Hello Friends in this article i am gone to share Coursera Course: Cybersecurity Policy for Water and Electricity Infrastructures Week 4 | Starting a Cybersecurity Program Quiz Answers with you..
Starting a Cybersecurity Program Quiz Answers
Question 1)
You have successfully convinced management of the benefits of developing a robust cybersecurity program. As the Systems Security Officer, you have decided to implement the NIST Cybersecurity Framework. You have embarked upon Step 3 in the NIST CSF process and started to develop a Current Profile of your cybersecurity practices. You have just started to look at your Asset Management practices under the NIST CSF “Identify” function. At present you are aware that your System Administration Office maintains a list of all IT equipment and conducts an annual inventory to confirm its status. Given this information, which practice subcategories would you say your organization is successfully meeting as depicted in the attached figure? Identify all subcategories with which you think you comply.
- ID.AM-1
- ID.AM-2
- ID.AM-3
- ID.AM-4
- ID.AM-5
- ID.AM-6
Question 2)
As you continue to perform Step 3 in the NIST CSF process and develop a Current Profile of your cybersecurity practices, you move on to Access Control category of the “Protect” function. At present you are aware that your System Administration Office maintains identifications and credentials for all devices, controls physical access and security over your servers, and maintains server firewalls and VPN access. Given this information, which practice subcategories would you say your organization is successfully meeting as depicted in the attached figure? Identify all subcategories with which you think (Select 3)
- PR.AC-1
- PR.AC-2
- PR.AC-3
- PR.AC-4
- PR.AC-5
Question 3)
Six months after you started, you have finally completed Step 3 of the NIST Cybersecurity Framework and developed your Current Profile as listed in the last column of the attached figure. The NIST CSF recognizes four tiers of increasing capability: Tier 1 “Partial”, Tier 2 “Risk Informed”, Tier 3 “Repeatable”, and Tier 4 “Adaptive”. The NIST CSF leaves it to users to determine what subcategories constitute each tier. As part of Step 3, you have made that determination and assigned subcategories as shown in the attached figure. In order to be assessed at a given tier level, you must satisfy all subcategories for that tier plus the ones previous. The “Tier 0” classification means that you don’t satisfy all subcategories to qualify for Tier 1 status. Given the assessment of your current profile, what tier rating would you assess your organization’s cybersecurity practices?
- Tier 0
- Tier 1
- Tier 2
- Tier 3