TQ WEEK 3 cyber
pdf
keyboard_arrow_up
School
Rutgers University, Newark *
*We aren’t endorsed by this school
Course
503
Subject
Information Systems
Date
Apr 3, 2024
Type
Pages
3
Uploaded by MegaSnowHedgehog7
TQ WEEK 3
TQ 3.1:
What are cybersecurity “standards”? Who creates them?
Cybersecurity standards encompass a collection of regulations and principles that
enterprises adhere to to safeguard their networks from cyber threats and attacks. These
standards are formulated to guarantee that enterprises uphold the utmost level of
security for their systems and data while safeguarding their customers' information.
Cybersecurity standards offer organizations a structured framework to adhere to while
contemplating security solutions and policies. These standards generally consist of
recommended methods, principles, and procedures that enterprises must follow to
safeguard their networks and data. They are designed to guarantee that firms
implement essential measures to safeguard their systems and data from cyber threats.
Various organizations and agencies are responsible for developing and maintaining
cybersecurity standards. The National Institute of Standards and Technology (NIST) in
the United States is tasked with developing and maintaining a range of cybersecurity
standards. NIST has created various standards and frameworks that firms utilize to
safeguard their systems and data, such as the NIST Cybersecurity Framework (CSF).
Additional entities responsible for establishing and upholding cybersecurity protocols
are the International Organization for Standardization (ISO), the International
Electrotechnical Commission (IEC), the International Telecommunication Union (ITU),
the American National Standards Institute (ANSI), and the International Organization for
Standardization (ISO). These organizations establish universally recognized guidelines
that organizations worldwide implement to safeguard their networks and data.
Numerous organizations, such as the National Institute of Standards and Technology
(NIST), the International Organization for Standardization (ISO), the Internet
Engineering Task Force (IETF), and the Center for Internet Security (CIS), establish
cybersecurity standards. These organizations establish, preserve, and revise
cybersecurity standards to guarantee that enterprises stay current with the most recent
security methods and technologies.
TQ 3.2:
What are cybersecurity “practices” and “guidelines”? How do they differ from
standards?
A collection of guidelines and processes known as cybersecurity practices are intended
to shield data and networks against online threats and assaults. Usually, these
procedures entail putting in place a range of security controls, including user
authentication, firewalls, antivirus programs, and encryption. The purpose of
cybersecurity procedures is to guarantee that companies are taking the required
precautions to protect their systems and data from online threats.
Ultimately, the implementation of cybersecurity procedures and adherence to guidelines
is of utmost importance for enterprises to safeguard their networks and data from
potential cyber threats. Organizations need to adopt a range of security measures and
protocols, and consistently evaluate and enhance their security measures to proactively
address evolving cyber threats. Furthermore, firms must also establish and enforce
rules to ensure the correct implementation and maintenance of their cybersecurity
procedures.
Cybersecurity standards and practices vary in distinct ways. Cybersecurity standards
encompass a collection of regulations and principles that enterprises are obligated to
adhere to to safeguard their networks and data against cyber hazards. These standards
generally encompass optimal methods, procedures, and directives that enterprises must
follow to safeguard their networks and data. Conversely, cybersecurity practices
encompass a collection of policies and procedures specifically formulated to guarantee
that firms are using the essential measures to safeguard their systems and data against
cyber threats.
Cybersecurity standards primarily address the broader aspects of cybersecurity,
whereas cybersecurity practices pertain to the precise procedures and protocols that
businesses need to adhere to to safeguard their networks and data. As an illustration, a
cybersecurity standard may encompass optimal methods for establishing user
authentication, but a cybersecurity practice may provide explicit guidelines on
configuring and maintaining user authentication.
TQ 3.3:
What is a cybersecurity “framework”? How can they be useful?
A cybersecurity framework comprises a collection of optimal methods and protocols that
organizations can employ to safeguard their networks and data against cyber threats.
These frameworks often consist of instructions and recommendations for establishing
security measures, along with methods for responding to problems. In addition, they
may provide suggestions for the monitoring of networks and systems, as well as the
updating of security measures in response to emerging threats.
Organizations can guarantee the correct implementation and maintenance of their
security measures by employing a cybersecurity framework. Moreover, these
frameworks can assist businesses in identifying possible vulnerabilities and
implementing measures to mitigate them. Implementing this can enable firms to
proactively safeguard their networks and data against cyber threats.
Frameworks can enhance an organization's ability to promptly and efficiently address
issues. These frameworks generally consist of standards and methods for addressing
incidents, together with suggestions on how to investigate and minimize the
consequences of the occurrence. Implementing this solution can enable enterprises to
mitigate the impact of cyber threats and safeguard their systems and data.
TQ 3.4:
Under what circumstances can cybersecurity standards, practices, guidelines,
and frameworks have the force of law?
In specific situations, cybersecurity standards, policies, guidelines, and frameworks may
possess legal authority. When a government or regulatory entity requires them, these
standards, norms, and frameworks typically acquire legal enforceability. For instance,
numerous nations have legislation and regulations mandating that enterprises comply
with specific cybersecurity standards and procedures. As an illustration, the European
Union has formulated the General Data Protection Regulation (GDPR), which mandates
enterprises to comply with specific criteria and structures to safeguard the personal
information of EU residents.
TQ 3.5:
What is PCI-DSS, and how is it enforced?
The Payment Card Industry Data Security Standard (PCI-DSS) is a comprehensive
collection of guidelines and protocols implemented across industries to safeguard the
personal and financial information of individuals during credit or debit card transactions.
The Payment Card Industry Security Standards Council (PCI SSC), a governing body in
charge of establishing security benchmarks for the payment card industry, developed
and upholds PCI-DSS.
The PCI SSC checks that companies are following the PCI-DSS by auditing them
on-site. During these audits, the PCI SSC will scrutinize an organization's security
procedures and policies to verify their compliance with the standard. If an entity fails to
comply with the PCI-DSS, the PCI SSC has the authority to impose various
consequences, such as financial penalties and loss of commercial opportunities.
Moreover, firms can also be held responsible for any financial losses resulting from a
data breach if they do not comply with the PCI-DSS.
Citations:
Week 3 Black Board video presentations
Karen Scarfone, Dan Begini, and Tim Grance, “Cyber Security Standards,” National
Institute of Standards and Technology (NIST), June 2009
PCI-DSS, Quick Reference Guide, V. 3.2.1 (excerpted)
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help