Maintian a sec infra Flashcards
Governance
Strategic planning - provides organizational oversight setting policies and establishing practices to enforcement
Compliance
Requirement that all parties follow the same rules
Audit
Independent review and examination to assess the adequacy of controls to ensure compliance with policies and procedures
Policies
Written direction everyone should follow
Specify correct/expected behaviour
-Enforcement and prove compliance to auditor
- Written and accessible
Security Controls
Safeguards or countermeasures to avoid, detect, counteract, or minimize risks to assets
ISO 27001:2013
Information Sec Management System Spec
Establishing security programs
ISO 27002:2013
14 sec control groups
35 control objectives
>110 ind controls
ISO 27005:2011
ISMS Risk Management
NIST Computer Security Resources Center
Resources on computer, cyber.
Publication 800 series
Industry-Sepecific Regulations
HIPAA Sec and Privacy - Protected Health Information
PCI DSS - Processing, storing and transmitting cardholder data
GDPR - Data protection from European Union
NIST CSF
Cybersecurity Framework
-Identify, manage and assess cyberrisk
-Components:
1.Core. set of goals
2. Implementation Tiers. how to manage and operates
3. Profiles. List of requirements and resources
4 tiers
CSF Core
- Set of cybersec activities
-Translation layer among multi-disciplinary teams - Functions
1. Identify
2. Protect
3. Detect
4. Respond
5. Recover
Forms the current Profile
Current vs Target Profile provides roadmap to improvement
NIST Functions
Identify. valuable assets
Protect. valuable assets from threats
Detect. when an event occurs
Respond. quickly and efficiently to a cyber incident
Recover. from an incident and get back to business
NIST Functions - Identify
Assists in developing an organizational understanding in managing cybersecurity risk to systems, people, assets, data and capabilities.
NIST Functions - Protect
outlines appropriate safeguards to ensure delivery of critical infrastructure services.
