Home / annualized rate of occurrence aro / 5.0 Governance, Risk, and Compliance - ECPI University

5.0 Governance, Risk, and Compliance - ECPI University - annualized rate of occurrence aro

5.0 Governance, Risk, and Compliance - ECPI University-annualized rate of occurrence aro

5.0 Governance, Risk, and Compliance
5.1 Compare and contrast various types of controls.
? Category ? Control type - Deterrent
- Managerial - Preventive - Compensating
- Operational - Detective - Physical
- Technical - Corrective
5.2 Explain the importance of applicable regulations, standards, or
frameworks that impact organizational security posture.
? Regulations, standards, and legislation and Technology (NIST) Risk - Cloud control matrix
- General Data Protection Management Framework (RMF)/ - Reference architecture
Regulation (GDPR) Cybersecurity Framework ? Benchmarks /secure
- National, territory, or state laws (CSF) configuration guides
- Payment Card Industry Data - International Organization - Platform/vendor-specific guides
Security Standard (PCI DSS) for Standardization (ISO) - Web server
? Key frameworks 27001/27002/27701/31000 - OS
- Center for Internet Security (CIS) - SSAE SOC 2 Type I/II - Application server
- National Institute of Standards - Cloud security alliance - Network infrastructure devices
5.3 Explain the importance of policies to organizational security.
? Personnel - Computer-based training (CBT) ? Data
- Acceptable use policy - Role-based training - Classification
- Job rotation ? Diversity of training techniques - Governance
- Mandatory vacation ? Third-party risk management - Retention
- Separation of duties - Vendors ? Credential policies
- Least privilege - Supply chain - Personnel
- Clean desk space - Business partners - Third-party
- Background checks - Service level agreement (SLA) - Devices
- Non-disclosure agreement (NDA) - Memorandum of - Service accounts
- Social media analysis understanding (MOU) - Administrator/root accounts
- Onboarding - Measurement systems analysis (MSA) ? Organizational policies
- Offboarding - Business partnership agreement (BPA) - Change management
- User training - End of life (EOL) - Change control
- Gamification - End of service life (EOSL) - Asset management
- Capture the flag - NDA
- Phishing campaigns
- Phishing simulations
CompTIA Security+ Certification Exam Objectives Version 3.0 (Exam Number: SY0-601)
5.0 Governance, Risk, and Compliance
5.4 Summarize risk management processes and concepts.
? Risk types - Risk control self-assessment ? Disasters
- External - Risk awareness - Environmental
- Internal - Inherent risk - Person-made
- Legacy systems - Residual risk - Internal vs. external
- Multiparty - Control risk ? Business impact analysis
- IP theft - Risk appetite - Recovery time objective (RTO)
- Software compliance/licensing - Regulations that affect risk posture - Recovery point objective (RPO)
? Risk management strategies - Risk assessment types - Mean time to repair (MTTR)
- Acceptance - Qualitative - Mean time between failures (MTBF)
- Avoidance - Quantitative - Functional recovery plans
- Transference - Likelihood of occurrence - Single point of failure
- Cybersecurity insurance - Impact - Disaster recovery plan (DRP)
- Mitigation - Asset value - Mission essential functions
? Risk analysis - Single-loss expectancy (SLE) - Identification of critical systems
- Risk register - Annualized loss expectancy (ALE) - Site risk assessment
- Risk matrix/heat map - Annualized rate of occurrence (ARO)
- Risk control assessment
5.5 Explain privacy and sensitive data concepts in relation to security.
? Organizational consequences - Personally identifiable ? Information life cycle
of privacy and data breaches information (PII) ? Impact assessment
- Reputation damage - Health information ? Terms of agreement
- Identity theft - Financial information ? Privacy notice
- Fines - Government data
- IP theft - Customer data
? Notifications of breaches ? Privacy enhancing technologies
- Escalation - Data minimization
- Public notifications and disclosures - Data masking
? Data types - Tokenization
- Classifications - Anonymization
- Public - Pseudo-anonymization
- Private ? Roles and responsibilities
- Sensitive - Data owners
- Confidential - Data controller
- Critical - Data processor
- Proprietary - Data custodian/steward
- Data protection officer (DPO)
CompTIA Security+ Certification Exam Objectives Version 3.0 (Exam Number: SY0-601)

Pdf INFO

Creator: Adobe InDesign 16.0 (Windows)
Producer: Adobe PDF Library 15.0
CreationDate: Tue Jun 8 21:00:21 2021
ModDate: Tue Jun 8 21:00:54 2021
Tagged: no
Form: none
Pages: 2
Encrypted: no
Page size: 612 x 792 pts (letter) (rotated 0 degrees)
File size: 46334 bytes
Optimized: yes
PDF version: 1.7

Online Preview Download

Hot Searches