It security frameworks - Study guides, Class notes & Summaries

In a (n) ____________________, there are policies, standards, baselines, procedures, guidelines, and taxonomy. IT policy framework The security posture of an organization is usually expressed in terms of ___________________, which generally refers to how much risk an organization is willing to accept to achieve its goal, and ____________________, which relates how much variance in the process an organization will accept. risk appetite, risk tolerance Which of the following statemen...

What is the difference between a standard and a policy? - ACCURATE ANSWERS Standard = A mandatory action, explicit rules, controls or configuration settings that are designed to support and conform to a policy. A standard should make a policy more meaningful and effective by including accepted specifications for hardware, software or behavior. Standards should always point to the policy to which they relate. Policy = IT policies help organizations to properly articulate the organization's desi...

WGU C836 COMPLETE QUESTIONS AND ANSWERS | LATEST VERSION | 2024/2025 | 100% PASS What is the purpose of a security baseline? A security baseline establishes a minimum level of security for systems and applications, serving as a reference point for configuring and assessing security controls. How can organizations benefit from implementing security frameworks like NIST or ISO 27001? Security frameworks provide structured approaches to managing security risks, promoting best pra...

ITN 266 EXAM QUESTIONS AND ANSWERS ALL CORRECT What type of organization is subject to FISMA? e-commerce firms medical firms government organizations companies that accept credit card payments - Answer- government organizations The FTC can ________. Both impose fines and require annual audits by external auditing firms for many years impose fines Neither impose fines nor require annual audits by external auditing firms for many years require annual audits by external auditing firm...

CySA+ (CS0-002) CompTIA Cybersecurity Analyst (CySA+) - 10/17/2022 Exam Prep Answered. An analyst needs to forensically examine a Windows machine that was compromised by a threat actor. Intelligence reports state this specific threat actor is characterized by hiding malicious artifacts, especially with alternate data streams. Based on this intelligence, which of the following BEST explains alternate data streams? A. A different way data can be streamlined if the user wants to use less m...

INMT 341 Final Questions with Answers Goverance - Answer-Governing/managing processes, technology, and systems Risk Management - Answer-Identifying (and controlling) the risks associated with processes, technologies and systems Compliance - Answer-Adhering to the laws and regulations that govern organizations (which can vary based on industry, location, and organizational structure). FISMA - Answer-US federal agencies protection of Information and IT systems. GLBA - Answer-US finan...

Operational Design - ANS the conception and construction of the intellectual framework that underpins joint operations plans and their subsequent execution? What is Operational Art? - ANS Operational Art is used to envision conditions that define the desired end state and how to establish those conditions. it helps CDRs to understand, visualize, and describe complex problems and develop a broad operational approach. it syncs our tactical actions with strategic objectives. What are th...

The emerging technology "five horsemen" are - NBRIC: Nanotech, biotech, robotics, information and communication technology, applied cognitive sciences. Implanting organic mini-pumps in veins of the human body (to help people who have circulatory problems) is an example of: - treating the human body as a design space. As humanity progresses into the future, the virtualization of work will - require an integrated evolution of practice, technology, culture, and institutional structures. ...

WGU-C838-Pre-Assessment Exam 2023 update "Which phase of the cloud data lifecycle allows both read and process functions to be performed? (A) Share (B) Store (C) Create (D) Archive" - Answer Create "Which phase of the cloud data security lifecycle typically occurs simultaneously with creation? (A) Use (B) Share (C) Store (D) Destroy" - Answer Store "Which phase of the cloud data life cycle uses content delivery networks? (A) Share (B) Create (C) Destroy (D) Archive" - ...

What is the first step in applying the RMF? correct answers Categorize the information system and the information processed All of the following are risk treatments in different frameworks except? correct answers Ignore Which of the following is NOT one of the components of the COSO framework? correct answers Meeting stakeholder needs Which of the following is a generic blueprint offered by a service organization which must be flexible, scalable, robust, and detailed? correct answers se...