Security Frameworks

Question 1

CIS

Answer 1

Center for Internet Security

To improve cyber defenses and to develop secure configuration postures

Question 2

NIST RMF

Answer 2

National Institute of Standards
and Technology Risk
Management Framework

Mandatory for US Federal agencies and organizations that handle federal data

Question 3

CSF

Answer 3

Cybersecurity Framework

A set of guidelines and best practices for managing and reducing cybersecurity risks across all sectors.

Question 4

ISO 27001

Answer 4

International Organization
for Standardization 27001

Focuses on information security management.

Question 5

ISO 27002

Answer 5

International Organization
for Standardization 27002

Provides detailed guidance on information security controls for implementing the controls specified in ISO 27001

Question 6

ISO 27701

Answer 6

International Organization
for Standardization 27701

Focuses on protecting privacy rights and personal data within the context of an ISMS.

Question 7

ISO 31000

Answer 7

International Organization
for Standardization 31000

Focuses on risk management in general, not specifically on information security.

Question 8

SSAE SOC 2 Type I

Answer 8

Service Organization Controls Type I

A standard for auditing security controls

Evaluates controls’ suitability as of a specific date.

Question 9

SSAE SOC 2 Type II

Answer 9

Service Organization Controls Type II

A standard for auditing for security controls

Tests controls over a period of time, typically six months or more.

Question 10

Cloud control matrix

Answer 10

Cloud control matrix
Framework developed by the Cloud Security Alliance (CSA)

Focuses on cloud-specific security controls and provides a structured approach to assessing and improving cloud security.

Question 11

CSA

Answer 11

Cloud Security Alliance

A set of guidelines and best practices for managing and reducing cybersecurity risks across all sectors.