Security Frameworks and Controls Overview

Questions and Answers

What does the CIA triad stand for in cybersecurity?

• Confidentiality, identification, auditing
• Confidentiality, integrity, availability (correct)
• Control, identification, assessment
• Compliance, integration, accessibility

Which organization provides essential guidelines for cybersecurity practices?

• Federal Bureau of Investigation (FBI)
• International Organization for Standardization (ISO)
• Internet Engineering Task Force (IETF)
• National Institute of Standards and Technology (NIST) (correct)

Which of the following is a function of the NIST Cybersecurity Framework (CSF)?

• Reduce compliance costs
• Enhance software development
• Identify potential risks (correct)
• Protect intellectual property

What is the purpose of NIST Special Publication (SP 800-53)?

To offer a unified framework for protecting information systems (D)

Which is NOT one of the five core functions of the NIST Cybersecurity Framework?

Interpret (B)

What is the primary goal of frameworks provided by NIST?

To develop plans that mitigate cybersecurity risks (C)

What is the primary focus of the confidentiality principle in the CIA triad?

Only authorized users can access specific assets or data. (D)

How does the NIST Cybersecurity Framework (CSF) help organizations?

By providing structured guidance to manage cybersecurity risks (A)

Which method is commonly used to verify the integrity of data?

CRYPTOGRAPHY. (B)

Which choice best describes what security controls in the NIST framework aim to maintain?

The CIA triad for government systems (B)

In the context of availability, what does it mean for data to be 'inaccessible'?

Authorized users cannot utilize the data when needed. (C)

What is one way an organization can implement the integrity principle?

By implementing encryption to transform data. (C)

Which of these scenarios best demonstrates the principle of confidentiality?

Data about customer purchases is only shared with authorized personnel. (A)

Which option below is an example of data availability in a workplace?

Employees can access the internal network remotely. (C)

What action can threaten the integrity of data?

Unauthorized modification of data by external users. (B)

Why is encryption considered crucial for maintaining integrity?

It transforms data to prevent unauthorized access and tampering. (C)

What is the main purpose of the IDENTIFY function in NIST CSF?

To manage cybersecurity risk and its impact on people and assets. (A)

Which function in the NIST CSF involves establishing policies and procedures to mitigate threats?

Protect (D)

What is the main objective of keeping security simple?

To facilitate collaborative work and manage security controls effectively. (C)

In fixing security issues correctly, what is the priority after identifying a vulnerability?

To conduct tests to ensure that repairs are successful. (A)

In which function is monitoring and improving detection capabilities emphasized?

Detect (B)

What is a key responsibility during the RESPOND function?

Documenting and analyzing security incidents. (D)

What does the principle of 'fail securely' imply when a control fails?

It should revert to the most secure options by closing all connections. (C)

Why should organizations be cautious about trusting third-party services?

They may have different and potentially less secure policies. (D)

The RECOVER function primarily focuses on which of the following?

Restoring affected systems and data. (C)

What is a major flaw in the concept of security by obscurity?

It depends solely on keeping system details confidential. (B)

Which of the following best describes the relationship between proactive and reactive measures in security operations?

Both measures are essential for effective security strategies. (D)

Why is it important to study historical data as part of the PROTECT function?

To identify new threats and improve policies. (D)

What principle emphasizes that security should be the default state of an application?

The optimal security state should be the default for users. (A)

What does the ability to quickly recover from security incidents help an organization to minimize?

Level of risk caused by incidents. (A)

What might indicate an organization is not applying security principles effectively?

Employees have an easy time accessing sensitive data. (A)

Which security principle would best apply to preventing a breach caused by weak network passwords?

Fix security issues correctly. (C)

What is the primary focus of conducting a risk assessment of an organization's assets?

To identify potential threats, risks, and vulnerabilities (A)

Which of the following is NOT a step in the risk assessment to-do list?

Evaluate financial profits (B)

What do administrative controls primarily focus on in cybersecurity?

Establishing policies and employee responsibilities (D)

During a controls assessment, what is evaluated to ensure processes are effective?

The organization's existing assets and their risks (A)

In terms of cybersecurity, what is the role of physical controls?

Protecting hardware and physical assets (C)

What type of controls includes the human component of cybersecurity?

