10 Questions
A security zone is a physical or logical grouping of resources that share the same risk profile and business function. The boundaries between zones are implemented using ______ controls.
security
The decision to place a resource, component, application, or service into a zone is determined by the need to avoid risk exposure and the need to avoid imposing risk on other resources. This is to meet business requirements that can only be satisfied by a dedicated ______.
environment
Resources in the same zone often share the same risk profile, so grouping resources based on zones is essential. The EISA should provide guidance for determining the proper placement of security zone boundaries and ______.
controls
Data may only pass between resources or components via a security control or service, even if they remain within the same security zone. This is an example of enforcing ______ data movement.
secure
Placing resources in zones helps in avoiding risk exposure and imposing risk on other resources. It also helps in meeting business requirements that require a dedicated ______.
environment
Security zones can be based on factors like business functions (e.g., HR, Finance), location (e.g., Abu Dhabi office), and information systems (e.g., HRMS). These examples represent different types of security zone ______.
categories
The boundaries between security zones are meant to filter inbound or outbound communications and control access to sensitive resources. This is achieved through the use of various security ______.
controls
In a security zone, data movement between resources is governed by rules. Rule 1 states that data may only pass between resources via a security control or service, even if they are in the same security ______.
zone
Placing resources in zones ensures that the need to meet business requirements is fulfilled by a dedicated ______.
environment
Microsoft's Least-Privileged User Account is an example of enforcing the rule of data movement between security zones. It ensures that data can only pass between resources via a security control or service, maintaining a ______ data flow.
secure
Test your knowledge on the security principles that EISA should be based on, including alignment with security policies, driving selection of security controls, and being risk-based.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free