Description
I’m working on a cyber security exercise and need support to help me learn. please answer like a corporate work style
What is a KRI? What is the purpose of a KRI? Can you provide 2-3 examples of KRIs that pertain to Information Security that may be meaningful to Executives?
What are some elements / metrics which would comprise a good security risk dashboard and when/where/how would you recommend they be measured and reported?Security Risk Management has been informed the Engineering teams have begun utilizing a tool called MINT to manage changes to Affirms technology infrastructure.
Describe what data, processes or requirements must be established in order for the MINT team meet the requirements of the following security control: On a periodic basis, authorized individuals review and approve user access to Affirm systemsWhich NIST control families are applicable to the following PCI DSS requirements? Note for each PCI requirement there is at least one, but can be more NIST control families that apply. Feel free to look more closely at the specific PCI requirements for additional context.
PCI Requirement
NIST Control Family (AC-SR)
- Install and maintain a firewall configuration to protect cardholder data
- Do not use vendor-supplied defaults for system passwords and other security parameters
- Protect stored cardholder data
- Encrypt transmission of cardholder data across open, public networks
- Use and regularly update anti-virus software or programs
- Develop and maintain secure systems and applications
- Restrict access to cardholder data by business need to know
- Assign a unique ID to each person with computer access
- Restrict physical access to cardholder data
- Track and monitor all access to network resources and cardholder data
- Regularly test security systems and processes
- Maintain a policy that addresses information security for all personnel
