Security Frameworks and Controls

Question 1

What are security frameworks?

Answer 1

Guidelines used for building plans to help mitigate risk and threats to data and privacy. They help organizations adhere to compliance laws and regulations.

Question 2

What are security controls?

Answer 2

Safeguards designed to reduce specific security risks. They are measures organizations use to lower risk and threats to data and privacy.

Question 3

What is the Cyber Threat Framework (CTF)?

Answer 3

A U.S. government framework that provides a common language for describing and communicating information about cyber threat activity, helping professionals analyze and share information efficiently.

Question 4

What is ISO/IEC 27001?

Answer 4

An international framework that enables organizations to manage the security of assets like financial information, intellectual property, employee data, and information entrusted to third parties.

Question 5

What are physical controls? Give examples.

Answer 5

Security measures you can physically touch:

• Gates, fences, and locks
• Security guards
• CCTV and surveillance cameras
• Access cards or badges

Question 6

What are technical controls? Give examples.

Answer 6

Technology-based security measures:

• Firewalls
• Multi-factor authentication (MFA)
• Antivirus software

Question 7

What are administrative controls? Give examples.

Answer 7

Procedural security measures:

• Separation of duties
• Authorization
• Asset classification

Question 8

How do controls relate to security goals?

Answer 8

Controls are used alongside frameworks to:

• Prevent security issues
• Detect security issues
• Correct security issues

Question 9

What is an example of how frameworks and controls work together?

Answer 9

In healthcare, organizations use frameworks to comply with HIPAA, while implementing specific controls like MFA to protect patient medical records.