Security Frameworks and Controls Overview

Questions and Answers

What does the CIA triad stand for in cybersecurity?

Confidentiality, identification, auditing

Confidentiality, integrity, availability (correct)

Control, identification, assessment

Compliance, integration, accessibility

Which organization provides essential guidelines for cybersecurity practices?

Federal Bureau of Investigation (FBI)

International Organization for Standardization (ISO)

Internet Engineering Task Force (IETF)

National Institute of Standards and Technology (NIST) (correct)

Which of the following is a function of the NIST Cybersecurity Framework (CSF)?

Reduce compliance costs

Enhance software development

Identify potential risks (correct)

Protect intellectual property

What is the purpose of NIST Special Publication (SP 800-53)?

To offer a unified framework for protecting information systems

Which is NOT one of the five core functions of the NIST Cybersecurity Framework?

Interpret

What is the primary goal of frameworks provided by NIST?

To develop plans that mitigate cybersecurity risks

What is the primary focus of the confidentiality principle in the CIA triad?

Only authorized users can access specific assets or data.

How does the NIST Cybersecurity Framework (CSF) help organizations?

By providing structured guidance to manage cybersecurity risks

Which method is commonly used to verify the integrity of data?

CRYPTOGRAPHY.

Which choice best describes what security controls in the NIST framework aim to maintain?

The CIA triad for government systems

In the context of availability, what does it mean for data to be 'inaccessible'?

Authorized users cannot utilize the data when needed.

What is one way an organization can implement the integrity principle?

By implementing encryption to transform data.

Which of these scenarios best demonstrates the principle of confidentiality?

Data about customer purchases is only shared with authorized personnel.

Which option below is an example of data availability in a workplace?

Employees can access the internal network remotely.

What action can threaten the integrity of data?

Unauthorized modification of data by external users.

Why is encryption considered crucial for maintaining integrity?

It transforms data to prevent unauthorized access and tampering.

What is the main purpose of the IDENTIFY function in NIST CSF?

To manage cybersecurity risk and its impact on people and assets.

Which function in the NIST CSF involves establishing policies and procedures to mitigate threats?

Protect

What is the main objective of keeping security simple?

To facilitate collaborative work and manage security controls effectively.

In fixing security issues correctly, what is the priority after identifying a vulnerability?

To conduct tests to ensure that repairs are successful.

In which function is monitoring and improving detection capabilities emphasized?

Detect

What is a key responsibility during the RESPOND function?

Documenting and analyzing security incidents.

What does the principle of 'fail securely' imply when a control fails?

It should revert to the most secure options by closing all connections.

Why should organizations be cautious about trusting third-party services?

They may have different and potentially less secure policies.

The RECOVER function primarily focuses on which of the following?

Restoring affected systems and data.

What is a major flaw in the concept of security by obscurity?

It depends solely on keeping system details confidential.

Which of the following best describes the relationship between proactive and reactive measures in security operations?

Both measures are essential for effective security strategies.

Why is it important to study historical data as part of the PROTECT function?

To identify new threats and improve policies.

What principle emphasizes that security should be the default state of an application?

The optimal security state should be the default for users.

What does the ability to quickly recover from security incidents help an organization to minimize?

Level of risk caused by incidents.

What might indicate an organization is not applying security principles effectively?

Employees have an easy time accessing sensitive data.

Which security principle would best apply to preventing a breach caused by weak network passwords?

Fix security issues correctly.

What is the primary focus of conducting a risk assessment of an organization's assets?

To identify potential threats, risks, and vulnerabilities

Which of the following is NOT a step in the risk assessment to-do list?

Evaluate financial profits

What do administrative controls primarily focus on in cybersecurity?

Establishing policies and employee responsibilities

During a controls assessment, what is evaluated to ensure processes are effective?

The organization's existing assets and their risks

In terms of cybersecurity, what is the role of physical controls?

Protecting hardware and physical assets

What type of controls includes the human component of cybersecurity?

Administrative controls

Which of the following actions is part of completing a security audit?

Assessing compliance and communicating results

What critical question should be asked when reviewing an audit's goals?

Which assets are most at risk?

What type of control is designed to discourage attacks?

Deterrent Controls

Which of the following best describes administrative controls?

They are mostly policy-based guidelines.

What aligns with the purpose of compliance regulations?

To ensure the security of private data.

Which term describes the measures taken to prevent unauthorized physical access to assets?

Physical Controls

What is the primary function of detective controls?

To determine if an incident has occurred or is ongoing.

Which of the following is included in the communication of internal security audit results?

An outline of compliance regulations that must be followed.

What is indicated by the term 'attack vectors'?

The methods attackers use to breach defenses.

Which type of control is specifically aimed at restoring an asset after an incident has occurred?

Corrective Controls

Study Notes

Frameworks

• Plans are put in place to protect against various threats, risks, and vulnerabilities in an organisation.
• Security frameworks are guidelines to create security policies and processes.
• Security involves virtual and physical spaces, including building access controls.
• Frameworks provide guidance for preventing, detecting, and responding to security breaches, especially social engineering attacks like phishing.
• Employee awareness and training are crucial to minimize breaches.
• Frameworks plan to address security risks, threats, and vulnerabilities.
• Controls are used to reduce specific risks.

Common Security Controls

• Encryption converts data into an encoded format for confidentiality.
• Authentication verifies who someone is, including multi-factor authentication (MFA).
• Authorization grants access to specific resources.
• The CIA triad (Confidentiality, Integrity, Availability) is a core security model used to protect sensitive data and assets from threat actors.

CIA Triad

• Confidentiality means only authorized users access specific assets or data.
• Integrity means data is correct, authentic, and reliable.
• Availability means data is accessible to authorized users.
• Organisations use these principles to establish systems and security policies.

NIST Frameworks

• NIST provides cybersecurity frameworks to implement essential cybersecurity practices.
• Organisations use frameworks as a starting point to mitigate risks, threats, and vulnerabilities to sensitive data and assets.
• There are two NIST frameworks: CSF and SP 800-53.
• CSF is a voluntary framework for managing cybersecurity risk, supporting various organisations.
• SP 800-53 is a framework for protecting the security of information systems within the US federal government.

NIST Cybersecurity Framework (CSF) - Five Core Functions

• Identify: Managing cybersecurity risk and its effect on an organisation's people and assets.
• Protect: Implementing policies, procedures, training, and tools to mitigate risks.
• Detect: Identifying potential security incidents and improving monitoring capabilities.
• Respond: Containing, neutralizing, analysing incidents, and implementing improvements.
• Recover: Returning affected systems to normal operation, restoring data, and assets.

Security Audit/Planning Elements

• Auditing is reviewing security controls, policies, and procedures.
• Two types of audits: internal and external.
• Internal security audits aim to enhance security posture and prevent fines.
• Audits involve: defining scope/goals, performing risk assessments, controls assessment, assessing compliance, and communicating results.

Description

This quiz covers essential security frameworks and common controls used to protect organizations from various risks and vulnerabilities. Key topics include encryption, authentication, authorization, and the CIA triad, which are vital for ensuring data confidentiality, integrity, and availability. Test your knowledge on how these frameworks and controls function to prevent security breaches.