Secure Operations Plan
A business continuity plan for organizations. A predetermined set of instructions and procedures that describe how the organizations' business-essential functions will be sustained within 12 hours and up to 30 days.
COOP
The actions taken to render data written on media unrecoverable by both ordinary and extraordinary means.
An update/fix for an IT asset.
Patch
The removal of sensitive data from storage devices in such a way that there is assurance the data may not be reconstructed using normal system functions or software recovery utilities
Clear
The analysis conducted by an organizational official to determine the extent to which changes to systems have affected the security state of the system
Security Impact Analysis
The documentation of a predetermined set of instructions or procedures to detect, respond to, and limit consequences of a malicious cyberattack.
IRP (Incident Response Plan)
A process to render access to target data on the media infeasible for a givel level of effort.
Sanitize
Hardware configuration changes can improve overall system security, however, they may not directly mitigate
To reduce the magnetic flux to virtual zero by applying a reverse magnetizing field
Degausse
What step in the Risk Management Framework assists in developing an organizational continuous monitoring strategy
Prepare
The role of the information system security officer (ISSO) is defined in which NIST standard
NIST SP 800-37 Rev. 2
To keep the organization aware of the systems' security posture and to support risk-based decision-making is best supported by
Continuous Monitoring
What is a collection of activities focused on establishing and maintaining the integrity of products and systems.
Configuration Management
A method of sanitization that renders the target data recovery infeasible and results in the subsequent inability to use the media again.
Destroy
Which NIST standard defines Incident Handling
NIST SP 800-61 Rev. 2
Configuration Management Plan is primarily focused on what parts of the information system?
TCB (Trusted Computing Base) which is hardware, OS, firmware
Name one of the factors which must be considered when assessing the impact of a change.
1. Change's scope
2. The systems and processes it touches
3. Potential to introduce new vulnerabilities
4. Potential to affect existing security controls
What is an identifiable part of a system which is a discrete target of configuration control
CI (Configuration Item)
A method of sanitization that applies physical or logical techniques that render target data recovery infeasible.
Purge
What are the correct steps in Incident Handling?
Preparation, Detection and Analysis, Containment, Eradication, Recovery, Post-Incident Activity
When planning for end-of-life, which NIST standard provides guidelines for Media Sanitization?
NIST SP 800-88 Rev. 1
Which group within the organization is responsible for reviewing all change requests?
CCB (Configuration Control Board)
What is a set of specifications for a system which has been formally reviewed and agreed on at a given point in time?
Baseline Configuration
What is the preferred method of data disposal for data located at a cloud service providers data center?
Crypto-shredding
What is the correct sequence of tasks for the Maintenance process according to NIST SP 160v1r1
1. Prepare for security aspects
2. Perform security aspects of maintenance
3. Perform security aspects of logistics
4.Manage results of security aspects