Certified Cybersecurity Technician Exam 212-82 PDF
Document Details
Uploaded by barrejamesteacher
null
EC-Council
Tags
Summary
This document details the administrative controls in network security. It discusses the influence of industry on corporate governance and the concept of organizational maturity. It also explores how reactive versus proactive approaches affect governance.
Full Transcript
Exam Exam 212-82 212-82 Certified Cybersecurity Cybersecurity Technician Technician Certified Network Security Security Controls Controls —— Administrative Administrative Controls Controls Network Industry * * @ NI * * : évr?] GOVE ' g\ [ RNANCE The The industry industry inin which which an an organ...
Exam Exam 212-82 212-82 Certified Cybersecurity Cybersecurity Technician Technician Certified Network Security Security Controls Controls —— Administrative Administrative Controls Controls Network Industry * * @ NI * * : évr?] GOVE ' g\ [ RNANCE The The industry industry inin which which an an organization organization operates operates affect corporate governance affect corporate governance AA limited limited set set ofof industries industries isis the the subject subject ofof most most discussions discussions about about governance: governance: public, public, retail, retail, services financial and information, and financial information, However, However, aa broad broad variety variety of of industries industries exist— * * each each with with their own own concerns and industryspecific requirements that drive their governance decisions decisions Copyright Copyright ©© by by EC-CEC4{ ilL ANl All Rights Rights Reserved. Reserved. Reproduction Reproductionisis Strictly Strictly Prohibited Prohibited. Industry The industry in which an organization operates affects corporate governance. A limited set of industries is the subject of most discussions about governance: public, retail, information, and financial services. However, a broad variety of industries exist—each with their own concerns and industry-specific requirements that drive their governance decisions. The drivers applied in a particular industry rarely affect other industries in the same way. In fact, unique business drivers affecting each industry require tailored approaches to address industry-specific concerns. For example, the concerns like protected health information (PHI), contracted providers, and For example, data sharing in healthcare organizations are completely different from the concerns faced by organizations organizations in retail, agriculture, manufacturing, or financial services, which all have different operational models and business drivers. Module 544 Page 544 Module 0505 Page EG-Council Copyright ©© byby EC-Gouncil Technician Copyright Cybersecurity Technician Certified Cybersecurity Certified All Rights Rights Reserved. Reserved. Reproduction Reproduction isis Strictly Strictly Prohibited. Prohibited. All Certified Cybersecurity Technician Network Security Controls — Administrative Controls Exam 212-82 Organizational Maturity ‘** ‘l O Maturity varies irrespective of the size of an organization, or the structure established to manage its activities O The concept of maturity maps to capability maturity model integration (CMMI), which is a process model that defines what an organization should do to promote behaviors that facilitate improved performance Capability Maturity Model Integration (CIMIVII) DEFINED Processes are unpredictable, poorly controlled, and reactive Processes are Processes are characterized for projects, but is often reactive Processes are characterized throughout the organization and proactive | teveri meveri D[| mEvenz zeverz ) Focuses on process measured and controlled proactive uevens ievers improvement and enhancing existing processes [[UEEvER4 [[ZEvEL4 || )| 1EverLs 1EveELs | Copyright Copyright © by y ECpyrig ILIL All Rights Reserved. Reserved. Reproduction is Strictly y Prohibited g! Organizational Maturity (Cont’d) Reactive versus Proactive Approaches T T T Making money and short-term shareholder returns Reacting to immediate problems Organizations cannot T Focus Long-term returns and strategic directions Priorities Taking a preemptive approach Control Control is localized begin to realize the Control is centralized benefits of mapping Reliance on instinct or the processes to g:zi:::nce 08 ON8 0TI ORINONN Analysis Focus on data to improve processes standards and People counted as a cost Personnel People valued as an asset -n across the enterprise Training Trainin Trainin, Training organizational achieving consistency until CMMI Level 3 i ik e f r mor is a benefit or AR perk A Distrust between management and employees g Leadership § is essential to success Leaders and personnel collaborate and work together Copyright ©© by Copyright by EC-Council EC-Council All All Rights Rights Reserved. Reserved. Reproduction Reproductionss Strictly Strictly Prohibited, Prohibited. Organizational Maturity The maturity of an organization influences governance. Maturity varies irrespective of the size of an organization or the structure established to manage its activities. The concept of maturity maps to capability maturity model integration (CMMI), which is a process model that defines what an organization should do to promote behaviors that facilitate improved performance. Module 05 Page 545 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Network Security Controls — Administrative Controls INITIAL MANAGED QUANTITATIVELY MANAGED DEFINED OPTIMIZING Processes are unpredictable, poorly controlled, Processes are characterized for projects, but is Processes are characterized throughout the Processes are measured and controlled - Focuses on process improvement and enhancing existing and reactive often reactive organization and proactive proactive processes LEVEL1 LEVEL 2 LEVEL 3 LEVEL 4 LEVELS Figure 5.2: CMMI Model Whether a proprietorship, a partnership, or a corporation, most organizations begin as immature and reactive. Here, processes are unpredictable, poorly controlled, and oversensitive. As they mature, organizations begin to define processes and move toward increasingly proactive and formalized policies, procedures, and processes that improve performance across individual business practices or for the entire enterprise. The effectiveness of governance varies as organizations move from immaturity to maturity along the CMMI model. Definition of formal processes is difficult at Level 1 and Level 2, where methods are unpredictable or reactive. Organizations cannot begin to realize the benefits of mapping processes to organizational standards and achieving consistency across the enterprise until CMMI Level 3. Achieving this level of maturity is important for information security leadership because the security professional cannot begin to establish formal standards for information security governance until the classification of processes exists throughout the organization. Reactive Attribute Making money and short-term shareholder returns Reacting to immediate problems Focus Long-term returns and strategic.. directions Priorities Taking a preemptive approach Control is centralized Control Reliance on instinct or the Analvsis experience of one or more people People counted as a cost Distrust between management and employees Y Personnel Training is a benefit or perk Proactive Training Leadership Control is localized Focus on data to improve processes People valued as an asset Training is essential to success Leaders and personnel collaborate and work together Table 5.8: Reactive versus Proactive Approaches Some organizations take the steps necessary to achieve the highest level of maturity defined by CMMI Level 5; however, achieving and maintaining this degree of maturity is both difficult and rare. Most organizations are satisfied with maturity Level 3 or Level 4 and focus on maintaining operations at this level because the cost and effort required to maintain CMMI Level 5 may not be worth the benefit. Module 05 Page 546 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Controls — Administrative Controls Exam 212-82 Maturity affects an organization at the macro level; it also influences the micro level, where a mix of maturity exists in different departments and business units across the organization. For example, HR and accounting have higher levels of maturity because of the established processes and procedures inherent in these professions. Similarly, IT programs that follow the IT governance and service delivery models offered by Control Objectives for Information and Related Technologies (COBIT) and Infrastructure Technology Information Library (ITIL), respectively, are more likely to operate with higher maturity than organizations that do not use formal standards to manage IT governance and IT service delivery. Module 05 Page 547 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited.
