Day 3 -12/24/2018

Question 1

Governance vs Management

Answer 1

Governence (board of directors) - financial/stakeholders/compliance

E D M
evaluate
direct
monitor

Management -administrative daily tasks as guided by Governence 
(PBRM)
PLAN
BUILD 
RUN 
Monitor

Question 2

SCA

Answer 2

SCA
security control assessment
to evaluate security infratructure against a baseline
NIST 800-53A

Question 3

LAst step of Risk Ana,ysis

Answer 3

Risk Analysis

Question 4

cobit vs coso

Answer 4

Control objectives , security goals for IT where

in COSO its for full organizations

Question 5

itil ,SDTOC

Answer 5

best practices for it services management 
5 service management publications
>strategy
>design
>transition
>operation
>continual improvement

Question 6

OCTAVE

Answer 6

operationally critical threat asset and vulnerability evaluation
> identfy threats
> identify vulnerabilities
> risk analysis and mitigation

Question 7

purpose of exit interview

Answer 7

> to review the formal restrictions

> reminder about NDA

Question 8

Risk related all works done by management

Answer 8

bu safeguards or countermeasures are decided by sr management

Question 9

prevent collusion

Answer 9

> seperation > job rotation >job responsibilities

Question 10

Quantitive risk analysis procedures

Answer 10

> asset valuation AV
threat identification of each , for each threat calculate EF and SLE
Frequency of risk. ARO
derive loss potential ALE
research countermeasures for each threat
perform a cost benefit analysis