COBIT 5 enablers (CH1) Correct Answer-COBIT 5 is an information security management
system (ISMS) backed by ISACA, an international professional
... [Show More] association serving a broad
range of IT governance professionals and a framework accepted by many assurance and
governance professionals.
---
begins with principles, policies, and frameworks as mechanisms acting as hand-rails guiding
desired behavior for day-to-day management. Processes describe an organized set of practices
and activities to achieve certain objectives and produce a set of outputs in support of achieving
cybersecurity objectives aligned to enterprise objectives. Organizational structures are the key
decision-making entities in an enterprise. Culture, ethics, and behavior of individuals and of the
enterprise are a key success factor in governance and management activities. Information is
organization pervasive and includes all information produced and used by the enterprise.
Information is not only required to keep the organization running and well governed, but is often
the key product of the operational enterprise. Services, infrastructure, and applications include
the infrastructure, technology, and applications that provide the enterprise with information
technology processing and services. People, skills, and competencies are linked to people and are
required for successful completion of all activities and for making correct decisions and taking
corrective actions. Note that portions of this text are presented both in this course and in
Cybersecurity Management II - Tactical.
ISO 31000:2009 (CH1) Correct Answer-Risk management—Principles and guidelines
Maturity (CH1) Correct Answer-Concept relating to the current or future state, fact, or period of
evolving development, quality, sophistication, and effectiveness (not necessarily age dependent).Enterprise-wide risk management (ERM) (CH1) Correct Answer-Typically synonymous with
risk management for all sectors; also used to emphasize an integrated and holistic "umbrella"
approach delivering objectives by managing risk across an organization, its silos, its risk
specialist, and other subfunctions and processes.
Maturity model (CH1 Correct Answer-A simplified system that "road-maps" improving, desired,
anticipated, typical, or logical evolutionary paths of organization actions. The ascending
direction implies progression increases organization effectiveness over time (albeit subject to
stasis and regression).
Cybersecurity (CH2) Correct Answer-Cybersecurity is the ongoing application of best practices
intended to ensure and preserve confidentiality, integrity, and availability of digital information
as well as the safety of people and environments
Pillars of Security CIA and Safety Correct Answer-The pillars of cybersecurity used to be a
triad: confidentiality, integrity, and availability. Safety is the newest member of the roster,
making it a lovely quartet, and introduced to address everyday‐life threats posed by the Internet
of Things (IoT).
Confidentiality Correct Answer-In general, there are three accepted degrees of confidentiality:
top secret, secret, and confidential.
Disclosure of information could cause: Correct Answer-Disclosure of information could cause:
Exceptionally grave prejudice
Serious harm
Harm
Disadvantage
To properly protect the confidentiality of data, which of the following is most important to
define?-Acceptable use policy
-Data Classification
-Risk appetite
-Encryption algoriths Correct Answer-Data Classification
Every organization will approach data confidentiality differently but will require some sort of
data classification (e.g., public, confidential, secret, top secret). Without having an established
classification scheme, and subsequent proper labeling of the data, it is very difficult to effectively
implement data confidentiality.
Integrity Correct Answer-Integrity is the set of practices and tools (controls) designed to protect,
maintain, and ensure both the accuracy and completeness of data over its entire life cycle.
How do you achieve integrity? You do it by implementing digital signatures, write‐once‐read‐
many logging mechanisms, and hashing.
Availability Correct Answer-Availability, pillar number 3, is the set of practices and tools
designed to ensure timely access to data. If your computer is down, availability is compromised.
If your Internet connection is moving at a snail's pace, availability is compromised. How do you
ensure availability? In one word? Backup. In two words? Redundancy and backup.
Safety Correct Answer-Finally, term number 4: safety. It is the newest pillar in cybersecurity, but
one whose impact is potentially the most critical. This is where cybersecurity incidents could
result in injuries, environmental disasters, and even loss of life. [Show Less]