List the three categories of security controls, countermeasures and safeguards that should be implemented in a conceptual layered defense-in-depth manner to protect information assets. (Brief Response, category name only)
Added by Travis C.
Close
Step 1
A layered defense-in-depth approach uses multiple layers of security to protect assets. If one layer fails, others are in place to mitigate the risk. Show more…
Show all steps
Your feedback will help us improve your experience
Chandra Jain and 82 other AP CS educators are ready to help you.
Ask a new question
Labs
Want to see this concept in action?
Explore this concept interactively to see how it behaves as you change inputs.
Key Concepts
Recommended Videos
Which of the following Information Security control should be implemented to protect data at rest and transit?
Chandra J.
11. Describe two controls that could help mitigate the findings in the PCI DSS audit. One control should be in the information system tier and one control should be in the Organization or Mission/Business Process level. PREPARE TASKS—ORGANIZATION LEVEL Table 1 provides a summary of tasks and expected outcomes for the RMF Prepare step at the organization level. Applicable Cybersecurity Framework constructs are also provided. TABLE 1: PREPARE TASKS AND OUTCOMES—ORGANIZATION LEVEL Tasks Outcomes TASK P-1 RISK MANAGEMENT ROLES Individuals are identified and assigned key roles for executing the Risk Management Framework. [Cybersecurity Framework: ID.AM-6; ID.GV-2] TASK P-2 RISK MANAGEMENT STRATEGY A risk management strategy for the organization that includes a determination and expression of organizational risk tolerance is established. [Cybersecurity Framework: ID.RM; ID.SC] TASK P-3 RISK ASSESSMENT—ORGANIZATION An organization-wide risk assessment is completed or an existing risk assessment is updated. [Cybersecurity Framework: ID.RA; ID.SC-2] TASK P-4 ORGANIZATIONALLY-TAILORED CONTROL BASELINES AND CYBERSECURITY FRAMEWORK PROFILES (OPTIONAL) Organizationally-tailored control baselines and/or Cybersecurity Framework Profiles are established and made available. [Cybersecurity Framework: Profile] TASK P-5 COMMON CONTROL IDENTIFICATION Common controls that are available for inheritance by organizational systems are identified, documented, and published. TASK P-6 IMPACT-LEVEL PRIORITIZATION (OPTIONAL) A prioritization of organizational systems with the same impact level is conducted. [Cybersecurity Framework: ID.AM-5] TASK P-7 CONTINUOUS MONITORING STRATEGY—ORGANIZATION An organization-wide strategy for monitoring control effectiveness is developed and implemented. [Cybersecurity Framework: DE.CM; ID.SC-4]
Akash M.
Question 1 (2 points) If you shift your risk by using other means to compensate for the loss like purchasing insurance, you have implemented what type of strategy to manage risk? Question 1 options: 1) avoidance 2) acceptance 3) transference 4) limitation Question 2 (2 points) What term is used to describe a physical device has a digital display that displays a unique login number to authenticate an employee each they access the organization's network? Question 2 options: Firewall Token Public-key Certificate Question 3 (2 points) What type of control prevents unauthorized individuals from gaining access to a company's facilities using resources such as walls, doors, fencing, gates, locks, badges, guards, and alarm systems? Question 3 options: 1) Physical control 2) Network controls 3) Communication control 4) Access control Question 4 (2 points) Why is it difficult to conduct a security cost-benefit justification for controls before an attack occurs? Question 4 options: Security costs are measured as operational costs while the benefits of security must be depreciated over multiple fiscal years Most security breaches do not have a material economic cost Because it is difficult to assess the impact (cost) of a hypothetical attack There are no widely-accepted models for conducting cost-benefit analysis of security controls Question 5 (2 points) Which of the following issues is typically not part of the information security risk assessment process? Question 5 options: Assess the value of each asset being protected Perform background checks on all employees responsible for the security of the asset Compare the probable costs of the asset's being compromised with the costs of protecting that asset Estimate the probability that each asset will be compromised
James K.
Recommended Textbooks
Computer Science and Information Technology
Introduction to Programming Using Python
Computer Science - An Overview
Transcript
18,000,000+
Students on Numerade
Trusted by students at 8,000+ universities
Watch the video solution with this free unlock.
EMAIL
PASSWORD