Question

Please choose 5 questions from 20 and answer them.

1. How can a security framework assist in the design and implementation of a security infrastructure? What is information security governance? Who in the organization should plan for it? 2. Where can a security administrator find information on established security frameworks? 3. What is the ISO 27000 series of standards? Which individual standards make up the series? 4. What are the issues associated with adopting a formal framework or model? 5. What documents are available from the NIST Computer Security Resource Center, and how can they support the development of a security framework? 6. What benefit can a private, for-profit agency derive from best practices designed for federal agencies? 7. What Web resources can aid an organization in developing best practices as part of a security framework? 8. Briefly describe management, operational, and technical controls, and explain when each would be applied as part of a security framework.

Answer 1

14- When is BC plan used? How do you determine when to use IR plan, DR plan, or BC plan?
BC plan ensures that critical business functions continue if a catastrophic incident or disaster occurs.
IRP: Incident detection, Incident reaction and incident recovery
DRP: Disaster reaction and disaster recovery (Restore operations at primary site)
BCP: Continuity reaction, Alternate site operations.

15-What are the five elements of a business impact analysis?
1.Threat attack identification and prioritization
2.Business unit analysis
3.Attack success scenario development
4.Potential damage assessment
5.Subordinate plan classification.

16-What are Pipkin’s three categories of incident indicators?
1.Possible
2.Probable
3.Definite.

17-What is containment? And why is it part of the planning process?
It is a strategy to stop the incident and attempt to recover control. Containment consists of isolating the affected channels, process, services, or computers, and stopping the losses.

19-What is an after-action review? When is it performed? Why is it done?
It is a detailed examination of the events that occurred from first detection to final recovery. An AAR is an assessment conducted after a project or major activity that allows employees and leaders to discover (learn) what happened and why. It may be thought of as a professional discussion of an event that enable employees to understand why things happened during the progression of the process and to learn from that experience.

Answer 2

ybersecurity risk assessment is the process of identifying and evaluating risks for assets that could be affected by cyberattacks. Basically, you identify both internal and external threats; evaluate their potential impact on things like data availability, confidentiality and integrity; and estimate the costs of suffering a cybersecurity incident. With this information, you can tailor your cybersecurity and data protection controls to match your organization’s actual level of risk tolerance.

To get started with IT security risk assessment, you need to answer three important questions:

• What are your organization’s critical information technology assets — that is, the data whose loss or exposure would have a major impact on your business operations?

• What are the key business processes that utilize or require this information?

• What threats could affect the ability of those business functions to operate?

Once you know what you need to protect, you can begin developing strategies. However, before you spend a dollar of your budget or an hour of your time implementing a solution to reduce risk, be sure to consider which risk you are addressing, how high its priority is, and whether you are approaching it in the most cost-effective way.

Importance of regular IT security assessments

Conducting a thorough IT security assessment on a regular basis helps organizations develop a solid foundation for ensuring business success.

In particular, it enables them to:

• Identify and remediate IT security gaps

• Prevent data breaches

• Choose appropriate protocols and controls to mitigate risks

• Prioritize the protection of the asset with the highest value and highest risk

• Eliminate unnecessary or obsolete control measures

• Evaluate potential security partners

• Establish, maintain and prove compliance with regulations

• Accurately forecast future needs