Security Domains
This security domain conducts security control testing audits, and collects and analyzes data.
What is Security Assessment and Testing?
This is the first step in the Risk Management Framework, which is necessary to manage security and privacy risks before a breach occurs.
What is to Prepare?
This is accepting a risk to avoid disrupting business continuity.
What is Acceptance?
Anything that can impact the confidentiality, integrity, and availability of an asset.
What are Risks?
This is the sixth step in the RMF of being accountable for the security and privacy risks that may exist in an organization.
What is to Authorize?
This security domain optimizes data security by using effective tools, systems, and processes.
What is Security Architecture and Engineering?
This is the second step in the Risk Management Framework that is used to develop risk management processes and tasks.
What is to Categorize?
This is creating a plan to avoid the risk altogether.
What is Avoidance?
Any circumstance or event that can negatively impact assets.
What are Threats?
This security domain conducts investigations and implements preventative measures.
What is Security Operations?
This security domain has security goals and objectives, risk, mitigation, compliance, business, continuity and the law.
What is Security and Risk Management?
This is the third step in the Risk Management Framework to choose, customize, and capture documentation of the controls that protect an organization.
What is it to Select?
This is Transferring risk to a third party to manage.
What is Transference?
A weakness that can be exploited by a threat.
What are Vulnerabilities?
This security domain uses access and authorization to secure data and manage assets.
What is Identity and Access Management?
This security domain secures assets; Storage, maintenance, retention, and destruction of data.
What is Asset Security?
This is the fourth step in the RMF for security and privacy plans for the organization.
What is to Implement?
This is lessening the impact of a known risk.
What is Mitigation?
Information that's not available to the public; may cause damage to the org's finances, reputation, or ongoing operations.
What is a Medium Risk?
What is it to Monitor?
This security domain manages and secures physical networks and wireless communications.
What Communication and Network Security?
This is the fifth step in the RMF to determine if established controls are implemented correctly.
What is to Assess?
This is a Zero Logon.
What is a common vulnerability?
Any information protected by regulations or laws, if compromised, would have a severe negative impact on the org's finances, ongoing operations, or reputation.
What is a high risk?
This security domain uses secure coding practices to create secure applications and services.
What is Software Development Security?