Module 3 - 01-1

Question 1

Define Security Frameworks

Answer 1

Guidelines used for building plans to help mitigate risks and threats to data and privacy

Question 2

Define Security Lifecycle

Answer 2

A constantly evolving set of policies and standards that define how an organization manages risks, follows established guidelines, and meets regulatory compliance, or laws

Question 3

What is the Purpose of Security Frameworks (5)?

Answer 3

• Protecting personally identifiable information (PII)
• Securing financial information
• Identifying security weaknesses
• Managing organizational risks
• Aligning security with business goals.

Question 4

How many Core Components does the Security Framework have?

Answer 4

Four (4)

Question 5

What are the Core Components of Security Frameworks (4)?

Answer 5

1. Identifying and documentation security goals
2. Setting guidelines to achieve security goals
3. Implementing strong security processes
4. Monitoring and communicating results

Question 6

Frameworks allow ____

Answer 6

analysts to work alongside other members of the security team to document, implement, and use the policies and procedures that have been created.

It’s essential for an entry-level analyst to understand this process because it directly affects the work they do and how they collaborate with others.

Question 7

Define Security Controls

Answer 7

Safeguards designed to reduce specific security risks

Question 8

Security frameworks and controls are ___

Answer 8

vital to managing security for all types of organizations and ensuring that everyone is doing their part to maintain a low level of risk

Question 9

Define the CIA Triad

Answer 9

A foundational cybersecurity model that helps inform how organizations consider risk when setting up systems and security policies

Question 10

What does CIA stand for?

Answer 10

• Confidentiality
• Integrity
• Availability

Question 11

Define Confidentiality

Answer 11

Only authorized users can access specific assets or data

Question 12

Define Integrity

Answer 12

Data is correct, authentic, and reliable

Question 13

Define Availability

Answer 13

Data is accessible to those who are authorized to access it

Question 14

Define Asset

Answer 14

An item perceived as having value to an organization

Question 15

Define Value

Answer 15

Determined by the cost associated with the asset in question

Question 16

What does NIST stand for?

Answer 16

National Institute of Standards and Technology
(NIST)
(U.S. Based Agency)

Question 17

Define NIST

Answer 17

A U.S.-based agency that develops multiple voluntary compliance frameworks that organizations worldwide can use to help manage risk

Question 18

What does CSF stand for?

Answer 18

The Cybersecurity Framework
(CSF)

Question 19

What does NIST CSF stand for?

Answer 19

National Institute of Standards and Technology:
the Cybersecurity Framework
(NIST CSF)
(U.S. Based Agency)

Question 20

Define NIST CSF

Answer 20

A voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity risk.
(security teams use it as a baseline to manage short & long-term risk)

Question 21

Define Compliance

Answer 21

The process of adhering to internal standards and external regulations

Question 22

What does RMF stand for?

Answer 22

The Risk Management Framework
(RMF)

Question 23

What does NIST RMF stand for?

Answer 23

National Institute of Standards and Technology:
the Risk Management Framework
(NIST RMF)

Question 24

What does FERC-NERC stand for?

Answer 24

The Federal Energy Regulatory Commission -
North American Electric Reliability Corporation
(FERC-NERC)

Question 25

Define FERC-NERC

Answer 25

A regulation that applies to organizations that work with electricity or that are involved with the U.S. and North American power grid.
They are also legally required to adhere to the Critical Infrastructure Protection (CIP) Reliability Standards defined by the FERC.

Question 26

What does CIP stand for?

Answer 26

Critical Infrastructure Protection (CIP) Reliability Standards defined by the FERC

Question 27

What does FedRAMP® stand for?

Answer 27

The Federal Risk and Authorization Management Program
(FedRAMP®)

Question 28

Define FedRAMP

Answer 28

A U.S. federal government program that standardizes security assessment, authorization, monitoring, and handling of cloud services and product offerings

Question 29

What does CIS stand for?

Answer 29

Center for Internet Security
(CIS®)

Question 30

Define CIS

Answer 30

A nonprofit with multiple areas of emphasis.
It provides a set of controls that can be used to safeguard systems and networks against attacks.

