ISC #1 Flashcards

1
Q

The 4 CSF tier under the NIST CSF

A
  1. When incident management not integrated into organizational processes and is often ad hoc, this risk management program integration would fall under the Tier 1 (partial) CSF tier
  2. Tier 2 (risk-informed) implementation involves cybersecurity awareness by the rest of the organization but does not involve being securely managed
  3. Tier 3 (repeatable) implementation involves an organizational risk approach to cybersecurity where it is integrated into planning and regularly communicated among senior leadership
  4. Tier 4 (adaptive) implementation involves the prioritization of managing cyber risks similar to other forms of organizational risks
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

CSF Organizational Profiles

A

The current profile contains the current status of the organization’s risk management while the target profile contains the desired future status of the organization’s risk management. Utilizing both of these profiles to conduct a gap analysis will help identify differences between the current and desired state, allowing the organization to drive change.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

3 Primary Components to manage cybersecurity risk

A

CSF Core
CSF Tiers
CSF Organizational Profiles

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

CSF Core consists of 6 functions

A

Govern - establishes, communicates, and monitors the orgs cybersecurity risk mgmt strategy, expectations, and policy
Identify - understanding assets, suppliers, and their cybersecurity risks
Protect - secure its assets to prevent or reduce its likelihood and impact of adverse events
Detect - timely discovery of cybersecurity incidents
Respond - contain the effect of cybersecurity incidents
Recover - timely restoration to normal operations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Privacy Framework Core

A

Identify
Govern
Control
Communicate
Protect
Detect
Respond
Recover

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

HIPPA established

A

2009

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

GDPR established

A

May 2018

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

COBIT established

A

1996

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

COBIT CORE MODEL: Governance Objectives

A

EDM: Those charged with governance evaluate strategic objectives, direct management to achieve those objectives, and monitor whether objectives are being met
*governance framework setting and maintenance, resource optimization, and benefits delivery

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

COBIT CORE MODEL: 4 Management Objectives

A
  1. APO - Focuses on information technology’s overall strategy, organization, and supporting activities
    *managed security, managed human resources, and managed budget and costs
  2. BAI - Addresses the implementation of information technology’s solutions in the organization’s business process
    *managed knowledge, managed organizational change, and managed availability and capacity
  3. DDS - Addresses the security, delivery, and support of IT services
    *service requests and incidents, managed problems, and managed security devices
  4. MEA - Addresses information technology’s conformance to the company’s performance targets and control objectives along with external requirements
    *managed performance and conformance monitoring, managed system of internal control, managed compliance with external requirements, and managed assurance
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

3 Principles for a governance framework under COBIT 2019

A
  1. Based on Conceptual Model
  2. Open and Flexible
  3. Aligned to Major Standards
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Governance Control System

A
  1. Processes
  2. Organizational structures
  3. Principles, policies, and frameworks
  4. Information
  5. Culture, ethics, and behavior
  6. People, skills, and competencies
  7. Services, infrastructure, and applications
How well did you know this?
1
Not at all
2
3
4
5
Perfectly