Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

02 Play it safe: Manage Security Risks > WK 2 More about Frameworks and Controls > Flashcards

WK 2 More about Frameworks and Controls Flashcards

1
Q

Security Frameworks

A

guidelines used for building plans to help mitigate risk and threats to data and privacy. Frameworks support organizations’ ability to adhere to compliance laws and regulations. For example, the healthcare industry uses frameworks to comply with the United States’ Health Insurance Portability and Accountability Act (HIPAA), which requires that medical professionals keep patient information safe.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Security Controls

A

Safeguards designed to reduce specific security risks. Security controls are the measures organizations use to lower risk and threats to data and privacy. For example, a control that can be used alongside frameworks to ensure a hospital remains compliant with HIPAA is requiring that patients use multi-factor authentication (MFA) to access their medical records. Using a measure like MFA to validate someone’s identity is one way to help mitigate potential risks and threats to private data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

3 Common types of Security Security Controls

Encryption

A

Encryption is the process of converting data from a readable format to an encoded format. Typically, encryption involves converting data from plaintext to ciphertext. Ciphertext is the raw, encoded message that’s unreadable to humans and computers. Ciphertext data cannot be read until it’s been decrypted into its original plaintext form.

Encryption is used to ensure confidentiality of sensitive data, such as customers’ account information or social security numbers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

3 Common types of Security Security Controls

Authentication

A

Authentication is the process of verifying who someone or something is. A real-world example of authentication is logging into a website with your username and password. This basic form of authentication proves that you know the username and password and should be allowed to access the website.

More advanced methods of authentication, such as multi-factor authentication, or MFA, challenge the user to demonstrate that they are who they claim to be by requiring both a password and an additional form of authentication, like a security code or biometrics, such as a fingerprint, voice, or face scan.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

3 Common types of Security Security Controls

Authorisation

A

Authorisation refers to the concept of granting access to specific resources within a system. Essentially, authorisation is used to verify that a person has permission to access a resource.

As an example, if you’re working as an entry-level security analyst for the federal government, you could have permission to access data through the deep web or other internal data that is only accessible if you’re a federal employee.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Cyber Threat Framework (CTF)

A

According to the Office of the Director of National Intelligence, the CTF was developed by the U.S. government to provide “a common language for describing and communicating information about cyber threat activity.” By providing a common language to communicate information about threat activity, the CTF helps cybersecurity professionals analyze and share information more efficiently. This allows organizations to improve their response to the constantly evolving cybersecurity landscape and threat actors’ many tactics and techniques.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) 27001

A

An internationally recognized and used framework is ISO/IEC 27001. The ISO 27000 family of standards enables organizations of all sectors and sizes to manage the security of assets, such as financial information, intellectual property, employee data, and information entrusted to third parties. This framework outlines requirements for an information security management system, best practices, and controls that support an organization’s ability to manage risks. Although the ISO/IEC 27001 framework does not require the use of specific controls, it does provide a collection of controls that organizations can use to improve their security posture.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Controls

A

Controls are used alongside frameworks to reduce the possibility and impact of a security threat, risk, or vulnerability. Controls can be physical, technical, and administrative and are typically used to prevent, detect, or correct security issues.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Controls

Examples of physical controls

A

Gates, fences, and locks

Security guards

Closed-circuit television (CCTV), surveillance cameras, and motion detectors

Access cards or badges to enter office spaces

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Controls

Examples of technical controls

A

Firewalls

MFA

Antivirus software

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Controls

Examples of administrative controls

A

Separation of duties

Authorization

Asset classification

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

02 Play it safe: Manage Security Risks (10 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions