One of the main purposes of a cybersecurity professional is to help a company
establish its security requirements. Which critical components of an application
risk assessment accomplish this objective? Select all that apply.This task contains
the radio buttons and checkboxes for options. The shortcut keys to perform this
task are A to H and alt+1 to alt+9.
A
Understanding the application type
B
Determining the users
C
Establishing the criticality to business
D
Setting the application life-cycle
E
,Classifying the information processed - ANSWERS-Explanation: Answers A, C, and
E are correct.
Defining the security requirements of a risk assessment can involve multiple key
factors that should be incorporated early in the planning and development
phases. The security requirements do not include defining users or application
lifespan.
cloud/software as a service (SaaS) applications. - ANSWERS-Commercial off-the-
shelf (COTS) applications. Applications developed by vendors and installed on the
organization's information systems. These applications are usually purchased
outright by organizations with usage based on licensing agreements.
Cloud/SaaS applications. Applications developed by service providers or vendors
and installed on the provider or vendor information system. Organizations
typically have an on-demand or pay-per-usage metrics.
In-house developed applications. Applications developed, installed, and
maintained by the organization using internal teams and/or contractors
With the development of faster, more reliable internet access, cloud services are
increasing in popularity. Talia researched moving part of her company's data and
infrastructure to a cloud-based service. She evaluated risks associated with cloud
services and has established a list of risks. Which risk is NOT associated with cloud
or SaaS services?This task contains the radio buttons and checkboxes for options.
The shortcut keys to perform this task are A to H and alt+1 to alt+9.
,A
Limited storage scalability
B
Misaligned cybersecurity standards with the vendor
C
Legal or regulatory restrictions imposed on the company but not the vendor
D
Lack of control over a vendor's cybersecurity policies
E
Data storage confidentiality - ANSWERS-Explanation: Answer A is correct.
Limited storage capability is not a risk in cloud-based services. One of the strong
arguments for online storage is the ability to scale to needs easily and
economically.
Policies and procedures must ensure that cybersecurity are addressed through
the development or acquisition life cycle in line with the following guiding
, principles: - ANSWERS-security requirements should be identified up front based
on the risks
the security requirements should be included in the application development and
selection processes
the security requirements should be tested for effectiveness pre- and
postimplementation
when using cloud/SaaS providers, cybersecurity due diligence should be
conducted
developers should be trained on secure coding practices, and the developed code
should be inspected for security defects
Enterprise risk management (ERM)1 - ANSWERS-The enterprise risk assessment
methodology has become an established approach to identifying and managing
systemic risk for an organization
Reasons/Rationale for Performing a Security Risk Assessment - ANSWERS-Cost
justification—Added security usually involves additional expense. Since this does
not generate easily identifiable income, justifying the expense is often difficult. An
effective IT security risk assessment process should educate key business
managers on the most critical risks associated with the use of technology, and
automatically and directly provide justification for security investments.
Productivity—Enterprise security risk assessments should improve the
productivity of IT operations, security and audit. By taking steps to formalize a
review, create a review structure, collect security knowledge within the system's
knowledge base and implement self-analysis features, the risk assessment can
boost productivity.
Breaking barriers—To be most effective, security must be addressed by
organizational management as well as the IT staff. Organizational management is
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Teacher101. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $14.49. You're not tied to anything after your purchase.