ISC Deck 5 multi-unit Flashcards
What is asset-centric thread modeling?
It is a threat modeling framework that prioritizes system assets and the business impact of losing each asset.
Under the incident response guidelines of NIST SP 800-61, what is the role of the IT support team during incident handling ?
According to NIST SP 800-61, the IT support team’s role includes executing actions on affected systems as directed by the incident response team to contain and mitigate the effects of the breach.
What is not a cloud-unique cybersecurity risk associated with a cloud service provider’s (CSP) implementation of a cloud computing environment?
The compromise of the public key infrastructure due to lack of segregation of duties over the issuance and use of certificates is a risk generally applicable to cloud computing platforms and is not unique to a CSP’s implementation of a cloud environment.
What is a brute force attack?
A brute-force attack is an automated method of password cracking. It uses a trial-and error program to systematically guess the password.
What is return-oriented programming?
Return-oriented programming is an advanced technique that attackers use to manipulate a system’s control flow and execute code sequences already present in the system’s memory by exploiting its vulnerabilities.
The Framework Core of the NIST Cybersecurity Framework consists of five concurrent and continuous functions designed to control cyber risk activities and outcomes. These five functions include
1) Identify
2)Protect
3)Detect
4)Respond
5)Recover
A SOC 1, type 2 report has four modifications to a type 1 report what are they?
1) an addition to the auditor’s responsibility to test the effectiveness of controls
2) the addition of a section of the report describing the auditor’s tests of controls
3) an opinion on the effectiveness of the controls over a period of time
and
4) the opinion of the description and suitability is extended to a period of time rather than a point in time.
What information do user entities, and business partners usually need to identify, assess, and address the risk associated with the use of a service organization?
The need the design, operation, and effectiveness of controls.
The do NOT need management’s assertion about the controls.
According to NIST SP 800-61, what must an incident response plan include>
1) a mission statement
2) strategies and goals
3) senior management approval
4) the organization’s approach to incident response
5) how the organization will communicate during an incident
6) metrics for measuring incident response capability
7) a roadmap for maturation of the incident response capability
8) how the program fits into the overall organization
Which component of the COSO Internal Control – Integrated Framework involves the entity gaining an understanding of its cyber risk profile?
The control environment component of the COSO internal control framework asserts that the board of directors should understand the organization’s cyber risk profile.
Which procedure includes the auditor’s determination of whether an incident was reported in a timely manner?
The auditor assesses the identification of the incident and reporting by comparing the actual identification and reporting to the incident response plan. The auditor will look for any discrepancies and evaluate if the incident was detected and reported in a timely manner.
When considering COSO’s component of the control environment for evaluating trust services criteria, the service auditor would be most interested that
The board of directors identifies and accepts its oversight responsibilities.
The entity should develop risk mitigation practices over technology that enable the organization to manage cyber risk. This is best covered by which of the following COSO internal control framework components?
The entity should develop control activities, otherwise known as risk mitigations, including general control and application control activities over technology, that enable the organization to manage cyber risk.
What is a threat agent?
An individual or group maliciously intending to exploit weaknesses in an information system.
Which of the following procedures includes an examination of whether incident response procedures aligned with prescribed response procedures?
Evaluate response procedures.
