CyberRookie CSX Fundamentals - Section 2: Cybersecurity Concepts

Document Content and Description Below

CyberRookie CSX Fundamentals - Section 2: Cybersecurity Concepts 1 / 9 1. Core duty of cybersecurity: to identify, mitigate and manage cyberrisk to an organization's digital assets 2. Assessing ri... sk: one of the most critical functions of a cybersecurity organization 3. Dependent on understanding the risk and threats an organization faces- : Effective policies, security implementations, resource allocation and incident response preparedness 4. (3) three different approaches to implementing cybersecurity: Compliance-based, Risk-based, Ad hoc 5. Compliance-based: Also known as standards-based security, this approach relies on regulations or standards to determine security implementations. Controls are implemented regardless of their applicability or necessity, which often leads to a "checklist" attitude toward security. 6. Risk-based: relies on identifying the unique risk a particular organization faces and designing and implementing security controls to address that risk above and beyond the entity's risk tolerance and business needs. 7. Ad hoc: implements security with no particular rationale or criteria. Driven by vendor marketing, or they may reflect insufficient subject matter expertise, knowledge or training when designing and implementing safeguards. 8. Most organizations with mature security programs use a combination of these two (2) approaches.: risk-based and compliance-based 9. Require risk assessments to drive the particular implementation of the required controls.: Payment Card Industry Data Security Standard (PCIDSS) or the US Health Insurance Portability and Accountability Act (HIPAA). 10. Risk: The combination of the probability of an event and its consequence and mitigated through the use of controls or safeguards. 11. Threat: Anything (e.g., object, substance, human) that is capable of acting against an asset in a manner that can result in harm. A potential cause of an unwanted incident. 12. Threat source: as the actual process or agent attempting to cause harm 13. Threat event: as the result or outcome of a threat agent's malicious activity. 14. Asset: Something of either tangible or intangible value that is worth protecting, including people, information, infrastructure, finances and reputation [Show More]

Last updated: 1 year ago

Preview 1 out of 9 pages