of data breaches. As a security analyst, you may use a software tool to automatically assign and track which employees have completed this training.
