Chapter 3.1 Flashcards
Vendor specific
Vendor specific guides provide instructions on how to install and securely configure hardware and software specifically for a certain vendor.
Regulatory
Regulatory frameworks are based on specific laws and regulations and ensure compliance of those standards. They are highly controlled and regulated. Medical records are governed by regulatory laws.
Industry specific
Industry-specific frameworks are governed according to the type of product provided. Financial information is covered under industry specific standards.
Non-regulatory
A non-regulatory framework is not enforced by a law or statute. Instead, non-regulatory frameworks identify their own standards and best practices to meet company needs and be successful.
General purpose guide
General purpose guides help increase security in hardware and software by providing instructions to configure a system based on roles and appliance.
User training
User training teaches users new functionality as well as proper policies and procedures for company and software.
International
International frameworks are governed by international standards and are to be implemented globally versus nationally.
NIST
The National Institute of Standards and Technology framework regulates the cybersecurity risks and activities in the United States. It is part of the U.S. Department of Commerce and considered a national framework.
Defense-in-depth
Defense-in-depth uses a combination of control types for control diversity. Currently, technical preventive and administrative detective controls are in place. Adding a door lock adds a physical deterrent control, and a backup system adds a technical correction control.
Administrative
Administering penetration tests on an application to avoid attacks is an administrative control. Administrative controls are mandated by company policy.