What is security framework?
Guidelines used for building plans to help mitigate risk and threats to data and privacy
Provides a structured approach to IMPLEMENT a security lifestyle
What is security life cycles?
a constantly evolving set of policies and standards that define how an organization
* manage risks
* follows established guidelines
* meets regulatory compliance as laws
What is the purpose of security framework?
5 points
- protecting PII
- securing financial information
- identifying security weaknesses
- managing organizational risks
- aligning security with business goals
What are the standards that an organization defines?
3 answers
- manage risks
- follows established guidelinees
- meets regulatory compliance as laws
What are the 4 core elements of security frameworks?
4 points
- Identifying and documenting security goals
- Setting guidelines to achieve security goals
- Implementing strong security processes
- Monitoring and Communicating Results
What are security controls?
safeguards designed to reduce specific security risks
What is CIA triad? What does it stand for?
Confidentiality, Integrity, and Availibility Triad. Foundational Model that helps inform how organizations consider risks when setting up systems and security policies
What is an asset?
an item perceived as having value to an organization
What is compliance?
the process of adhering to internal standards and external regulations
What is the NIST CSF? What does it stand for?
National Institute of Standards and Technology: the Cybersecurity Framework. A voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity risk
teams use it as a baseline to manage short and long term risk
What does each letter in CIA Triad mean?
- Confidentiality is limiting user to only access certain data and specific assets
- Integrity data is correct, authentic, reliable.
- Availibility data is accessible to those who are authorized to access it
What are some specific framework?
FERC-NERC
affects those working with electricity or power grid and portect it
FedRAMP
provides consistency across the government sectory and third party cloud provides
CIS
provides set of controls to protect systems and netowrks against attacks, and plan for defense
PCI DSS
ensure that organization storing, accepting, processing and trasmitting CC information do so in a secured environment
HIPAA
protects patient health information from getting leaked out without their consent to prevent fraud or indentity theft
ISO
establishs internet standards for technology, manuf., management, across borders
SOC1 and SOC2
focuses on an organization user access policies at different organizational levels
What are security ethics?
Guidelines for making appropriate decisions as a security professional
What are the ethical principles?
There are 3
- Confidentiality
- Privacy protection
- laws
What is confidentiality?
only authorized users can access specific assets or data
What is privacy protection?
safeguarding personal information from unauthorized use
what are laws?
rules that are recognized by a community and enforced by a governing entity
to do my job I must what?
- remain unbiased
- work honestly with high respect for the law
- be transparent
- rely on evidence
- be consistently invested in work
- stay informed
- strive to advance your skills
- contribute to the betterment of the cybersecurity landscape
Why can the US not deploy a counterattack on a threat actor?
It will count as an act of vigilantism
what is a hackivist?
a person who uses hacking to achieve a political goal
Who is authorized to counterattack?
- employees of the federal government
- military personnel
- (ICJ) International Court of Justice
