Sherwood Applied Business Security Architecture
(SABSA) – Questions With Solutions (A+)
Sherwood Applied Business Security Architecture (SABSA) Correct
Answer - maintained by the SABSA Institute, is a methodology for providing
information assurance aligned to business needs and driven by risk analysis.
SABSA methodology Correct Answer - is designed to be applicable to
different types of organizations and scalable for use on small-scale projects
through to providing overarching enterprise information assurance.
SABSA methodology Correct Answer - The methodology is applied using
a lifecycle model of strategy/planning, design, implementation, and
management/measurement.
cybersecurity framework Correct Answer - is a list of activities and
objectives undertaken to mitigate risks
cybersecurity framework Correct Answer - This is valuable for giving a
structure to internal risk management procedures and also provides an
externally verifiable statement of regulatory compliance.
Frameworks Correct Answer - are also important because they save an
organization from building its security program in a vacuum, or from building
the program on a foundation that fails to account for important security
concepts.
The National Institute of Standards and Technology (NIST) Cybersecurity
Framework Correct Answer - is a relatively new addition to the IT
governance space and distinct from other frameworks by focusing exclusively
on IT security, rather than IT service provision more generally.
The National Institute of Standards and Technology (NIST) Cybersecurity
Framework Correct Answer - It is developed for a US audience and
focuses particularly on US government, but its recommendations can be
adapted for other countries and types of organizations.
, International Organization for Standardization (ISO) Correct Answer -
has produced a cybersecurity framework in conjunction with the
International Electrotechnical Commission (IEC).
International Organization for Standardization (ISO) Correct Answer - -
this framework must be purchased.
- ISO 27001 is part of an overall 27000 series of information security
standards.
Control Objectives for Information and Related Technologies (COBIT)
Correct Answer - - is an overall IT governance framework with security as a
core component.
-is also a commercial product like ISO and is available in APMG International.
Federal Information Security Management Act (FISMA) Correct Answer -
was introduced to govern the security of data processed by federal
government agencies
Federal Information Security Management Act (FISMA) Correct Answer -
-its compliance is audited through the risk management framework (RMF),
developed by NIST.
-compliance process was called Certification & Accreditation (C&A).
True Correct Answer - Although a framework gives a "high-level" view
of how to plan IT services, it does not generally provide detailed
implementation guidance.
The Open Web Application Security Project (OWASP) Correct Answer -
is a not-for- profit, online community that publishes several secure application
development resources, such as the Top 10 list of the most critical application
security risks.
The Open Web Application Security Project (OWASP) Correct Answer -
has also developed resources, such as the Zed Attack Proxy and Webgoat (a
deliberately unsecure web application), to help investigate and understand
penetration testing and application security issues.
(SABSA) – Questions With Solutions (A+)
Sherwood Applied Business Security Architecture (SABSA) Correct
Answer - maintained by the SABSA Institute, is a methodology for providing
information assurance aligned to business needs and driven by risk analysis.
SABSA methodology Correct Answer - is designed to be applicable to
different types of organizations and scalable for use on small-scale projects
through to providing overarching enterprise information assurance.
SABSA methodology Correct Answer - The methodology is applied using
a lifecycle model of strategy/planning, design, implementation, and
management/measurement.
cybersecurity framework Correct Answer - is a list of activities and
objectives undertaken to mitigate risks
cybersecurity framework Correct Answer - This is valuable for giving a
structure to internal risk management procedures and also provides an
externally verifiable statement of regulatory compliance.
Frameworks Correct Answer - are also important because they save an
organization from building its security program in a vacuum, or from building
the program on a foundation that fails to account for important security
concepts.
The National Institute of Standards and Technology (NIST) Cybersecurity
Framework Correct Answer - is a relatively new addition to the IT
governance space and distinct from other frameworks by focusing exclusively
on IT security, rather than IT service provision more generally.
The National Institute of Standards and Technology (NIST) Cybersecurity
Framework Correct Answer - It is developed for a US audience and
focuses particularly on US government, but its recommendations can be
adapted for other countries and types of organizations.
, International Organization for Standardization (ISO) Correct Answer -
has produced a cybersecurity framework in conjunction with the
International Electrotechnical Commission (IEC).
International Organization for Standardization (ISO) Correct Answer - -
this framework must be purchased.
- ISO 27001 is part of an overall 27000 series of information security
standards.
Control Objectives for Information and Related Technologies (COBIT)
Correct Answer - - is an overall IT governance framework with security as a
core component.
-is also a commercial product like ISO and is available in APMG International.
Federal Information Security Management Act (FISMA) Correct Answer -
was introduced to govern the security of data processed by federal
government agencies
Federal Information Security Management Act (FISMA) Correct Answer -
-its compliance is audited through the risk management framework (RMF),
developed by NIST.
-compliance process was called Certification & Accreditation (C&A).
True Correct Answer - Although a framework gives a "high-level" view
of how to plan IT services, it does not generally provide detailed
implementation guidance.
The Open Web Application Security Project (OWASP) Correct Answer -
is a not-for- profit, online community that publishes several secure application
development resources, such as the Top 10 list of the most critical application
security risks.
The Open Web Application Security Project (OWASP) Correct Answer -
has also developed resources, such as the Zed Attack Proxy and Webgoat (a
deliberately unsecure web application), to help investigate and understand
penetration testing and application security issues.
