CyberRookie CSX Fundamentals - Roles in Cybersecurity
Information needs of Board of Directors Correct Answer: Organizational reporting, Trend
analysis, High-level, comprehensive risk assessment, Inventory of information assets Business
impact analyses (BIA)
Key Responsibilities of Board of Directors Correct Answer: Provide strategic direction,
Approve policies, Identify key assets, Verify appropriate protection levels and
priorities, Define, communicate and enforce penalties
for noncompliance with security protocols
Activities/Behaviors of Board of Directors Correct Answer: Set tone conducive to effective
governance, Effective communication with Executive Management, Demonstrate legal and
ethical responsibility with regard to organizational assets, Maintain confidentiality of critical
information
Information needs of Executive Management Correct Answer: Organizational reporting, Trend
analysis, Comprehensive risk assessment, Inventory of information assets
Key Responsibilities of Executive Management Correct Answer: Ensure availability and
effective utilization of support resources, infrastructure, and organizational functions, Define the
organization's information security program and management, Provide education and guidance to
the organization's executive management team, Present options and decision support information
(Advisor)
Activities/Behaviors of Executive Management Correct Answer: Set tone of importance as
relates to protection of organizational assets, Demonstrate visibility within the information
security organization, Communicate with and involve relevant partners (i.e. risk management) in
key business activities and decisions
Information needs of Senior Information Security Management Correct Answer: Organizational
reporting, Trend analysis, Comprehensive risk assessment Inventory of information assets
Key Responsibilities of Senior Information Security Management Correct Answer: All physical
and digital security matters, Develop the security strategy, Oversee the security program and
initiatives, Coordinate with business process owners
for ongoing alignment, Ensure that risk and business impact assessments are conducted, Develop
risk mitigation strategies, Enforce policy and regulatory compliance, Monitor the utilization and
effectiveness of
security resources, Develop and implementing monitoring and metrics, Direct and monitor
security activities, Manage cybersecurity incidents and their
remediation, incorporating lessons learned
Activities/Behaviors of Senior Information Security Management Correct Answer: Articulate,
persuasive leader, Advises senior management on risk levels and security posture, Advises senior
management on cost/benefit analysis of cybersecurity matters, Working knowledge of laws and
, policies, Business continuity planning, Contract/vendor negotiation, Communicates value of IT
security throughout organization, Lead/align cybersecurity priorities consistent with strategy,
Provides leadership to cybersecurity personnel, Interfaces with external entities (e.g. law
enforcement, cybersecurity intelligence sources)
Information needs of Cybersecurity Practitioners Correct Answer: Policies, guidelines and
regulations set by Board of Directors
Key Responsibilities of Cybersecurity Practitioners Correct Answer: Serve as subject matter
experts, Design, implement and manage processes and technical controls, Respond to events and
incidents, Work within direction, policies, guidelines, mandates and regulations set by the board
of directors, executives and cybersecurity management
Activities/Behaviors of Cybersecurity Practitioners Correct Answer: Apply security policies to
meet objectives, Implement countermeasures, Establish/maintain access control based on
principles of least privilege and need-to-know, Perform testing, Document and manage system
architecture, Identify protection needs and document appropriately, Resolve computer security
incidents and vulnerability compliance, Assist in gathering and preservation of evidence,
Analyze logs
Board of Directors Correct Answer: Provide strategic direction
Board of Directors Correct Answer: Approve policies
Board of Directors Correct Answer: Identify key assets
Board of Directors Correct Answer: Verify appropriate protection levels and priorities
Board of Directors Correct Answer: Define, communicate and enforce penalties for
noncompliance with security protocols
Board of Directors Correct Answer: Set tone conducive to effective governance
Board of Directors Correct Answer: Effective communication with Executive Management
Board of Directors Correct Answer: Demonstrate legal and ethical responsibility with regard to
organizational assets
Board of Directors Correct Answer: Maintain confidentiality of critical information
Board of Directors Correct Answer: High-level, comprehensive risk assessment information
need
Board of Directors Correct Answer: Business impact analyses (BIA) information need
