Security Roles And Controls

Question 1

Security Control Categories

Answer 1

Managerial
- overseeing design and implementation
Operational
- implemented by ppl
Technical
- implemented using systems (hardware or software)

Question 2

Security Control Types

Answer 2

Preventive (door lock, firewall)
Detective (ids, motion detector)
Corrective (IPS, backups)
Deterrent (warning signs,login banner)
Compensating (backup pwr, hot site)
Physical (fences, locks, mantraps)

Question 3

CIA

Answer 3

Confidentiality
Integrity
Availability

Question 4

NIST

Answer 4

National Institute of Standards and Technology
(Exclusively on IT security, rather than IT service provisioning)

Framework with 5 functions

Identify, Protect, detect, respond, recover

Question 5

SOC

Answer 5

Security Operations Center

Location where professionals monitor and protect critical information

Question 6

CIRT

Answer 6

Computer Incident Response Team

Question 7

Computer Security Act

Answer 7

Requires federal agencies to develop security policies for computer systems that process confidential info

Question 8

Federal Information Security Management Act

Answer 8

Governs security of data processed by federal government agencies

Question 9

Gramm-Leach-Bliley Act

Answer 9

Requires financial institutions to explain how they share and protect customers private info

Question 10

Sarbanes-Oxley Act

Answer 10

Mandates the implementation of risk assessment, internal controls and audit procedures.