CSX Presentation Topic 1.4 To Knowledge Check

G - Governance
R - Risk Management
C - Compliance
GOVERNANCE
Governance is the responsibility of the board of
directors and senior management of the organization.
A governance program has several goals:

• Provide strategic direction
• Ensure that objectives are achieved
• Ascertain whether risk is being managed
appropriately
• Verify that the organization’s resources are being
used responsibly
RISK MANAGEMENT
Risk management is the coordination of activities that

direct and control an enterprise with regard to risk.
Risk management requires the development and

implementation of internal controls to manage and mitigate
risk throughout the organization, including financial,
operational, reputational, and investment risk, physical risk
and cyber risk.
COMPLIANCE
Compliance is the act of adhering to, and the
ability to demonstrate adherence to, mandated
requirements defined by laws and regulations.
It also includes voluntary requirements resulting

from contractual obligations and internal policies.
Cybersecurity is the responsibility

of the entire organization at every
level
ROLE OF THE CYBERSECURITY
PROFESSIONAL
• The cybersecurity professional’s duties include
analysis of policy, trends and intelligence.
• Using problem solving and detection skills, they

strive to better understand how an adversary
may think or behave.
• The inherent complexity of their work requires

the cybersecurity workforce to possess not only
a wide array of technical IT skills, but also
advanced analytical capabilities.
• A cybersecurity professional may be a

practitioner and/or part of senior management.
CYBERSECURITY ROLES
TOPIC 5—CYBERSECURITY DOMAINS
The five cybersecurity domains are:

1)Cybersecurity Concepts
2)Security Architecture Principles
3)Security of Networks, Systems, Applications
and Data
4)Incident Response
5)Security Implications and Adoption of
Evolving Technology
CYBERSECURITY CONCEPTS
This domain provides discussion of critical
concepts such as:
• Basic risk management

• Common attack vectors and threat agents
• Patterns and types of attacks
• Types of security policies and procedures
• Cybersecurity control processes
SECURITY ARCHITECTURE PRINCIPLES
This domain provides information that helps
security professionals identify and apply the
principles of security architecture.
It discusses a variety of topics, including:
• Common security architectures and frameworks

• Perimeter security concepts
• System topology and perimeter concepts
• Firewalls and encryption
• Isolation and segmentation
• Methods for monitoring, detection and logging
SECURITY OF NETWORKS, SYSTEMS,
APPLICATIONS AND DATA
This domain addresses basic system hardening techniques and
security measures, including:
• Process controls
– Risk assessments
– Vulnerability management
– Penetration testing
• Best practices for securing networks, systems, applications and

data
– System and application security threats and vulnerabilities
– Effective controls for managing vulnerabilities
INCIDENT RESPONSE
This domain articulates the critical
distinction between an event and an
incident. More important, it outlines the
steps necessary when responding to a
cybersecurity incident.
It covers the following topics:
• Incident categories
• Disaster recovery and business continuity plans
• Steps of incident response
• Forensics and preservation of evidence
These discussions aim to provide entry-level professionals with the

level of knowledge necessary to respond to cybersecurity incidents
competently.
SECURITY IMPLICATIONS AND ADOPTION
OF EVOLVING TECHNOLOGY
This domain outlines the current threat landscape, including a

discussion of vulnerabilities associated with the following
emerging technologies:
• Mobile devices (bring your own device [BYOD], Internet of

Things [IoT])
• Cloud computing and storage
• Digital collaboration (social media)
SECTION 1—KNOWLEDGE CHECK
National Institute of Standards and Technology under the United States Commerce
Department, the Cybersecurity Framework is a set of guidelines for private sector
companies to follow to be better prepared in identifying, detecting, and responding to
cyber-attacks.
THANK YOU
SMILE!

CSX Presentation Topic 1.4 To Knowledge Check

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

CSX Presentation Topic 1.4 To Knowledge Check

Загружено:

Авторское право:

Доступные форматы

G - Governance

A governance program has several goals:

Risk management is the coordination of activities that

Risk management requires the development and

It also includes voluntary requirements resulting

Cybersecurity is the responsibility

• Using problem solving and detection skills, they

• The inherent complexity of their work requires

• A cybersecurity professional may be a

The five cybersecurity domains are:

• Basic risk management

It discusses a variety of topics, including:

• Common security architectures and frameworks

• Best practices for securing networks, systems, applications and

It covers the following topics:

These discussions aim to provide entry-level professionals with the

This domain outlines the current threat landscape, including a

• Mobile devices (bring your own device [BYOD], Internet of

Вам также может понравиться