6.3/6.4 Key Concepts Collect security process data (e.g., technical, and administrative)/Analyze test output and generate report Flashcards
Domain 6 (7 cards)
is the process of ensuring that user accounts have the appropriate permissions and access levels to perform their job functions
Account management
are quantifiable measurements used to gauge an organization’s performance in achieving
its cybersecurity objectives and goals.
Key performance indicators (KPI)
- Focus on effectiveness and efficiency of security processes
- Measure the success of security initiatives and programs
- Often tied to specific security objectives or strategies
- Used to track progress and demonstrate value of security investments
Key characteristics for Key Performance Indicators (KPI)
are metrics used to measure and monitor specific risk factors that could impact an
organization’s cybersecurity posture. They serve as early warning signals for potential security
issues.
Key Risk Indicators (KRI)
- Focus on potential threats and vulnerabilities
- Used to identify emerging risks or changes in risk levels
- Often predictive in nature, helping to anticipate future security issues
- Aligned with the organization’s risk management framework
Key Risk Indicators (KRI)
enable individuals and organizations to report security
vulnerabilities or weaknesses they have discovered to the affected software/app vendor.
When vulnerabilities are reported, the vendor receiving the report is expected to investigate
and, if necessary, take appropriate steps to address the issue.
Ethical disclosure programs
A monetary reward given to ethical hackers for successfully discovering and
reporting a vulnerability or bug to the application’s developer. Bug bounty programs
allow companies to leverage the hacker community to improve their systems’ security
posture over time, continuously through ethical disclosure.
Bug bounty
