Section 2 - Compliance & Audit Work Flashcards

1
Q

Why are Cybersecurity Frameworks Valuable? (Select All that Apply)

They allow an Information Security Program to Report current state to Management and External Parties.
They allow you to have a comprehensive approach to Information Security.
They allow you to outsource Information Security to a different organization.
They create infographics that make visually communicating program status easy.

A

They allow an Information Security Program to Report current state to Management and External Parties.
They allow you to have a comprehensive approach to Information Security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which of the following can be used as Cybersecurity Frameworks? (Select All that Apply)

NIST Cybersecurity Framework
SOC2
ISO 2701
PCI DSS

A

NIST Cybersecurity Framework
SOC2
ISO 2701

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the benefit of Regulations that require Information Security Controls?

Regulations force and require minimum Cybersecurity Controls and Standards.
Regulations ensure that the Government can Audit your Organization.
Regulations identify funding opportunities for Organizations.
Regulations allow businesses to transfer their Information Security Operations.

A

Regulations force and require minimum Cybersecurity Controls and Standards.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which of the Following are Audit Activity Phases? (Select All that Apply)

Audit Prep
Control Implementation Status Analysis
End-User Education
Threat Modeling
Reporting
A

Audit Prep
Control Implementation Status Analysis
Reporting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are Key Components of a Final Audit Report? (Select All that Apply)

Executive Summary
Purpose
Who was Interviewed
Flight and Travel Logistics
Auditor Professional Credentials
Control Compliance Status
Risk Analysis for Missing Controls
Scope of Audit
A
Executive Summary
Purpose
Who was Interviewed
Control Compliance Status
Scope of Audit
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is Shadow IT?

Technology that is located in the Datacenter.
Technology that is located at Remote Sites.
Technology that has gone End of Life.
Technology that was implemented outside of IT and “Normal Processes”.

A

Technology that was implemented outside of IT and “Normal Processes”.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is Cyber Resiliency?

The intent of ensuring an organization is Secure.
The intent of ensuring an organization can continue to operate during an incident.
The intent of having defense in depth.
The intent of being unhackable.

A

The intent of ensuring an organization can continue to operate during an incident.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the NIST Special Publication 800-53 Document used for?

It explains how to build an Information Security Program.
It is a Cybersecurity Control Dictionary to understand what Controls can be implemented at an Organization.
It demonstrates the approach to maturing a Cybersecurity Program.
It illustrates how to perform a Cybersecurity Audit.

A

It is a Cybersecurity Control Dictionary to understand what Controls can be implemented at an Organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are 3 Audit Techniques for Data Collection? (Select All that Apply)

Interviewing
Threat Modeling
Document Review
System Testing
Risk Analysis
A

Interviewing
Documentation Review
System Testing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

If you determine a Control is NOT implemented, what does that mean?

The Control exists but is not implemented fully across the Org.
The Control is fully implemented and working across the Org.
The Control is an Administrative Control and doesn’t require technology to be implemented.
The Control is fully absent at the Org.

A

The Control is fully absent at the Org.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

In the Audit Cycle - specifically with Reporting, how is a Report typically Outlined?

A
Executive Summary
Purpose of the Audit
Scope of the Audit
Who was Involved, Interviewed
What you are Auditing
Results of the Audit
Conclusion
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What NIST Special Publication is used to Prep an Audit - Collecting Data, Responses, Dispositions, Evidence Collected?

A

NIST Special Publication 800-171 Sheet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly