1. Security Controls and Security Intelligence

Question 1

Security Operations Center

Answer 1

A location where security professionals monitor and protect critical information assets in an organization

Question 2

Security Control

Answer 2

Something designed to give a particular asset or information system the properties of confidentiality, integrity, availability, and nonrepudiation

Question 3

Security control categories:

Answer 3

Technical
Operational
Managerial
Physical
Deterrent
Compensating

Question 4

Technical control

Answer 4

Implemented as a system (hardware, software, or firmware)
* Firewalls
* Anti-virus software
* OS access control models

Question 5

Operational control

Answer 5

Implemented primarily by people rather than systems
* Security guards
* Training programs

Question 6

Managerial control

Answer 6

Gives oversight of the information system
* Risk identification
* A tool allowing the evaluation and selection of other security controls

Question 7

Physical control

Answer 7

Deter and detect access to premises and hardware
* Alarms
* Gateways
* Locks
* Lighting
* Security cameras
* Guards

Question 8

Deterrent control

Answer 8

Psychologically discourages an attacker from attempting an intrusion
* Signs
* Warnings of legal penalties

Question 9

Compensating control

Answer 9

A substitute for a principal control that affords the same or better protection

Question 10

Security control goals/functions:

Answer 10

Preventative
Detective
Corrective

Question 11

Preventative control

Answer 11

Acts to eliminate or reduce the likelihood that an attack can succeed.

Operates before an attack can take place.

Question 12

Detective control

Answer 12

May not prevent or deter access, but it will identify and record any attempted or successful intrusion

Operates during the progress of an attack

Question 13

Corrective control

Answer 13

Acts to eliminate or reduce the impact of an intrusion event

Used after an attack

Question 14

How do you determine the efficiency of a control?

Answer 14

A measure of how long it can delay an attack

Question 15

Security intelligence

Answer 15

The process through which data generated in the ongoing use of information systems is collected, processed, integrated, evaluated, analyzed, and interpreted to provide insights into the security status of those systems

Question 16

Cyber Threat Intelligence (CTI)

Answer 16

Security Intelligence; provides data about the external threat landscape, such as active hacker groups, malware outbreaks, zero-day exploits, etc.

Question 17

CTI formats

Answer 17

Narrative reports
Data feeds

Question 18

Narrative reports

CTI

Answer 18

Analysis of certain adversary groups or a malware sample provided as a written document

Question 19

Data feeds

CTI

Answer 19

Lists of known bad indicators, such as domain names or IP addresses associated with spam or distributed denial of service (DDoS) attacks, or hashes of exploit code

Question 20

Security Intelligence Cycle

Answer 20

The process through which data is generated in the ongoing use of information systems is collected, processed, analyzed, and disseminated. At the start and end of the cycle, requirements and feedback phases establish goals and effectiveness.

Question 21

Security Intelligence Cycle Steps

Answer 21

• Requirements (Planning & Direction)
• Sets out goals for the intelligence gathering process
• Should show how intelligence will support business goals
• Collection (& processing)
• Analysis
• Dissemination
• Feedback

Question 22

Use case

Answer 22

A detailed description of the steps in a process to achieve the stated goal

Question 23

Assessnment categories of intelligence sources

Answer 23

Timeliness
Relevancy
Accuracy
Confidence levels

Question 24

SIEM

Answer 24

Security Incident and Event Management

Question 25

Dissemination

Answer 25

A phase in the security intelligence cycle in which information is published and presented to different audiences

Question 26

Intelligence distribution levels

Answer 26

Strategic
Operational
Tactical

Question 27

Strategic intelligence distribution

Answer 27

Addresses broad themes and objectives, affecting projects and business priorities over weeks and months

Question 28

Operational intelligence distribution

Answer 28

Addresses the day-to-day priorities of managers and specialties

Question 29

Tactical intelligence distribution

Answer 29

Informs the real-time decisions made by staff as they encounter alerts and status indicators

Question 30

Information Sharing and Analysis Center (ISAC)

Answer 30

Produces industry specific threat intelligence