Module 2

Question 1

Security Frameworks

Answer 1

Guidelines used for building plans to help mitigate risks and threats to data and privacy

Question 2

Security Controls

Answer 2

Safeguards designed to reduce specific security risks

Question 3

Authentication

Answer 3

Process of verifying who someone or something is

Question 4

Biometrics

Answer 4

Unique physical characteristics that can be used to verify a persons identity

Question 5

Authorization

Answer 5

The concept of granting access to specific resources within a system

Question 6

Integrity

Answer 6

The data is correct, authentic, and reliable

Question 7

Availibility

Answer 7

Data is accessible to those who are authorized to access it

Question 8

Confidentiality

Answer 8

Only authorized users can access specific assets or data

Question 9

NIST Cybersecurity Framework (CSF)

Answer 9

A voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity risk

Question 10

NIST S.P. 800-53

Answer 10

A unified framework for protecting the security of information systems within the federal govenment

Question 11

NIST CSF Core Functions

Answer 11

Identify

Protect

Detect

Respond

Recover

Question 12

Identify

Answer 12

The management of cybersecurity risks and its effect on an organizations people and assets

Question 13

Protect

Answer 13

The strategy used to protect an organization through the implementation of policies, procedures, training, and tools that help mitigate cybersecurity threats

Question 14

Detect

Answer 14

Identifying potential security incidents and improving monitoring capabilities to increase the speed and efficiency of detections

Question 15

Respond

Answer 15

Making sure that the proper procedures are used to contain, neutralize, and analyze security incidents, and implement improvements to the security process

Question 16

Recover

Answer 16

The process of returning affected systems back to normal operation

Question 17

OWASP

Answer 17

Open

Web

Applications

Security

Project

Question 18

OWASP Security Principles

Answer 18

Minimize attack surface area

Principle of least privilege

Defense in depth

Separation of duties

Keep security simple

Fix security issues correctly

Question 19

Security Audit

Answer 19

A review of an organization’s security controls, policies, and procedures against a set of expectations

Question 20

Purposes of Internal Security Audits

Answer 20

Identify organizational risk

Assess controls

Correct compliance issues

Question 21

Common Elements of Internal Audits

Answer 21

Establishing the scope and goals

Conducting a risk assessment

Completing a controls assessment

Assessing compliance

Communicating results

Question 22

Audit Questions

Answer 22

What is the audit meant to achieve?

Which assets are most at risk?

Are current control sufficient to protect those assets?

What controls and compliance regulations need to be implemented?

Question 23

Control Categories

Answer 23

Administrative controls

Technical controls

Physical controls

Question 24

Stakeholder Communication

Answer 24

Summarizes scope and goals

Lists existing risks

Notes how quickly those risks need to be addressed

Identifies compliance regulations

Provides recommendations

Question 25

Audit Checklist

Answer 25

Identify the scope of the audit

Complete a risk assessment

Conduct the audit

Create a mitigation plan

Communicate results to stakeholders