Security Part 2 Flashcards

1
Q

Both the AICPA’s description and control criteria state that an entity’s cybersecurity risk assessment procedures should include what?

A
  • An ongoing process for identifying changes that would cause additional risks or alter existing risks
  • Ex: changes in technology use
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the different types of intrusion detection systems?

A
  • Network based
  • Host based
  • Protocol based
  • Application protocol based
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is a network-based intrusion detection system?

A
  • They examine all traffic on the network
  • They include 2 subtypes: Wireless IDS and network behavior analysis
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are administrative controls in a defense-in-depth strategy?

A
  • They include policies and procedures implemented by an organization to control access to the system and train employees
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is defense in depth?

A

It is a strategy to cybersecurity in which 3 different control categories are used to protect an organization’s assets:
1) Physical
2) Technical
3) Administrative

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are the trust services criteria?

A

They are used to benchmark controls in attestation and risk advisory engagements that evaluate the trust services CATEGORIES of:
- Security
- Availability
- Processing integrity
- Confidentiality
- Privacy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the COMMON CRITERIA of the TRUST SERVICES CRITERIA?

A

It is linked to the 17 COSO principles and apply to trust services criteria
- Risk assessment is part of the common critiera and it involves identifying and analyzing risks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the SUPPLEMENTAL CRITERIA of the TRUST SERVICES CRITERIA?

A
  • Change Management
  • Logical access controls
  • Systems operations
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What makes up LAYERED SECURITY?

A
  • Human security
  • Perimeter security
  • Network security
  • Endpoint security
  • Application security
  • Data security
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Layered security is part of which control in defense-in-depth?

A

Technical controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is the big picture idea behind layered security?

A
  • This approach creates overlapping protective LAYERS so that if 1 security measure fails, deeper layers will stop or slow an attack
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What must all SOC 2 engagements include?

A

The security trust services category

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which of the following types of trust services criteria apply to a SOC 2 examination for the security trust services category?

A

Common
Supplemental

How well did you know this?
1
Not at all
2
3
4
5
Perfectly