Administrative controls (B)

Which of the following actions is part of completing a security audit?

Assessing compliance and communicating results (C)

What critical question should be asked when reviewing an audit's goals?

Which assets are most at risk? (B)

What type of control is designed to discourage attacks?

Deterrent Controls (D)

Which of the following best describes administrative controls?

They are mostly policy-based guidelines. (C)

What aligns with the purpose of compliance regulations?

To ensure the security of private data. (A)

Which term describes the measures taken to prevent unauthorized physical access to assets?

Physical Controls (B)

What is the primary function of detective controls?

To determine if an incident has occurred or is ongoing. (C)

Which of the following is included in the communication of internal security audit results?

An outline of compliance regulations that must be followed. (D)

What is indicated by the term 'attack vectors'?

The methods attackers use to breach defenses. (D)

Which type of control is specifically aimed at restoring an asset after an incident has occurred?

Corrective Controls (B)

Flashcards

Confidentiality

Only authorized users can access specific assets or data. Think of it like having a secret code to unlock a safe!

Integrity

Data is accurate and reliable. It's like checking your math homework for mistakes.

Cryptography

Cryptography is a method used to protect data integrity by transforming it into a scrambled code that only authorized parties can understand.

Encryption

The process of converting data from a readable format to an encoded format. It's like locking your diary with a special key.

Availability

Data is accessible to those who are authorized to use it. It's like having an open door to the information you need.

Availability and Confidentiality Combined

When a system adheres to both availability and confidentiality principles, information can be used when needed, while still being kept secure. It's like having a private library that you can access any time.

Inaccessible Data

Data that cannot be accessed is useless. It's like having a book locked in a safe that you can't open.

Account Validation

Banks use a validation process to help minimize damage if they suspect that customer accounts have been compromised. It's like setting up a security system to protect your home.

Identify (NIST CSF)

The process of identifying potential security threats and vulnerabilities within an organization's systems and assets.

Protect (NIST CSF)

Implementing safeguards to prevent security incidents and mitigate risks.

Detect (NIST CSF)

Detecting security incidents and suspicious activities in real-time.

Respond (NIST CSF)

Responding to security incidents by containing the damage and recovering affected systems.

Recover (NIST CSF)

Restoring systems and data back to a normal operational state after a security incident.

What is the purpose of the 'Identify' function in NIST CSF?

The first function of the NIST Cybersecurity Framework, focused on understanding and managing cybersecurity risks.

What is the purpose of the 'Protect' function in NIST CSF?

The second function of the NIST Cybersecurity Framework, designed to implement security controls and measures.

What is the purpose of the 'Detect' function in NIST CSF?

The third function of the NIST Cybersecurity Framework, focusing on detecting security incidents and suspicious activities.

Security Posture

An organization's ability to defend its critical assets and data, and adapt to changes.

CIA Triad

Three core principles for protecting information: Confidentiality (keeping data secret), Integrity (ensuring data accuracy), and Availability (making sure data is accessible when needed).

NIST (National Institute of Standards and Technology)

A US organization providing guidance on cybersecurity best practices for organizations worldwide.

Framework

A structured approach used by organizations to develop plans for managing cybersecurity risks and vulnerabilities.

NIST Cybersecurity Framework (CSF)

A voluntary framework provided by NIST, offering standards, guidelines, and best practices for managing cybersecurity risks, widely recognized in the industry.

NIST Special Publication (SP 800-53)

It provides a unified framework for protecting information systems within the US federal government, including systems provided by private companies.

Security Controls

The measures used to maintain the CIA triad for government systems, provided by NIST frameworks.

NIST Cybersecurity Framework (CSF) Core Functions

Five main functions of the NIST Cybersecurity Framework (CSF): Identify, Protect, Detect, Respond, and Recover. These functions guide organizations in managing cybersecurity risks and building resilience.

Risk Assessment

A process to identify potential threats, risks, and vulnerabilities. It helps determine the necessary security measures to protect organizational assets.

Controls Assessment

A review of an organization's existing assets and their potential risks to ensure that implemented controls and processes are sufficient.

Administrative Controls

Policies, procedures, and guidelines that define how an organization manages data and employee responsibilities related to cybersecurity.

