1. Security Controls and Security Intelligence Flashcards

1
Q

Security Operations Center

A

A location where security professionals monitor and protect critical information assets in an organization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Security Control

A

Something designed to give a particular asset or information system the properties of confidentiality, integrity, availability, and nonrepudiation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Security control categories:

A

Technical
Operational
Managerial
Physical
Deterrent
Compensating

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Technical control

A

Implemented as a system (hardware, software, or firmware)
* Firewalls
* Anti-virus software
* OS access control models

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Operational control

A

Implemented primarily by people rather than systems
* Security guards
* Training programs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Managerial control

A

Gives oversight of the information system
* Risk identification
* A tool allowing the evaluation and selection of other security controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Physical control

A

Deter and detect access to premises and hardware
* Alarms
* Gateways
* Locks
* Lighting
* Security cameras
* Guards

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Deterrent control

A

Psychologically discourages an attacker from attempting an intrusion
* Signs
* Warnings of legal penalties

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Compensating control

A

A substitute for a principal control that affords the same or better protection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Security control goals/functions:

A

Preventative
Detective
Corrective

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Preventative control

A

Acts to eliminate or reduce the likelihood that an attack can succeed.

Operates before an attack can take place.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Detective control

A

May not prevent or deter access, but it will identify and record any attempted or successful intrusion

Operates during the progress of an attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Corrective control

A

Acts to eliminate or reduce the impact of an intrusion event

Used after an attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

How do you determine the efficiency of a control?

A

A measure of how long it can delay an attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Security intelligence

A

The process through which data generated in the ongoing use of information systems is collected, processed, integrated, evaluated, analyzed, and interpreted to provide insights into the security status of those systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Cyber Threat Intelligence (CTI)

A

Security Intelligence; provides data about the external threat landscape, such as active hacker groups, malware outbreaks, zero-day exploits, etc.

17
Q

CTI formats

A

Narrative reports
Data feeds

18
Q

Narrative reports

CTI

A

Analysis of certain adversary groups or a malware sample provided as a written document

19
Q

Data feeds

CTI

A

Lists of known bad indicators, such as domain names or IP addresses associated with spam or distributed denial of service (DDoS) attacks, or hashes of exploit code

20
Q

Security Intelligence Cycle

A

The process through which data is generated in the ongoing use of information systems is collected, processed, analyzed, and disseminated. At the start and end of the cycle, requirements and feedback phases establish goals and effectiveness.

21
Q

Security Intelligence Cycle Steps

A
  • Requirements (Planning & Direction)
  • Sets out goals for the intelligence gathering process
  • Should show how intelligence will support business goals
  • Collection (& processing)
  • Analysis
  • Dissemination
  • Feedback
22
Q

Use case

A

A detailed description of the steps in a process to achieve the stated goal

23
Q

Assessnment categories of intelligence sources

A

Timeliness
Relevancy
Accuracy
Confidence levels

24
Q

SIEM

A

Security Incident and Event Management

25
Q

Dissemination

A

A phase in the security intelligence cycle in which information is published and presented to different audiences

26
Q

Intelligence distribution levels

A

Strategic
Operational
Tactical

27
Q

Strategic intelligence distribution

A

Addresses broad themes and objectives, affecting projects and business priorities over weeks and months

28
Q

Operational intelligence distribution

A

Addresses the day-to-day priorities of managers and specialties

29
Q

Tactical intelligence distribution

A

Informs the real-time decisions made by staff as they encounter alerts and status indicators

30
Q

Information Sharing and Analysis Center (ISAC)

A

Produces industry specific threat intelligence