Exam (elaborations)
CFR 410 Part 1 With Correct Questions And Answers | Verified Solutions 2024
- Course
- Institution
CFR 410 Part 1 With Correct Questions And Answers | Verified Solutions 2024
[Show more]
Seller
Follow
Elitaa
Reviews received
Content preview
CFR 410 Part 1 With Correct QuestionsAnd Answers | Verified Solutions 2024
Elements of Cybersecurity - Correct Answer-Assets, Threats, Attack, Vulnerability,
Exploit, Control
Risk-Determining Risk - Correct Answer-Risk is often associated with the loss of a
system, power, or network, and other physical losses. Risk=Threats X Vulnerabilities X
Consequences
Asset - Correct Answer-Anything of value which could be damaged, lost, harmed.
Includes loss of intellectual property, trade secrets
Threats - Correct Answer-Events or Actions which could potentially cause loss,
damage, harm, compromise to asset or services
Attack - Correct Answer-The act (Intentional) to bypass/destroy/compromise security
services or compromise an IT System or IT Control
Vulnerability - Correct Answer-Something which could leave an IT System open to
harm/compromise/destruction. Things like backdoors, insecure-weak passwords, limited
physical security, software bugs
Exploit - Correct Answer-Method or technique used by attacker to take advantage of a
know/unknown weakness in IT services/devices. Can be a device, software, script, or
physical action
Controls - Correct Answer-It is a specific method, techniques put in place to avoid,
counteract, mitigate known security risks
Determining Risk- Risk=Threats X Vulnerabilities X Consequences - Correct Answer-A
threat (something/someone can take advantage of vulnerabilities) A vulnerability
(weakness/deficiency) which enables an attacker(s) to violate/harm/disclose/deny
access to an IT System. A consequence (So what/impact/Result) is damage
(Actual/Intellectual/Reputation) that occurs from the attack.
The factors which make up risk - Correct Answer-Threats, Vulnerabilities, and
Consequences
The risk management process (4 Step) Identify, Assessment, Analysis, Response -
Correct Answer-Basically, defined as the cyclical (revolving) process of identifying,
assessing, analyzing, and responding to risks to safeguard IT
Services/Devices/Intellectual Property/Corp Information.
, Knowing Risk Exposure in risk Management - Correct Answer-Exposure is a
property/indicator which dictates how susceptible (Open to attack) an
organization/Company/system is to damage/loss/release-Confidential or sensitive
Information. Risk exposure defined by multiplying all three factors (Vulnerability X
Exposure X Consequences). Again Complexity Possibility and Impact determines
Priority.
SOC/Cybersecurity conduct Risk Analysis to Protect/Prevent - Correct Answer-Analysis
helps determine how to protect devices, networks, information, people, and other
assets. Goal is to minimize damage to the organization (Reputation, Finance, Physical
Assets).
Three types of Risk Analysis - Correct Answer--Qualitative (Ranking, Generalizations,
Estimations) -Quantitative ($$ or ## Stats) - Semi-quantitative (Hybrid) Some times
value greater than the numbers ($$-##)
Qualitative Analysis - Correct Answer-Qualitative analysis methods use descriptions
and words to measure vs numbers and amounts. Terms like High, Medium, Low.
Ranking/Scales such as 1-10 to reflect likelihood and impact of a risk.
Quantitative analysis - Correct Answer-Quantitative analysis is completely based on
numeric values (raw data). Data from historical averages/numbers but caution as risk
may not be quantifiable using strictly Numbers.
Semi-quantitative - Correct Answer-Semi-quantitative analysis (Hybrid) exists due to
impossibilities for a pure quantitative assessments. Example is reputation which is
speculative.
Understanding various types of Risk in an organization - Correct Answer-Legal,
Physical (assets), Financial, Operations (services), Infrastructure, Intellectual property,
Health, and reputation of a company/organization
Security Standards and Frameworks (Various Organizations) - Correct Answer-NIST,
FISMA, RMF, COBIT, ITAF, IS/IEC 2700 series, Information Security Forum (ISF), REC
2196, Center for Internet Security (CIS)
National Institute of Standards and Technology (NIST) - Correct Answer-NIST- Non-
regulator US Government Agency. Unified Framework, Provides Guidance for
managing Risk, Seeks to adopt Best Practices in Cybersecurity. Consist of CORE
(Activities/outcomes), PROFILE (Outcome to Organization, TIERS (RM aligns
Cybersecurity Framework Characteristics).
NIST SP 800-61 - Correct Answer-Computer Security Incident Handling Guide
(Cybersecurity).
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Elitaa. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $12.99. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
80796 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 14 years now
Recently viewed by you
