100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
CFR 410 Part 1 With Correct Questions And Answers | Verified Solutions 2024 $12.99   Add to cart

Exam (elaborations)

CFR 410 Part 1 With Correct Questions And Answers | Verified Solutions 2024

 5 views  0 purchase
  • Course
  • Institution

CFR 410 Part 1 With Correct Questions And Answers | Verified Solutions 2024

Preview 2 out of 7  pages

  • April 27, 2024
  • 7
  • 2023/2024
  • Exam (elaborations)
  • Questions & answers
avatar-seller
CFR 410 Part 1 With Correct Questions
And Answers | Verified Solutions 2024
Elements of Cybersecurity - Correct Answer-Assets, Threats, Attack, Vulnerability,
Exploit, Control

Risk-Determining Risk - Correct Answer-Risk is often associated with the loss of a
system, power, or network, and other physical losses. Risk=Threats X Vulnerabilities X
Consequences

Asset - Correct Answer-Anything of value which could be damaged, lost, harmed.
Includes loss of intellectual property, trade secrets

Threats - Correct Answer-Events or Actions which could potentially cause loss,
damage, harm, compromise to asset or services

Attack - Correct Answer-The act (Intentional) to bypass/destroy/compromise security
services or compromise an IT System or IT Control

Vulnerability - Correct Answer-Something which could leave an IT System open to
harm/compromise/destruction. Things like backdoors, insecure-weak passwords, limited
physical security, software bugs

Exploit - Correct Answer-Method or technique used by attacker to take advantage of a
know/unknown weakness in IT services/devices. Can be a device, software, script, or
physical action

Controls - Correct Answer-It is a specific method, techniques put in place to avoid,
counteract, mitigate known security risks

Determining Risk- Risk=Threats X Vulnerabilities X Consequences - Correct Answer-A
threat (something/someone can take advantage of vulnerabilities) A vulnerability
(weakness/deficiency) which enables an attacker(s) to violate/harm/disclose/deny
access to an IT System. A consequence (So what/impact/Result) is damage
(Actual/Intellectual/Reputation) that occurs from the attack.

The factors which make up risk - Correct Answer-Threats, Vulnerabilities, and
Consequences

The risk management process (4 Step) Identify, Assessment, Analysis, Response -
Correct Answer-Basically, defined as the cyclical (revolving) process of identifying,
assessing, analyzing, and responding to risks to safeguard IT
Services/Devices/Intellectual Property/Corp Information.

, Knowing Risk Exposure in risk Management - Correct Answer-Exposure is a
property/indicator which dictates how susceptible (Open to attack) an
organization/Company/system is to damage/loss/release-Confidential or sensitive
Information. Risk exposure defined by multiplying all three factors (Vulnerability X
Exposure X Consequences). Again Complexity Possibility and Impact determines
Priority.

SOC/Cybersecurity conduct Risk Analysis to Protect/Prevent - Correct Answer-Analysis
helps determine how to protect devices, networks, information, people, and other
assets. Goal is to minimize damage to the organization (Reputation, Finance, Physical
Assets).

Three types of Risk Analysis - Correct Answer--Qualitative (Ranking, Generalizations,
Estimations) -Quantitative ($$ or ## Stats) - Semi-quantitative (Hybrid) Some times
value greater than the numbers ($$-##)

Qualitative Analysis - Correct Answer-Qualitative analysis methods use descriptions
and words to measure vs numbers and amounts. Terms like High, Medium, Low.
Ranking/Scales such as 1-10 to reflect likelihood and impact of a risk.

Quantitative analysis - Correct Answer-Quantitative analysis is completely based on
numeric values (raw data). Data from historical averages/numbers but caution as risk
may not be quantifiable using strictly Numbers.

Semi-quantitative - Correct Answer-Semi-quantitative analysis (Hybrid) exists due to
impossibilities for a pure quantitative assessments. Example is reputation which is
speculative.

Understanding various types of Risk in an organization - Correct Answer-Legal,
Physical (assets), Financial, Operations (services), Infrastructure, Intellectual property,
Health, and reputation of a company/organization

Security Standards and Frameworks (Various Organizations) - Correct Answer-NIST,
FISMA, RMF, COBIT, ITAF, IS/IEC 2700 series, Information Security Forum (ISF), REC
2196, Center for Internet Security (CIS)

National Institute of Standards and Technology (NIST) - Correct Answer-NIST- Non-
regulator US Government Agency. Unified Framework, Provides Guidance for
managing Risk, Seeks to adopt Best Practices in Cybersecurity. Consist of CORE
(Activities/outcomes), PROFILE (Outcome to Organization, TIERS (RM aligns
Cybersecurity Framework Characteristics).

NIST SP 800-61 - Correct Answer-Computer Security Incident Handling Guide
(Cybersecurity).

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller Elitaa. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $12.99. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

75632 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$12.99
  • (0)
  Add to cart