COBIT 2019, the NIST Cybersecurity Framework, and the Center for Internet Security (CIS) Controls share all of the following characteristics except Alignment with standards. Top-down risk-based approach. Adaptability. Best practices guidance.
Added by Eva M.
Close
Step 1
This means three of the options are shared characteristics, and one is not. Let's analyze each option: * **Alignment with standards:** All three frameworks (COBIT 2019, NIST CSF, and CIS Controls) are designed to align with various international and industry Show more…
Show all steps
Your feedback will help us improve your experience
Akash M and 96 other AP CS educators are ready to help you.
Ask a new question
Labs
Want to see this concept in action?
Explore this concept interactively to see how it behaves as you change inputs.
Key Concepts
Recommended Videos
11. Describe two controls that could help mitigate the findings in the PCI DSS audit. One control should be in the information system tier and one control should be in the Organization or Mission/Business Process level. PREPARE TASKS—ORGANIZATION LEVEL Table 1 provides a summary of tasks and expected outcomes for the RMF Prepare step at the organization level. Applicable Cybersecurity Framework constructs are also provided. TABLE 1: PREPARE TASKS AND OUTCOMES—ORGANIZATION LEVEL Tasks Outcomes TASK P-1 RISK MANAGEMENT ROLES Individuals are identified and assigned key roles for executing the Risk Management Framework. [Cybersecurity Framework: ID.AM-6; ID.GV-2] TASK P-2 RISK MANAGEMENT STRATEGY A risk management strategy for the organization that includes a determination and expression of organizational risk tolerance is established. [Cybersecurity Framework: ID.RM; ID.SC] TASK P-3 RISK ASSESSMENT—ORGANIZATION An organization-wide risk assessment is completed or an existing risk assessment is updated. [Cybersecurity Framework: ID.RA; ID.SC-2] TASK P-4 ORGANIZATIONALLY-TAILORED CONTROL BASELINES AND CYBERSECURITY FRAMEWORK PROFILES (OPTIONAL) Organizationally-tailored control baselines and/or Cybersecurity Framework Profiles are established and made available. [Cybersecurity Framework: Profile] TASK P-5 COMMON CONTROL IDENTIFICATION Common controls that are available for inheritance by organizational systems are identified, documented, and published. TASK P-6 IMPACT-LEVEL PRIORITIZATION (OPTIONAL) A prioritization of organizational systems with the same impact level is conducted. [Cybersecurity Framework: ID.AM-5] TASK P-7 CONTINUOUS MONITORING STRATEGY—ORGANIZATION An organization-wide strategy for monitoring control effectiveness is developed and implemented. [Cybersecurity Framework: DE.CM; ID.SC-4]
Akash M.
XYZ Bank is in the process of implementing the NIST Cybersecurity Framework. They have identified several gaps in the current cybersecurity program and need to prioritize their efforts. Which stage of the NIST Cybersecurity Framework should XYZ Bank focus on to identify common controls and prioritize them according to the potential impact of an attack?
Rashmi S.
The Committee of Sponsoring Organizations of the Treadway Commission (widely known as COSO) revised its Internal Control - Integrated Framework to update its guidance to reflect a number of advancements in best practices, including those related to information technologies. Visit COSO's website (www.coso.org) to obtain a copy of the Executive Summary of the Internal Control - Integrated Framework. Review that summary to answer the following questions: (a) Which component of internal control contains principle(s) related to the board of directors? (b) Summarize the primary responsibilities related to board of director oversight noted in the COSO summary.
Recommended Textbooks
Computer Science and Information Technology
Introduction to Programming Using Python
Computer Science - An Overview
Transcript
18,000,000+
Students on Numerade
Trusted by students at 8,000+ universities
Watch the video solution with this free unlock.
EMAIL
PASSWORD