Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Information Security > National Institute of Standards Technology (NIST) > Flashcards

National Institute of Standards Technology (NIST) Flashcards

1
Q

NIST

A

Founded in 1901 as an agency within the US Commerce Department’s Technology Administration, NIST develops standards and guidelines for use with federal computer systems government wide.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

The NIST document are available within what clusters ?

A 
 FIPS Publications
 Special Publications (SP)
 Interagency Reports (IR)
 Information Technology Laboratory (ITL)
 Security Bulletins
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

The below parts for NIST Framework is used for
 The Framework Core
 The Framework Profile
 The Framework Implementation Tiers

A

Providing high level taxonomy of cybersecurity outcomes and methodology for access and management of the outcome

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

NIST framework relies upon effective risk management and can use many standard risk management methodologies, such as

A

ISO 31000, ISO 27005 or NIST SP800-39.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are the core functions of NIST framework

A

 Identify – develop the organisational understanding to manage cyber security risk to systems, applications, and data
 Protect – implement safeguards to ensure the secure delivery of infrastructure services
 Detect – implement the appropriate activities to take action on a cyber security event
 Respond – develop & implement appropriate activities to take action regarding a detected cyber security event
 Recover – maintains plans for resilience and to restore any services impacted by a cyber security event

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are the 4 tiers to characterise the ‘current state’ of an organisation’s cybersecurity practices

A

 Tier 1 (Partial): Informal cybersecurity risk management practices; ad hoc and reactive approach to risk management.
 Tier 2 (Risk Informed): Management-approved risk management processes, awareness of risk at organisational level, but lack of organisation-wide approach.
 Tier (Repeatable): Risk management processes expressed as policy, organisation-wide approach to manage cybersecurity risk, risk informed policies, processes and procedures.
 Tier 4 (Adaptive): Adaptable cybersecurity practices based on lessons learnt and predictive indicators, continuous improvement incorporating advanced technologies and practices, active sharing of
information with partners both before and after cyber security events.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the meaning of FIPS

A

Federal Information Processing Standards

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

FIPS Publications are issued by NIST after approval by

A

The Secretary of Commerce

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

FIPS 140-2 is for the

A

Security requirements for cryptographic modules

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

FIPS 197 is for

A

Advanced Encryption Standard (AES)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Information Security (10 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions