SafeGuards v.1 Flashcards

1
Q

CIS Control 2: Inventory and Control of Software Assets

A

Safeguards:
Maintain a current list of all software.
Implement software whitelisting.
Enforce strict controls on software installation.

Implementation Group: All IGs
Function: Identify, Protect

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
1
Q

CIS Control 1: Inventory and Control of Hardware Assets

A

Safeguards:
Keep an up-to-date list of all hardware devices.
Use automated tools to track hardware inventory.
Restrict access to hardware assets.

Implementation Group: All IGs
Function: Identify, Protect

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

CIS Control 3: Continuous Vulnerability Management

A

Safeguards:
Regularly scan for vulnerabilities.
Establish a patch management process.
Monitor vulnerability reports.

Implementation Group: All IGs
Function: Detect, Respond

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

CIS Control 4: Controlled Use of Administrative Privileges

A

Safeguards:
Follow least privilege principles.
Use multi-factor authentication for admins.
Log and monitor admin activities.

Implementation Group: All IGs
Function: Protect, Detect

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

CIS Control 5: Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers

A

Safeguards:
Develop standard security configurations.
Regularly audit and enforce configurations.
Apply security patches promptly.

Implementation Group: All IGs
Function: Protect, Detect

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

CIS Control 6: Maintenance, Monitoring, and Analysis of Audit Logs

A

Safeguards:
Enable audit logging on all systems.
Centralize log management.
Regularly review logs for suspicious activities.

Implementation Group: All IGs
Function: Detect, Respond

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

CIS Control 7: Email and Web Browser Protections

A

Safeguards:
Implement email filtering.
Train users on identifying phishing attempts.
Use web content filtering.

Implementation Group: All IGs
Function: Protect, Detect

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

CIS Control 8: Malware Defenses

A

Safeguards:
Deploy anti-malware software.
Use application whitelisting.
Sandbox suspicious files.

Implementation Group: All IGs
Function: Protect, Detect

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

CIS Control 9: Limitation and Control of Network Ports, Protocols, and Services

A

Safeguards:
Disable unnecessary ports and services.
Implement network segmentation.
Use firewalls to control traffic.

Implementation Group: All IGs
Function: Protect, Detect

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

CIS Control 10: Data Recovery Capability

A

Safeguards:
Perform regular data backups.
Test backup and recovery procedures.
Store backups securely offsite.

Implementation Group: All IGs
Function: Recover

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

CIS Control 11: Secure Configuration for Network Devices, such as Firewalls, Routers, and Switches

A

Safeguards:
Apply firmware updates regularly.
Disable unused services and interfaces.
Use strong authentication for device access.

Implementation Group: All IGs
Function: Protect, Detect

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

CIS Control 12: Boundary Defense

A

Safeguards:
Use intrusion detection/prevention systems.
Configure firewalls to filter traffic.
Monitor network traffic for anomalies.

Implementation Group: All IGs
Function: Protect, Detect

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

CIS Control 13: Data Protection

A

Safeguards:
Encrypt sensitive data.
Implement data loss prevention solutions.
Enforce strict access controls.

Implementation Group: All IGs
Function: Protect, Detect

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

CIS Control 14: Controlled Access Based on the Need to Know

A

Safeguards:
Implement role-based access controls.
Regularly review access permissions.
Enforce least privilege.

Implementation Group: All IGs
Function: Protect, Detect

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

CIS Control 15: Wireless Access Control

A

Safeguards:
Use strong encryption for wireless networks.
Regularly scan for rogue access points.
Enforce authentication for wireless access.

Implementation Group: All IGs
Function: Protect, Detect

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

CIS Control 16: Account Monitoring and Control

A

Safeguards:
Implement user account management policies.
Monitor user account activities.
Disable or remove unused accounts promptly.

Implementation Group: All IGs
Function: Protect, Detect

16
Q

CIS Control 17: Security Skills Assessment and Appropriate Training to Fill Gaps

A

Safeguards:
Provide regular security awareness training.
Conduct skills assessments.
Encourage reporting of security incidents.

Implementation Group: All IGs
Function: Identify, Protect

17
Q

CIS Control 18: Application Software Security

A

Safeguards:
Implement secure coding practices.
Regularly review code for security issues.
Keep software up-to-date with patches.

Implementation Group: All IGs
Function: Protect, Detect