INMT 441 ACTUAL EXAM 1 QUESTIONS WITH CORRECT DEAILED ANSWERS (VERIFIED ANSWERS) GRADED A+
3 views 0 purchase
Course
INMT 441
Institution
INMT 441
INMT 441 ACTUAL EXAM 1 QUESTIONS WITH CORRECT DEAILED ANSWERS (VERIFIED ANSWERS) GRADED A+
Cybersecurity Frameworks - Answer-Cybersecurity frameworks provide guidance to organizations to assess and improve their ability to prevent, detect, and respond to cyber attacks.
NIST Cybersecurity Frame...
INMT 441 ACTUAL EXAM 1 QUESTIONS
WITH CORRECT DEAILED ANSWERS
(VERIFIED ANSWERS) GRADED A+
Cybersecurity Frameworks - Answer-Cybersecurity frameworks provide guidance to
organizations to assess and improve their ability to prevent, detect, and respond to
cyber attacks.
NIST Cybersecurity Framework - Answer-• NIST (National Institute of Standards and
Technology), founded in 1901, is a non-regulatory federal agency within the U.S.
Department of Commerce.
• NIST's mission is to promote U.S. innovation and industrial competitiveness by
advancing measurement science, standards, and technology in ways that enhance
economic security and improve our quality of life.
• The NIST Framework for Improving Critical Infrastructure Cybersecurity (v1.1) is a
voluntary framework to reduce cyber-related risks to critical infrastructure.
NIST Framework -- Key Elements - Answer-1. Functions (ex identify )
2. Categories (ex Asset Management)
3. Subcategories (ex Physical Devices)
4. Information References (ex CIS CSC1, COBIT 5 BA, ..... )
NIST Framework -- Core Functions - Answer-• Identify: assets that need protection from
risks
• Protect: available safeguards (controls)
• Detect: incident occurrence
• Respond: incident reaction, contain impact
• Recover: restore functionality, capability
Use of the NIST Framework - Answer-• Roadmap to reduce cybersecurity risks
• Describe current state and target state
• Support state comparisons
• Help develop action plans
• Help determine resource requirements
CIS Framework - Answer-• CIS (Center for Internet Security) is a nonprofit organization
formed in 2000.
• Its mission is to identify, develop, validate, promote, and sustain best practice
solutions for cyber defense and build and lead communities to enable an environment of
trust in cyberspace.
• Its framework, the CIS Controls™, is a prioritized set of actions that collectively form a
defense-in-depth set of best practices that mitigate the most common attacks against
systems and networks
,COBIT Framework in depth - Answer-Includes 40 governance and management
objectives, organized into five domains:
Governance:
• Evaluate, Direct, and Monitor (EDM)
Management Domains:
• Align, Plan and Organize (APO)
• Build, Acquire, and Implement (BAI)
• Deliver, Service, and Support (DSS)
• Monitor, Evaluate, and Assess(MEA)
General Controls - Answer-Relate to the environment within which computer
applications are developed, maintained and operated, and are applicable to all
applications.
Examples of general control:
• Policies and procedures
• Infrastructure/support
• Identity/access management (system-wide, not applicable specific)
• Physical controls and environment controls
• Disaster Recovery/Business Continuity Planning
• Change management
User support/training
Application Controls - Answer-The policies, procedures and activities designed to
provide reasonable assurance that objectives relevant to a given application are
achieved.
Examples of application controls include
• Application understanding
• Access control (authentication, authorization, etc.)
• Input controls
• Processing controls
• Output controls
Policy - Answer-an organization's statement of intent (thus organizational policy)
- may contain multiple policies (or statements)
IT Policy - Answer-an organizations policy regarding IT investment, management, and
use
Information Security Policy (ISP) - Answer-a subset of IT policy that specifies the
requirements regarding information security or cybersecurity
, Concepts related to ISP - Answer-ISP is an umbrella term that contains other concepts:
- Procedures
- Rules
- Standards
- Guidelines
Procedures - Answer-specific actions taken to address a situation
Rules - Answer-specific statements of what are allowed and/or disallowed
Guidelines - Answer-nonmandatory recommendations that employee may use as a
reference in complying with a policy
Major elements of ISP - Answer-- IT assets to protect and why : purpose and scope
- Protection roles and responsibilities (acceptable and unacceptable behaviors)
- administration and interpretations
- amendments / termination (if any)
- references to applicable policies
- key definitions (if necessary)
Types of ISPs in Organizations - Answer-- enterprise information security policy
- systems- specific policies
- issue specific security policies
(a security issue may cross multiple systems)
enterprise information security policy - Answer-a high-level information security policy
that sets the strategic direction, scope, and tone for all of an organization's
cybersecurity efforts
- written first
- Usually drafted by the Chief Information Security Officer (CISO)
- Typically 2-10 pages long
- It governs the development of other System-Specific and Issue-Specific ISPs.
System - Specific Information Security Policy (SISP) - Answer-- an organizational policy
that functions as standards or procedures to be used when configuring or maintaining a
specific information system
- Created by the management to guide the implementation and configuration of
technology, as well as to address the behavior of people in the organization in ways that
support the security of information
Can Be...
- Separated into managerial guidance and technical specifications; or
- Combined in a single unified SISP document
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller victoryguide. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $12.49. You're not tied to anything after your purchase.
