5.1 & 5.2 Flashcards
Control Categories
Managerial Controls
Operational Controls
Technical Controls
What control is responsible for the address security design and implementation
Managerial controls
Who implements operational controls
People associated with the operational control
True or False technical controls are implemented via systems
True
What are the 6 control types
Preventive, Detective, Corrective, Deterrent, Compensating, and Physical
Motion Detectors, IDS/IPS are all part of what control type
Detective
What are some attributes of a preventive control
Physically control access
Door lock
Security guards
Firewall
What access control is meant to mitigate damage
Corrective control
Is the purpose of deterrent controls to discourage intrusion attempts? If, so list an attribute or method you would associate with deterrent controls. If the answer is not deterrent give the correct choice
Yes, that is the purpose. The use of security signs or a login banner
This controls uses physical means like a fence or man traps
Physical security control
What control type does not prevent an attack but instead initiates a restoration process like a backup power system or re-image
Compensating security control
What is the CIS and what is it purpose
Center for Internet Security. It’s job is to improve cyber defenses. One way it improves cyber defense is through the twenty key actions
What is the NIST RMF.
National Institute of Standards and Technology.
What are the six steps of the NIST RMF
– Step 1: Categorize - Define the environment
– Step 2: Select - Pick appropriate controls
– Step 3: Implement - Define proper implementation
– Step 4: Assess - Determine if controls are working
– Step 5: Authorize - Make a decision to
authorize a system
– Step 6: Monitor - Check for ongoing compliance
What is the purpose of the National Institute Standards and Technology Cyber Security Framework
(NIST CSF)
Is a framework that helps organizations manage their cyber security risks.