Unit 1 Worksheet - Build Standards and Compliance

Instructions

Fill out this sheet as you progress through the lab and discussions. Hold your worksheets until the end to turn them in as a final submission packet.

Resources / Important Links

• https://public.cyber.mil/stigs/downloads
• https://excalidraw.com
• https://www.open-scap.org
• https://www.sans.org/information-security-policy
• https://www.sans.org/blog/the-ultimate-list-of-sans-cheat-sheets

Downloads

The worksheet has been provided below. The document(s) can be transposed to the desired format so long as the content is preserved. For example, the .txt could be transposed to a .md file.

• 📥 u1_worksheet(.txt)
• 📥 u1_worksheet(.docx)

Unit 1 Recording

Discussion Post #1

The first question of this course is, "What is Security?"

1. Describe the CIA Triad.
2. What is the relationship between Authority, Will, and Force as they relate to security?
3. What are the types of controls and how do they relate to the above question?

Discussion Post #2

Find a STIG or compliance requirement that you do not agree is necessary for a server or service build.

1. What is the STIG or compliance requirement trying to do?
2. What category and type of control is it?
3. Defend why you think it is not necessary. (What type of defenses do you think you could present?)

• Link to Discussion Posts

Definitions

CIA Triad:

Regulatory Compliance:

HIPAA:

Industry Standards:

PCI/DSS:

Security Frameworks:

CIS:

STIG:

Digging Deeper

1. Research a risk management framework. https://csrc.nist.gov/projects/risk-management/about-rmf

   • What are the areas of concern for risk management?

2. Research the difference between quantitative and qualitative risks.

   • Why might you use one or the other?

3. Research ALE, SLE, and ARO.

   • What are these terms in relation to?
   • How do these help in the risk discussion?

Reflection Questions

1. What questions do you still have about this week?

2. How are you going to use what you've learned in your current role?