CYS645X: Cybersecurity Architecture and Operations

Questions and Answers

What is the primary purpose of regularly training and retraining users in an organization?

To ensure users are aware of enterprise cybersecurity policies and procedures and their specific roles and responsibilities as a condition of employment.

What is the main objective of the Detect Function in an organization's cybersecurity strategy?

To identify the occurrence of a cybersecurity event in a timely manner.

What is the importance of implementing security monitoring capabilities in an organization?

To continuously monitor and detect cybersecurity events, anomalies, and their potential impact.

Why is it essential to test and update detection processes in an organization?

To develop and test processes and procedures for detecting unauthorized entities and actions on the networks and in the physical environment.

What is the significance of maintaining and monitoring logs in an organization's cybersecurity strategy?

To identify anomalies in the enterprise's computers and applications and record events such as changes to systems or accounts.

Why should staff be aware of their roles and responsibilities for detection and related reporting?

To ensure that they can report incidents both within the organization and to external governance and legal authorities.

What are the six units of the CYS645X course?

Unit 0 – Introduction, Unit 1 – Govern, Unit 2 – Identify, Unit 3 – Protect, Unit 4 – Detect, Unit 5 – Respond, Unit 6 – Recover

What is the purpose of the NIST Cybersecurity Framework (NIST CSF)?

To provide a policy framework of computer security guidance for private sector organizations in the United States to assess and improve their ability to prevent, detect, and respond to cyber attacks.

What is the significance of the Implementation tiers, Profiles, and Appendix sections in the NIST Framework?

These sections are components of the NIST Framework, providing a high-level taxonomy of cybersecurity outcomes and a methodology to assess and manage those outcomes.

What was the original target audience for the NIST Cybersecurity Framework (NIST CSF) when it was first published in 2014?

Operators of critical infrastructure

What is the expected publication date for the new draft 2.0 of the NIST Cybersecurity Framework?

February 2024

What is the minimum overall grade required to pass the CYS645X course?

70%

What is the primary purpose of establishing cybersecurity roles and responsibilities for the entire workforce and third-party stakeholders?

To ensure that all stakeholders understand their role in maintaining cybersecurity and to support operational risk decisions.

What is the significance of identifying the organization's role in the supply chain?

It is crucial for understanding the organization's position in critical infrastructure and its Risk Management Strategy.

What is the primary goal of establishing priorities for organizational mission, objectives, and activities?

To ensure that stakeholders understand and prioritize the organization's goals and objectives.

What is the purpose of identifying dependencies and critical functions for delivering critical services?

To establish resilience requirements and support operational risk decisions.

What is the significance of understanding the organization's stakeholders and their priorities, constraints, risk tolerances, and assumptions?

It helps to inform operational risk decisions and support the organization's Risk Management Strategy.

What kind of mechanisms are implemented to achieve resilience requirements in normal and adverse production situations?

Failsafe, load balancing, and hot swap mechanisms

What is the primary goal of establishing resilience requirements for all operating states?

To support the delivery of critical services during disruptions or crises.

What is the purpose of establishing a baseline of network operations and expected data flows for users and systems?

To detect anomalous activity and understand the potential impact of events

What is the main objective of collecting and correlating event data from multiple sources and sensors?

To determine the impact of events and understand attack targets and methods

Why are incident alert thresholds established?

To determine the impact of events and alert relevant personnel

What is the primary goal of monitoring the network, physical environment, and personnel activity?

To detect potential cybersecurity events and identify security threats

What is the primary purpose of comparing the cybersecurity framework requirements with the current operating state of the organization?

To gain an understanding of the gaps between the two

What kind of code is detected by Security Continuous Monitoring mechanisms?

Malicious code and unauthorized mobile code

What is the main objective of the Asset Management (ID.AM) category in the cybersecurity framework?

To inventory and manage organizational assets

What is the significance of ID.AM-4 in the cybersecurity framework?

It involves cataloging external information systems

Why is it important to prioritize resources based on their classification, criticality, and business value in the cybersecurity framework?

To ensure alignment with organizational objectives and risk strategy

What is the relationship between the cybersecurity framework and an organization's risk strategy?

The framework helps identify and manage cybersecurity risk consistent with the organization's risk strategy

What is the benefit of understanding the facilities that enable an organization to achieve business purposes?

It helps identify and manage cybersecurity risk to organizational assets and operations