Module 6 Flashcards
information security policies - do they need to be reviewed, if so how often
are to be reviewed and evaluated periodically ( at least annually) or if any changes occur with the facility that affects an approved policy statement
who is the key owner of security policies
Information Security Officer (ISO) is the key owner. policy reviews and encouraging engagement is this persons responsibility
mobile device policy - what are we doing here
develop specific policies, plans, and procedures to address members of the workforce who use mobile devices
information security policies are to be reviewed and evaluated how often
periodically, at least annually
general goal of web application pen testing?
gain unauthorized access to client data within the application
security audit functions should always stay independent of:
- environmental controls
- policy controls
- risk assessments
- operational and change management functions
operational and change management functions
segregation of information security duties are important because it
reduces the risk of accidental or deliberate system misuse
risk assessment is done how often
at least once a year and must result in a comprehensive risk analysis report and recommended safeguards and prioritize risks and vulnerabilities
risk management - one responsibility is
define a timeline to react to notifications of potentially relevant technical vulnerabilities
what is one thing that information security incident management should do
implement training that augments the certification or other qualifications of workforce members and use tools so as to strengthen the value of the preserved evidence
one of the changes between 1.1 and `1.2 of NIST cybersecurity framework was a change in the identify function, what was it
supplier chain risk management
