Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Cyber 680 - Quiz 2 > Module 4 - Government and Industry Regulations and Guidance > Flashcards

Module 4 - Government and Industry Regulations and Guidance Flashcards

1
Q

National Security Council offices to assist Federal government

A

Continuity of Operations

Cyber Security and Information Sharing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Executive Orders to improve infrastructure

A
  • Presidential Policy Directive 1
  • National Security Directive 42
  • Executive Order – Improving Critical Infrastructure Cybersecurity
  • Executive Order 23549
  • Executive Order 13563
  • Executive Order 13609
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Organizations assisting in securing IS (name 9)

A
  • Information Security Oversight Office, which is part of the National Archives and Records Administration
  • Department of Commerce and the National Institute of Standards and Technology
  • Department of Homeland Security
  • US Federal Cyber Center
  • FEMA
  • Department of Defense
  • Department of Justice
  • Secret Service
  • Government Accountability Office
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Trade Organizations with security concerns

A

American Bar Association (ethical related to sharing)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Presidential Policy Directive 1

A

2009

  • Established National Security Council (NSC)
  • References National Security Act of 1947
  • Scope includes domestic, foreign, military, intelligence and economic.
  • day to day crisis management
  • Adds Associate Director of the office of Science and Technology Policy
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

National Security Directive 42

A

National Policy for the Security of National Security Telecommunications and Information Systems July 5, 1990

Establishes the NSTISSC (Security Committee) chaired by Assistant Secretary of DoD

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

NSC org chart

A
  • under National Economic Advisor until 2008
  • then under Homeland Security Advisor (DHS) who oversaw Continuity of Operations and Cyber Security and Info Sharing offices.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Executive Order – Improving Critical Infrastructure Cybersecurity

A
  • National & Economic Security
  • Reliability of critical infrastructure
  • Safety, Security, Confidentiality, Privacy, and civil liberties.
  • “Critical Infrastructure”
  • Economic security
  • Public Health
  • Safety
  • Section 4 deals with Cyber Security Information Sharing
  • Section 5 - Privacy and Civil Liberties Protections
  • Section 6 - Consultative Process
  • Section 7 - Baseline Framework to Reduce Cyber Risk to Critical Infrastructure
  • Section 8 - Voluntary Critical Infrastructure Cyber Security Program
  • Section 9 - Identification of Critical Infrastructure at Greatest Risk
  • Section 10 - Adoption of Framework
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Critical Infrastructure under Executive Order

A

systems and assets whether physical or virtual, so vital … that the incapacity or destruction of such systems and assets would have a debilitating impact on security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Executive Order 23549

A

Established program to safeguard and govern sharing of classified National Security Information with state, local, tribal, and private sector (stltps)
National Security Advisor
Director of the Information Security Oversight Office (ISOO)

ISOO within NARA (National Archives and Records Administration) - receives guidance from NSC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

ISOO (3 components)

A

Classification Management Staff
Operations Staff
Controlled Unclassified Information (CUI) office

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Executive Order 13563

A

Improving Regulation and Regulatory Review

- adopt reasoned regulation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Executive Order 13609

A

Promoting International Regulatory Coorperation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

US Federal Cyber Center

A 
- overlapping of roles
(Intelligence
Law Enforcement / Counterintelligence
Defense
Civil)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

FEMA

A
  • information regarding protecting under cyberattack (general info)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

OMB Memo M-10-28

A
  • clarified Cyber Security responsibilities and Activities of the EOP and the DHS
  • EOP, deals with FISMA , budget, oversight, coordinations with Cyber Security Coordinator.
17
Q

Trusted Internet Connections

A 
OMB M-08-05
OMB M-08-16
OMB M-08-26
OMB M-08-27
M-09-32
18
Q

Federal Agency Cyber Reporting

A

DOC (NIST)
DOD
DHS
DOJ

19
Q

Investigative Organizations

A

DHS: National Cyber Security Division (NCSD), US-CERT
DOJ: FBI (Cyber Division), US Attorneys, CCiPS
Secret Service: Electronic Crimes Task Force
DoD: USCYBERCOM, DISA, Defense CyberCrimes Center (DCFL, DCITA, AG, DCISE, DCCI)

DoD Defense Industrial Base Collaborative Information Sharing Environment (DCISE)**

20
Q

Government Oversight

A 
OMB
DoC - NIST
DHS
DoD
DOJ
21
Q

Emerging Regulations

A 
Critical Infrastructure - DHS
Financial - Treasure
Health - HHS
Commerce _ DOC
Energy - DOE, Nuclear Regulatory Commission
22
Q

Mobile Privacy Concerns

A

FDA

FTC

23
Q

GAO

A

Government Accountability Office

  • independent, nonpartisan, reporting to Congress
  • Report February 2013 - on cybersecurity
  • recommended Comprehensive National Cybersecurity Initiative (CNCI)
  • Whitehouse cyber Coordinator
24
Q

Comprehensive National Cybersecurity Initiative (CNCI)

A

1) Trusted Internet Connections
2) EINSTEIN 2 - passive sensors
3) EINSTEIN 3 - IPS
4) R&D
5) Connect Cyber Centers
6) Cyber Counterintelligence Plan
7) Security of Classified Networks
8) Expand Education (offensive and defensive)
9) Lead-Ahead Technology
10) Deterrence Strategies and Programs
11) Global Supply Chain Risk Management
12) Public and Private Partnerships “Project 12”

25
Q

Federal Information Processing Standards (FIPS)

A 
- FIPS 199 - defines risk levels
Confidentialiy, Integrity, Availability
Low Moderate High
MOnitor and 
- six step framework:
Categorize
Select
Implement
Assess
Authorize
Monitor
26
Q

NIST 800-53

A

define controls

  • Plan of Action & Milestones
  • control list

Common Controls
System-specific controls
Hybrid Controls

Trustworthiness Model
Control Families :
access control, incident response

27
Q

NIST 800-53 Computer Forensics Related Controls

A

incident response (IR-5 Incident Monitoring, IR-6 Incident Reporting)
audit and accountability (AU-2 - Audit Events, AU-11 Audit Record Retention)
configuration management (CM-10 Software Usage Restrictions, CM-11 User-Installed Software)
system and information integrity
media protection
maintenance (MA)

28
Q

Control Validations

A

controls validated through certification testing

Senior Agency

29
Q

NIST 800-53

A

Privacy Controls

30
Q

Industry Associations

A 
UN
ABA
US Chamber of Commerce
Universities
.....
31
Q

American Bar Association

A

contractual duties to protect client data, shared responsibility when contracting for

  • prevent client confidences from being disclosed to third parties
  • retain an expert consultant who does have such competence.

Ethics 20/20 proposal (risk analysis)

32
Q

Interconnection Security Agreements

A

-

Cyber 680 - Quiz 2 (2 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions