Cybersecurity Domains: Risk Management Overview

Questions and Answers

Which element is NOT a part of the security and risk management domain that impacts an organization's security posture?

Business continuity plans

Risk mitigation processes

Professional training programs (correct)

Compliance

What is the primary focus of information security (InfoSec) in the context of the security and risk management domain?

Establishing social media guidelines

Enhancing organizational profits

Developing compliance requirements

Securing information and managing incidents (correct)

Which factor is a critical consideration when developing a business continuity plan?

Organizational marketing strategies

Incidents of employee misconduct

Management of critical assets and data (correct)

Social responsibility initiatives

Which of the following is a process typically associated with security and risk management?

Incident response

What does the compliance element of security and risk management primarily ensure?

Adherence to governmental and trade organization requirements

Which factor represents a risk that originates outside of an organization?

External risk

Which of the following is a characteristic of a vulnerability?

It is a weakness that can be exploited by a threat.

What is true about multiparty risk?

It involves third-party vendors having access to sensitive information.

Which risk was introduced in the OWASP updates between 2017 and 2021?

Insecure design

What does a basic formula for determining risk include according to the information provided?

Risk equals the likelihood of a threat.

Study Notes

Security Domains

• Cybersecurity analysts explore different security domains.
• CISSP outlines eight security domains.
• The first domain is Security and Risk Management.

Security and Risk Management

• An organization's ability to defend assets and react to change is called security posture.
• Elements affecting security posture:
  • Security goals and objectives
  • Risk mitigation processes
  • Compliance with industry requirements
  • Business continuity plans
  • Legal regulations
  • Professional and organizational ethics

Information Security (InfoSec)

• InfoSec is a set of processes to secure information.
• Playbooks and training can be part of an InfoSec program.
• InfoSec design processes include:
  • Incident response
  • Vulnerability management
  • Application security
  • Cloud security
  • Infrastructure security

Risks

• A risk is anything that impacts confidentiality, integrity, or availability of an asset.
• Risk = Likelihood of a threat.
• Types of risks:
  • External risk: Threats from outside the organization
  • Internal risk: Threats from employees, vendors, or partners
  • Legacy systems: Old systems that might be vulnerable
  • Multiparty risk: Risks associated with outsourcing to third-party vendors
  • Software compliance/licensing: Risks from outdated or non-compliant software

Vulnerabilities

• A vulnerability is a weakness that can be exploited by a threat.
• ProxyLogon is a pre-authenticated vulnerability affecting Microsoft Exchange servers.

Security Audits

• Security audits assess an organization's security posture.
• Audit sample questions:
  • What is the audit meant to achieve?
  • What assets are most at risk?
  • Are current controls sufficient?
  • What controls and compliance regulations need to be implemented?
• Controls assessment:
  • Classify controls into categories:
    • Administrative controls: Policies and procedures
    • Technical controls: Hardware and software solutions
    • Physical controls: Physical security measures
• Assessing compliance with regulations and standards.
• Communicating audit results to stakeholders.

Incident and Vulnerability Playbooks

• Playbooks document procedures for incidents and vulnerabilities.
• Common steps in playbooks:
  • Preparation
  • Detection & Analysis
  • Containment
  • Eradication & Recovery
  • Post-Incident Activity
  • Coordination

SIEM and SOAR

• Security teams use playbooks for incident response.
• SIEM (Security Information and Event Management) tools.
• SOAR (Security Orchestration, Automation, and Response) tools.

Network Devices

• Switches:
  • Connect devices on a network.
  • Forward data packets based on MAC addresses.
  • Part of the data link layer in the TCP/IP model.
• Routers:
  • Connect networks and direct traffic based on IP addresses.
  • Part of the network layer in the TCP/IP model.
  • Can include a firewall feature.
• Modems:
  • Connect to an ISP.
  • Translate digital signals from the internet to analog signals.
• Wireless Access Points:
  • Send and receive digital signals over radio waves.
  • Devices with wireless adapters connect to them using Wi-Fi.

Network Diagrams

• Network diagrams visualize the architecture and design of a network.
• Show devices and their connections.

Description

This quiz covers key concepts related to the security domains defined by CISSP, specifically focusing on Security and Risk Management. It explores security posture, risk mitigation processes, and the elements that influence an organization’s ability to protect its assets. Test your knowledge on InfoSec practices and associated risks in this comprehensive review.