WGU C795- Cybersecurity Management II – Tactical Latest Updated 2022 Graded A+

Document Content and Description Below

WGU C795- Cybersecurity Management II – Tactical Latest Updated 2022 Graded A+ Security Tests Correct Answer-Security tests verify that a control is functioning properly. These tests include aut... omated scans, tool-assisted penetration tests, and manual attempts to undermine security. Security testing should take place on a regular schedule, with attention paid to each of the key security controls protecting an organization. Security Assessments Correct Answer-Comprehensive reviews of the security of a system, application, or other tested environment. During a security assessment, a trained information security professional performs a risk assessment that identifies vulnerabilities in the tested environment that may allow a compromise and makes recommendations for remediation, as needed. NIST SP 800-53A Correct Answer-Guide for Assessing the Security Controls an privacy controls in Federal Information Systems Security Audits Correct Answer-Use many of the same techniques followed during security assessments but must be performed by independent auditors. Audits are performed with the purpose of demonstrating the effectiveness of controls to a third party. Auditors provide an impartial, unbiased view of the organization's security controls. Internal Audits Correct Answer-Performed by an organization's internal audit staff and are typically intended for internal audiences. External Audits Correct Answer-External audits are performed by an outside auditing firm. These audits have a high degree of external validity because the auditors performing the assessment theoretically have no conflict of interest with the organization itself. Audits performed by these firms are generally considered acceptable by most investors and governing body members. SAE 18 Correct Answer-The Statement on Standards for Attestation Engagements document 18. SAE 18, titled Reporting on Controls , provides a common standard to be used by auditors performing assessments of service organizations with the intent of allowing the organization to conduct an external assessment instead of multiple third- party assessments and then sharing the resulting report with customers and potential customers. Outside of the United States, similar engagements are conducted under the International Standard for Attestation Engagements (ISAE) 3402, Assurance Reports on Controls at a Service Organization . Service Organization Controls (SOC) Audits Correct Answer-SSAE 18 and ISAE 3402 engagements are commonly referred to as service organization controls (SOC) audits, and they come in three forms: SOC 1 Engagements SOC 2 Engagements SOC 3 Engagements SOC 1 Engagements Correct Answer-Assess the organization's controls that might impact the accuracy of financial reporting. SOC 2 Engagements Correct Answer-Assess the organization's that affect the security (Confidentiality, Integrity, and Availability) and privacy of information stored in a system. Confidential, and are normally only shared outside the organization under an NDA. SOC 3 Engagements Correct Answer-Assess the organization's that affect the security (Confidentiality, Integrity, and Availability) and privacy of information stored in a system. SOC 3 audit results are intended for public disclosure. Type I Report Correct Answer-Provides the auditor's opinion on the description provided by management and the suitability of the design of the controls. Usually focuses on a specific point in time. Type II Report Correct Answer-Provides the auditor's opinion on the operating effectiveness of the controls. Covers an extended period of time. Control Objectives for Information and Related Technology (COBIT) Correct Answer-COBIT describes the common requirements that organizations should have in place surrounding their information systems. The COBIT framework is maintained by ISACA. International Organization for Standardization (ISO) Correct Answer-Publishes a set of standards for information security. ISO 27001 Correct Answer-The ISO (International Organization for Standardization) 27001 standard is a code of practice for implementing an information security management system, against which organizations can be certified. [Show More]

Last updated: 1 year ago

Preview 1 out of 32 pages