Security, Confidentiality, Privacy, and Incident Response Controls

This part covers the protection side of ISC. The emphasis is on the relationship between threats, safeguards, access design, privacy obligations, and the control testing needed to support a conclusion about system reliability.

In This Part

• Chapter 16: Foundations of Cybersecurity defines the threat landscape and the core security objectives.
• Chapter 17: Security Architecture and Network Management covers the structural design of a protected environment.
• Chapter 18: Authentication and Access Management explains identity, authorization, and least-privilege concepts.
• Chapter 19: Data Confidentiality and Privacy Controls separates confidentiality from privacy and shows the controls relevant to each.
• Chapter 20: Incident Response and Recovery addresses what happens when prevention fails.
• Chapter 21: Testing Security, Confidentiality, and Privacy Controls connects protection controls to evaluation and assurance work.

How to Use This Part

• Read these chapters in order if security and privacy terminology tends to blur together.
• Focus on what control objective is being protected and how failure would affect assurance.
• Revisit this part when missed questions involve access, privacy boundaries, or response planning.

In this section

• Cybersecurity Threats, Defense Models, and Zero-Trust Thinking
  Cybersecurity threats, defense layers, COSO framing, and zero-trust concepts.
  • Threat Actors, Attack Vectors, and the Changing Cybersecurity Landscape
    Threat actors, attack vectors, and the changing cybersecurity landscape.
  • Defense-in-Depth Strategies, Security Layers, and Zero-Trust Concepts
    Defense-in-depth strategies, layered safeguards, and zero-trust concepts.
  • Applying the COSO Framework to Cybersecurity Risk
    Applying COSO concepts to cybersecurity risk and control response.
  • The Zero-Trust Security Model and Its Control Implications
    The zero-trust model and its control implications.
• Security Architecture, Network Controls, and Endpoint Management
  Segmentation, firewalls, endpoint protection, remote access, and device management.
  • Network Segmentation, Isolation, and Attack Containment
    Network segmentation, isolation, and attack containment.
  • Firewalls, Intrusion Detection, and Intrusion Prevention Controls
    Firewalls, intrusion detection, and intrusion prevention controls.
  • Endpoint Security, Hardening, and Patch Discipline
    Endpoint security, hardening, patching, and device-level protection.
  • Secure VPNs, Wireless Security, and Remote Access Control
    Secure VPNs, wireless safeguards, and remote access control.
  • Mobile Device Management, BYOD, and Policy Enforcement
    MDM, BYOD governance, and mobile-device policy enforcement.
• Identity Verification, Authorization Design, and Access Monitoring
  Authentication, authorization, least privilege, and access monitoring.
  • Identification, Authentication, Authorization, and Why They Differ
    Identification, authentication, authorization, and why the distinctions matter.
  • Password Policies, Multi-Factor Authentication, and Single Sign-On
    Password policies, MFA, and SSO design choices.
  • Role-Based Access Design and the Principle of Least Privilege
    Role-based access design and least-privilege control logic.
  • Logging, Access Reviews, and Monitoring Evidence
    Logging, access reviews, and monitoring evidence for access controls.
• Confidentiality, Privacy, Encryption, and Disclosure Controls
  Confidentiality, privacy, encryption, DLP, and privacy-law obligations.
  • How Confidentiality Differs from Privacy in Control Design
    How confidentiality differs from privacy in control design.
  • Encryption Methods, Key Management, and Data Protection
    Encryption methods, key management, and data protection.
  • Data Loss Prevention Tools, Rules, and Response Strategies
    Data loss prevention tools, rules, and response strategies.
  • Privacy Laws, HIPAA, GDPR, and Jurisdictional Obligations
    Privacy laws, HIPAA, GDPR, and jurisdictional obligations.
• Incident Escalation, Forensics, Recovery, and Post-Incident Improvement
  Incident escalation, response planning, forensics, insurance, and root-cause remediation.
  • Events, Incidents, Escalation Thresholds, and Response Triggers
    Events, incidents, escalation thresholds, and response triggers.
  • Incident Response Plans, Crisis Management, and Coordination
    Incident response plans, crisis management, and coordination.
  • Forensic Investigations, Evidence Preservation, and Chain of Custody
    Forensic investigations, evidence preservation, and chain of custody.
  • Cyber Insurance Coverage, Limits, and Response Coordination
    Cyber insurance coverage, limits, and response coordination.
  • Problem Management, Root-Cause Analysis, and Permanent Remediation
    Problem management, root-cause analysis, and permanent remediation.
• Control Testing, Evidence, and Reporting for Security and Privacy
  ISC control-testing chapter covering assessments, evidence, remediation, monitoring, and reporting findings.
  • Vulnerability Scans, Penetration Tests, and Other Security Assessments
    Vulnerability scans, penetration tests, and other security assessments.
  • Evidence of Control Operation and How It Is Gathered
    Evidence of control operation and how it is gathered.
  • Remediation Tracking, Re-Testing, and Ongoing Monitoring
    Remediation tracking, re-testing, and ongoing monitoring.
  • Documenting Findings in Audit and Advisory Reports
    Documenting findings in audit and advisory reports.