Manage Security Risks Flashcards
module two
What is the purpose of security frameworks in organizations?
To reduce risk and protect data and privacy.
What does the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) consist of?
Standards, guidelines, and best practices to manage cybersecurity risk.
Fill in the blank: The five core functions of the CSF are identify, protect, detect, respond, and _____.
recover.
What is the role of the “identify” function in the CSF?
Management of cybersecurity risk and its effect on an organization’s people and assets.
Which CSF function involves implementing policies, procedures, training, and tools to mitigate cybersecurity threats?
Protect.
What does the “respond” function in the CSF entail?
Ensuring that the proper procedures are used to contain, neutralize, and analyze security incidents, and implement improvements to the security process.
Fill in the blank: The CSF “recover” function relates to _____ systems back to normal operation.
returning.
What principle suggests that users should have the least amount of access required to perform their tasks?
Principle of least privilege.
What is the purpose of an internal security audit?
To review an organization’s security controls, policies, and procedures against a set of expectations.
Fill in the blank: A security _____ is a review of an organization’s security controls, policies, and procedures.
audit
Which principle involves designing applications so their optimal security state is their default state?
Establish secure defaults
What does the principle “fail securely” mean?
When a control fails, it should default to its most secure option.
Why shouldn’t organizations trust third-party services implicitly?
Because these services often have different security policies
Which OWASP principle emphasizes avoiding unnecessarily complicated solutions?
Keep security simple.
What is the significance of the principle “avoid security by obscurity”?
Security should not rely solely on keeping details hidden.
Fill in the blank: Security controls are safeguards designed to reduce _____ security risks.
specific.
What is the role of encryption in maintaining data integrity?
It converts data from a readable format to an encoded format to prevent unauthorized access.
What does the term “biometrics” refer to in cybersecurity?
Unique physical characteristics used to verify a person’s identity.
Which element of the CIA triad ensures data is accessible to authorized users?
Availability.
What is the primary goal of business continuity in cybersecurity?
To maintain everyday productivity by establishing risk disaster recovery plans.
Fill in the blank: The principle of _____ involves multiple people following the principle of least privilege to perform critical actions.
separation of duties.
How does the principle “fix security issues correctly” help in maintaining security?
By identifying the root cause, containing the impact, and ensuring remediation is successful.
What does the “scope” of an internal security audit refer to?
Identifying people, assets, policies, procedures, and technologies that might impact an organization’s security posture.
What are some primary objectives of an internal security audit?
Determine improvements for achieving the desired security posture, avoid fines, and identify organizational risk.
