Principles of Cybersecurity
Answer these seven questions as completely as possible – be specific
Cybersecurity is a process that begins with identification and ends with an explicit set of tangible cybersecurity controls. What are the fundamental stages in that process and why is there a need to do those in the right order?
What differentiates the security of operations phase from the policy/strategy phase? What specific things does an operational plan need to factor in that a strategic plan doesn’t? Explain how tailoring factors in here.
What is the purpose of the control status baseline in operational planning? What specific characteristic of the virtual environment makes it essential that control status is constantly updated?
How does situational awareness/incident reporting shape the operational control response? What would be lacking if that function were not carried out on a persistent and continuous basis?
What is the value of management authorization in long-term control operations? Specifically, what does authorization provide that is often missing from the security operations process .
What general education, training and awareness steps does an organization need to take to become more capable? What is the effect of each step, in terms of improved security functioning?
What is an “acceptable use policy” and why is it so potentially important to ensuring security of information?