Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CISSP > Section 5: Risk Frameworks > Flashcards

Section 5: Risk Frameworks Flashcards

1
Q

NIST SP 800-37 RMF

A

Risk Management Framework for Information Systems and Organizations
Provides a flexible 7 step process for managing security and privacy risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

NIST RMF 7 steps

A

PREPARE- identify different roles, strategies, control providers
CATEGORIZE- identify all of the organizational assets and categorize them in terms of risk, value, and document them
SELECT- the initial security controls necessary to protect the information system and organization
IMPLEMENT- Deploy security controls and document how they are used
ASSESS- Test the effectiveness of the controls and comply with governance
AUTHORIZE- require a senior management official to take accountability for the residual risk
MONITOR- ongoing evaluation of security effectiveness against organizational and system related changes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

ISO 31000

A

Risk management framework that provides a common approach to managing any type of risk within any industry
8 principles

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

ISO 31000 Principles

A

Integrated
Structured and Comprehensive
Customized
Inclusive
Dynamic
Best Available Information
Human and Cultural Factors
Continual Improvement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

COSO

A

Committee of Sponsoring Organizations
Enterprise risk management framework focused on corporate governance
Often used to comply with SOX 404 requirements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

COSO Components

A

Governance & Culture
Strategy & Objective Setting
Performance
Review & Revision
Information, Communication & Reporting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

NIST CSF

A

NIST Cybersecurity Framework
Risk management and reduction framework based on existing standards, guidelines, and industry best practices
Voluntary and not required by any organization, authorizing, or accrediting body

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

NIST CSF Core

A

Activities, implementations, and functions designed to achieve the desired cybersecurity outcomes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

NIST CSF Tiers

A

Characterize how the core activities align with the desired cybersecurity outcomes
Tier 1 - Partial
Tier 2 - Risk Informed
Tier 3 - Repeatable
Tier 4 - Adaptive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

NIST CSF Profiles

A

Alignment of requirements, objectives, implementations, and risk tolerance to the desired cybersecurity outcomes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

NIST CSF Framework Steps

A

Identify
Protect
Detect
Respond
Recover

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly

CISSP (4 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions