C727 - Cybersecurity Management I – Strategic Questions and Answers Latest Updated 2022

Document Content and Description Below

C727 - Cybersecurity Management I – Strategic Questions and Answers Latest Updated 2022 COBIT 5 enablers (CH1) Correct Answer-COBIT 5 is an information security management system (ISMS) backed b... y ISACA, an international professional association serving a broad range of IT governance professionals and a framework accepted by many assurance and governance professionals. --- begins with principles, policies, and frameworks as mechanisms acting as hand-rails guiding desired behavior for day-to-day management. Processes describe an organized set of practices and activities to achieve certain objectives and produce a set of outputs in support of achieving cybersecurity objectives aligned to enterprise objectives. Organizational structures are the key decision-making entities in an enterprise. Culture, ethics, and behavior of individuals and of the enterprise are a key success factor in governance and management activities. Information is organization pervasive and includes all information produced and used by the enterprise. Information is not only required to keep the organization running and well governed, but is often the key product of the operational enterprise. Services, infrastructure, and applications include the infrastructure, technology, and applications that provide the enterprise with information technology processing and services. People, skills, and competencies are linked to people and are required for successful completion of all activities and for making correct decisions and taking corrective actions. Note that portions of this text are presented both in this course and in Cybersecurity Management II - Tactical. ISO 31000:2009 (CH1) Correct Answer-Risk management—Principles and guidelines Maturity (CH1) Correct Answer-Concept relating to the current or future state, fact, or period of evolving development, quality, sophistication, and effectiveness (not necessarily age dependent). Enterprise-wide risk management (ERM) (CH1) Correct Answer-Typically synonymous with risk management for all sectors; also used to emphasize an integrated and holistic "umbrella" approach delivering objectives by managing risk across an organization, its silos, its risk specialist, and other subfunctions and processes. Maturity model (CH1 Correct Answer-A simplified system that "road-maps" improving, desired, anticipated, typical, or logical evolutionary paths of organization actions. The ascending direction implies progression increases organization effectiveness over time (albeit subject to stasis and regression). Cybersecurity (CH2) Correct Answer-Cybersecurity is the ongoing application of best practices intended to ensure and preserve confidentiality, integrity, and availability of digital information as well as the safety of people and environments Pillars of Security CIA and Safety Correct Answer-The pillars of cybersecurity used to be a triad: confidentiality, integrity, and availability. Safety is the newest member of the roster, making it a lovely quartet, and introduced to address everyday‐life threats posed by the Internet of Things (IoT). Confidentiality Correct Answer-In general, there are three accepted degrees of confidentiality: top secret, secret, and confidential. Disclosure of information could cause: Correct Answer-Disclosure of information could cause: Exceptionally grave prejudice Serious harm Harm Disadvantage To properly protect the confidentiality of data, which of the following is most important to define? -Acceptable use policy -Data Classification -Risk appetite -Encryption algoriths Correct Answer-Data Classification Every organization will approach data confidentiality differently but will require some sort of data classification (e.g., public, confidential, secret, top secret). Without having an established classification scheme, and subsequent proper labeling of the data, it is very difficult to effectively implement data confidentiality. Integrity Correct Answer-Integrity is the set of practices and tools (controls) designed to protect, maintain, and ensure both the accuracy and completeness of data over its entire life cycle. How do you achieve integrity? You do it by implementing digital signatures, write‐once‐read‐ many logging mechanisms, and hashing [Show More]

Last updated: 1 year ago

Preview 1 out of 48 pages