Scribd
Upload
71 views23 pages

CSX Presentation Topic 1.4 To Knowledge Check

Governance, risk management, and compliance are key aspects of cybersecurity. Governance is the responsibility of senior leadership to provide strategic direction and ensure objectives are achieved. Risk management requires developing internal controls to manage financial, operational, reputational, and other risks. Compliance involves adhering to legal and regulatory requirements as well as contractual obligations. Cybersecurity is the responsibility of the entire organization at all levels.

Uploaded by

C silia
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
71 views23 pages

CSX Presentation Topic 1.4 To Knowledge Check

Governance, risk management, and compliance are key aspects of cybersecurity. Governance is the responsibility of senior leadership to provide strategic direction and ensure objectives are achieved. Risk management requires developing internal controls to manage financial, operational, reputational, and other risks. Compliance involves adhering to legal and regulatory requirements as well as contractual obligations. Cybersecurity is the responsibility of the entire organization at all levels.

Uploaded by

C silia
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 23

G - Governance

R - Risk Management

C - Compliance
GOVERNANCE
Governance is the responsibility of the board of
directors and senior management of the organization.

A governance program has several goals:


• Provide strategic direction
• Ensure that objectives are achieved
• Ascertain whether risk is being managed
appropriately
• Verify that the organization’s resources are being
used responsibly
RISK MANAGEMENT

Risk management is the coordination of activities that


direct and control an enterprise with regard to risk.

Risk management requires the development and


implementation of internal controls to manage and mitigate
risk throughout the organization, including financial,
operational, reputational, and investment risk, physical risk
and cyber risk.
COMPLIANCE
Compliance is the act of adhering to, and the
ability to demonstrate adherence to, mandated
requirements defined by laws and regulations.

It also includes voluntary requirements resulting


from contractual obligations and internal policies.

Cybersecurity is the responsibility


of the entire organization at every
level
ROLE OF THE CYBERSECURITY
PROFESSIONAL
• The cybersecurity professional’s duties include
analysis of policy, trends and intelligence.

• Using problem solving and detection skills, they


strive to better understand how an adversary
may think or behave.

• The inherent complexity of their work requires


the cybersecurity workforce to possess not only
a wide array of technical IT skills, but also
advanced analytical capabilities.

• A cybersecurity professional may be a


practitioner and/or part of senior management.
CYBERSECURITY ROLES
TOPIC 5—CYBERSECURITY DOMAINS

The five cybersecurity domains are:


1)Cybersecurity Concepts
2)Security Architecture Principles
3)Security of Networks, Systems, Applications
and Data
4)Incident Response
5)Security Implications and Adoption of
Evolving Technology
CYBERSECURITY CONCEPTS
This domain provides discussion of critical
concepts such as:

• Basic risk management


• Common attack vectors and threat agents
• Patterns and types of attacks
• Types of security policies and procedures
• Cybersecurity control processes
SECURITY ARCHITECTURE PRINCIPLES
This domain provides information that helps
security professionals identify and apply the
principles of security architecture.

It discusses a variety of topics, including:

• Common security architectures and frameworks


• Perimeter security concepts
• System topology and perimeter concepts
• Firewalls and encryption
• Isolation and segmentation
• Methods for monitoring, detection and logging
SECURITY OF NETWORKS, SYSTEMS,
APPLICATIONS AND DATA
This domain addresses basic system hardening techniques and
security measures, including:

• Process controls
– Risk assessments
– Vulnerability management
– Penetration testing

• Best practices for securing networks, systems, applications and


data
– System and application security threats and vulnerabilities
– Effective controls for managing vulnerabilities
INCIDENT RESPONSE
This domain articulates the critical
distinction between an event and an
incident. More important, it outlines the
steps necessary when responding to a
cybersecurity incident.

It covers the following topics:

• Incident categories
• Disaster recovery and business continuity plans
• Steps of incident response
• Forensics and preservation of evidence

These discussions aim to provide entry-level professionals with the


level of knowledge necessary to respond to cybersecurity incidents
competently.
SECURITY IMPLICATIONS AND ADOPTION
OF EVOLVING TECHNOLOGY

This domain outlines the current threat landscape, including a


discussion of vulnerabilities associated with the following
emerging technologies:

• Mobile devices (bring your own device [BYOD], Internet of


Things [IoT])
• Cloud computing and storage
• Digital collaboration (social media)
SECTION 1—KNOWLEDGE CHECK
SECTION 1—KNOWLEDGE CHECK
SECTION 1—KNOWLEDGE CHECK
SECTION 1—KNOWLEDGE CHECK
SECTION 1—KNOWLEDGE CHECK
SECTION 1—KNOWLEDGE CHECK

National Institute of Standards and Technology under the United States Commerce
Department, the Cybersecurity Framework is a set of guidelines for private sector
companies to follow to be better prepared in identifying, detecting, and responding to
cyber-attacks.
SECTION 1—KNOWLEDGE CHECK
SECTION 1—KNOWLEDGE CHECK
SECTION 1—KNOWLEDGE CHECK
SECTION 1—KNOWLEDGE CHECK
THANK YOU

SMILE!

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy