Manage Security Risks Flashcards
module two
What is the purpose of security frameworks in organizations?
To reduce risk and protect data and privacy.
What does the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) consist of?
Standards, guidelines, and best practices to manage cybersecurity risk.
Fill in the blank: The five core functions of the CSF are identify, protect, detect, respond, and _____.
recover.
What is the role of the “identify” function in the CSF?
Management of cybersecurity risk and its effect on an organization’s people and assets.
Which CSF function involves implementing policies, procedures, training, and tools to mitigate cybersecurity threats?
Protect.
What does the “respond” function in the CSF entail?
Ensuring that the proper procedures are used to contain, neutralize, and analyze security incidents, and implement improvements to the security process.
Fill in the blank: The CSF “recover” function relates to _____ systems back to normal operation.
returning.
What principle suggests that users should have the least amount of access required to perform their tasks?
Principle of least privilege.
What is the purpose of an internal security audit?
To review an organization’s security controls, policies, and procedures against a set of expectations.
Fill in the blank: A security _____ is a review of an organization’s security controls, policies, and procedures.
audit
Which principle involves designing applications so their optimal security state is their default state?
Establish secure defaults
What does the principle “fail securely” mean?
When a control fails, it should default to its most secure option.
Why shouldn’t organizations trust third-party services implicitly?
Because these services often have different security policies
Which OWASP principle emphasizes avoiding unnecessarily complicated solutions?
Keep security simple.
What is the significance of the principle “avoid security by obscurity”?
Security should not rely solely on keeping details hidden.