Question 31

What does GDPR stand for?

Answer 31

E.U.’s General Data Protection Regulation
(GDPR)

Question 32

Define GDPR

Answer 32

A data protection law established to grant European citizens more control over their personal data.

A European Union (E.U.) general data regulation that protects the processing of E.U. residents’ data and their right to privacy in and out of E.U. territory

Question 33

What does PCI DSS stand for?

Answer 33

Payment Card Industry Data Security Standard
(PCI DSS)

Question 34

Define PCI DSS

Answer 34

An international security standard meant to ensure that organizations storing, accepting, processing, and transmitting credit card information do so in a secure environment

Question 35

What does HIPAA stand for?

Answer 35

The Health Insurance Portability and Accountability Act

Question 36

Define HIPAA

Answer 36

A U.S. federal law established in 1996 to protect patients’ health information. This law prohibits patient information from being shared without their consent.

Question 37

What three rules govern HIPAA?

Answer 37

1. Privacy
2. Security
3. Breach notification

Question 38

What does PHI stand for?

Answer 38

Protected Health Information (PHI)

Also known as Patients’ Health Information

Question 39

What does PHI relate to?

Answer 39

The past, present, or future physical or mental health or condition of an individual, whether it’s a plan of care or payments for care

Question 40

What does HITRUST® stand for?

Answer 40

Health Information Trust Alliance (HITRUST®)

Question 41

Define HITRUST

Answer 41

A security framework and assurance program that helps institutions meet HIPAA compliance

Question 42

What does ISO stand for?

Answer 42

International Organization for Standardization (ISO)

Question 43

Define ISO

Answer 43

To establish international standards related to technology, manufacturing, and management across borders

Question 44

What does (Accounting) SOC stand for?

Answer 44

System and Organizations Controls (SOC)
(SOC type 1 ; SOC type 2)

Question 45

What does AICPA stand for?

Answer 45

American Institute of Certified Public Accountants® (AICPA)

Question 46

Who developed (Accounting) SOC?

Answer 46

The American Institute of Certified Public Accountants® (AICPA) auditing standards board developed this standard.

Question 47

Define (Accounting) SOC

Answer 47

The SOC1 and SOC2 are a series of reports that focus on an organization’s user access policies at different organizational levels such as:
* Associate
* Supervisor
* Manager
* Executive
* Vendor
* Others
They are used to assess an organization’s financial compliance and levels of risk. They also cover confidentiality, privacy, integrity, availability, security, and overall data safety.

Question 48

Define United States Presidential Executive Order 14028

Answer 48

On May 12, 2021, President Joe Biden released an executive order related to improving the nation’s cybersecurity to remediate the increase in threat actor activity. Remediation efforts are directed toward federal agencies and third parties with ties to U.S. critical infrastructure.

Question 49

A security _____ is a set of guidelines used for building plans to help mitigate risk and threats to data and privacy.

Answer 49

framework

Security frameworks are guidelines used for building plans to help mitigate risk and threats to data and privacy.

Question 50

An organization requires its employees to complete a new data privacy training program each year to reduce the risk of a data breach. What is this training requirement an example of?

Security control
Data confidentiality
Personally identifiable information (PII) Cybersecurity Framework (CSF)

Answer 50

Security Control

Security controls are safeguards designed to reduce specific security risks.

Question 51

What is a foundational model that informs how organizations consider risk when setting up systems and security policies?

General Data Protection Regulation law (GDPR)
Sensitive personally identifiable information (SPII)
Cybersecurity Framework (CSF)
Confidentiality, integrity, and availability (CIA) triad

Answer 51

Confidentiality, integrity, and availability (CIA) triad

The CIA triad is a foundational model that helps inform how organizations consider risk when setting up systems and security policies.

Question 52

True or False?
Security teams use the NIST Cybersecurity Framework (CSF) as a baseline to manage short and long-term risk.

Answer 52

True

Security teams use the NIST CSF as a baseline to manage short and long-term risk. The CSF is a voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity risk.