Technical Controls

Technical safeguards and mechanisms implemented to protect data and systems, such as firewalls, intrusion detection systems, and encryption.

Physical Controls

Physical measures to secure assets, like locks, security cameras, and physical access restrictions.

Compliance Assessment

The process of verifying that an organization complies with relevant security regulations, standards, and best practices.

Communicating Audit Results

The process of communicating the findings of a security audit to relevant stakeholders, including management, employees, and external parties.

Security Audit

The overall process of analyzing an organization's security posture, identifying vulnerabilities, and recommending improvements.

Keep Security Simple

The principle states that when implementing security controls, unnecessarily complicated solutions should be avoided as they become difficult to manage.

Fix Security Issues Correctly

When security incidents arise, it is crucial to identify the root cause rapidly, fix any associated vulnerabilities, and conduct tests to ensure the repairs are effective.

Secure by Default

This principle emphasizes that the default state of an application should be secure. It should take extra effort to make the application insecure.

Fail Securely

This principle suggests that if a security control fails, it should default to its most secure state, such as closing all connections and blocking new ones.

Avoid Security by Obscurity

It is crucial to avoid relying solely on hiding information to secure key systems. The security should be based on a multi-layered approach.

Don't Trust Services

Organizations should not blindly trust third-party systems. They should verify the accuracy of data before sharing it with customers.

Assessing Compliance Regulations

The process of checking if an organization is following required security rules.

Compliance Regulations

Laws that organizations must adhere to in order to keep private information safe.

Preventative Controls

Actions designed to prevent security incidents from happening in the first place, like strong passwords and firewalls.

Corrective Controls

Actions that are taken to recover from a security incident, such as data backups and incident response plans.

Study Notes

Frameworks

• Plans are put in place to protect against various threats, risks, and vulnerabilities in an organisation.
• Security frameworks are guidelines to create security policies and processes.
• Security involves virtual and physical spaces, including building access controls.
• Frameworks provide guidance for preventing, detecting, and responding to security breaches, especially social engineering attacks like phishing.
• Employee awareness and training are crucial to minimize breaches.
• Frameworks plan to address security risks, threats, and vulnerabilities.
• Controls are used to reduce specific risks.

Common Security Controls

• Encryption converts data into an encoded format for confidentiality.
• Authentication verifies who someone is, including multi-factor authentication (MFA).
• Authorization grants access to specific resources.
• The CIA triad (Confidentiality, Integrity, Availability) is a core security model used to protect sensitive data and assets from threat actors.

CIA Triad

• Confidentiality means only authorized users access specific assets or data.
• Integrity means data is correct, authentic, and reliable.
• Availability means data is accessible to authorized users.
• Organisations use these principles to establish systems and security policies.

NIST Frameworks

• NIST provides cybersecurity frameworks to implement essential cybersecurity practices.
• Organisations use frameworks as a starting point to mitigate risks, threats, and vulnerabilities to sensitive data and assets.
• There are two NIST frameworks: CSF and SP 800-53.
• CSF is a voluntary framework for managing cybersecurity risk, supporting various organisations.
• SP 800-53 is a framework for protecting the security of information systems within the US federal government.

NIST Cybersecurity Framework (CSF) - Five Core Functions

• Identify: Managing cybersecurity risk and its effect on an organisation's people and assets.
• Protect: Implementing policies, procedures, training, and tools to mitigate risks.
• Detect: Identifying potential security incidents and improving monitoring capabilities.
• Respond: Containing, neutralizing, analysing incidents, and implementing improvements.
• Recover: Returning affected systems to normal operation, restoring data, and assets.

Security Audit/Planning Elements

• Auditing is reviewing security controls, policies, and procedures.
• Two types of audits: internal and external.
• Internal security audits aim to enhance security posture and prevent fines.
• Audits involve: defining scope/goals, performing risk assessments, controls assessment, assessing compliance, and communicating results.

Description

This quiz covers essential security frameworks and common controls used to protect organizations from various risks and vulnerabilities. Key topics include encryption, authentication, authorization, and the CIA triad, which are vital for ensuring data confidentiality, integrity, and availability. Test your knowledge on how these frameworks and controls function to prevent security breaches.