Information needs of Board of Directors Correct Answer: Organizational reporting, Trend
analysis, High-level, comprehensive risk assessment, Inventory of information assets Business
impact analyses (BIA)
Key Responsibilities of Board of Directors Correct Answer: Provide strategic direction,
Approve policies, Identify key assets, Verify appropriate protection levels and
priorities, Define, communicate and enforce penalties
for noncompliance with security protocols
Activities/Behaviors of Board of Directors Correct Answer: Set tone conducive to effective
governance, Effective communication with Executive Management, Demonstrate legal and
ethical responsibility with regard to organizational assets, Maintain confidentiality of critical
information
Information needs of Executive Management Correct Answer: Organizational reporting, Trend
analysis, Comprehensive risk assessment, Inventory of information assets
Key Responsibilities of Executive Management Correct Answer: Ensure availability and
effective utilization of support resources, infrastructure, and organizational functions, Define the
organization's information security program and management, Provide education and guidance to
the organization's executive management team, Present options and decision support information
(Advisor)
Activities/Behaviors of Executive Management Correct Answer: Set tone of importance as
relates to protection of organizational assets, Demonstrate visibility within the information
security organization, Communicate with and involve relevant partners (i.e. risk management) in
key business activities and decisions
Information needs of Senior Information Security Management Correct Answer: Organizational
reporting, Trend analysis, Comprehensive risk assessment Inventory of information assets
Key Responsibilities of Senior Information Security Management Correct Answer: All physical
and digital security matters, Develop the security strategy, Oversee the security program and
initiatives, Coordinate with business process owners
for ongoing alignment, Ensure that risk and business impact assessments are conducted, Develop
risk mitigation strategies, Enforce policy and regulatory compliance, Monitor the utilization and
effectiveness of
security resources, Develop and implementing monitoring and metrics, Direct and monitor
security activities, Manage cybersecurity incidents and their
remediation, incorporating lessons learned
Activities/Behaviors of Senior Information Security Management Correct Answer: Articulate,
persuasive leader, Advises senior management on risk levels and security posture, Advises senior
management on cost/benefit analysis of cybersecurity matters, Working knowledge of laws and
, policies, Business continuity planning, Contract/vendor negotiation, Communicates value of IT
security throughout organization, Lead/align cybersecurity priorities consistent with strategy,
Provides leadership to cybersecurity personnel, Interfaces with external entities (e.g. law
enforcement, cybersecurity intelligence sources)
Information needs of Cybersecurity Practitioners Correct Answer: Policies, guidelines and
regulations set by Board of Directors
Key Responsibilities of Cybersecurity Practitioners Correct Answer: Serve as subject matter
experts, Design, implement and manage processes and technical controls, Respond to events and
incidents, Work within direction, policies, guidelines, mandates and regulations set by the board
of directors, executives and cybersecurity management
Activities/Behaviors of Cybersecurity Practitioners Correct Answer: Apply security policies to
meet objectives, Implement countermeasures, Establish/maintain access control based on
principles of least privilege and need-to-know, Perform testing, Document and manage system
architecture, Identify protection needs and document appropriately, Resolve computer security
incidents and vulnerability compliance, Assist in gathering and preservation of evidence,
Analyze logs
Board of Directors Correct Answer: Provide strategic direction
Board of Directors Correct Answer: Approve policies
Board of Directors Correct Answer: Identify key assets
Board of Directors Correct Answer: Verify appropriate protection levels and priorities
Board of Directors Correct Answer: Define, communicate and enforce penalties for
noncompliance with security protocols
Board of Directors Correct Answer: Set tone conducive to effective governance
Board of Directors Correct Answer: Effective communication with Executive Management
Board of Directors Correct Answer: Demonstrate legal and ethical responsibility with regard to
organizational assets
Board of Directors Correct Answer: Maintain confidentiality of critical information
Board of Directors Correct Answer: High-level, comprehensive risk assessment information
need
Board of Directors Correct Answer: Business impact analyses (BIA) information need
