1.1 Flashcards
Deterrent Control
Psychologically discourages an attacker from attempting an intrusion.
EX: Warning sign
Preventive Control
Physically or logically restricts unauthorized access.
EX: Physical door lock or password.
Detective Control
Identify and record any attempted or successful intrusion.
EX: Security Camear
Corrective Control
Responds to and fixes an incident. Also prevent the reoccurrence of the incident.
EX: antivirus software
Technical Security Control
Hardware or software mechanisms used to protect assets.
EX: Antivirus software, firewalls, intrusion detection systems
Operational Security Control
Items preventing or detecting unauthorized access to physical spaces, systems and assets.
Compensating controls
refer to measures put in place to mitigate the risk of a vulnerability when security teams cannot directly eliminate it or when direct remediation is not immediately possible, such as additional monitoring or enhanced encryption.
Policy enforcement points
enforce decisions about whether to grant access to a requested resource or not.
Non-repudiation
assures the origin and integrity of transmitted data, preventing entities from denying the validity of the data.
Zero trust
security concept that recommends not trusting any entity inside or outside the organization by default. It does not assist in granting access based on roles.
honeypot
allows security teams to monitor attacker activity and gather information about the attacker’s tactics and tools.
mimics real systems or applications as a decoy system.
honeynet
uses a network of interconnected honeypots to simulate an entire network versus mimicking a system or application.
honeyfile
uses fake files that appear to contain sensitive information. A honeyfile will detect attempts to access and steal data.
honeytoken
contains false credentials, login credentials, or other data types that distract attackers, trigger alerts, and provide insight into attacker activity.
Gap analysis
assesses the differences in performance between a company’s information systems or software applications to determine whether they meet requirements.
Authorization models
dictate what resources a user or system can access within a system.
AAA
Authentication, authorization, and accounting
RBAC
Role-based access control (RBAC) is the role assigned to individual users within an enterprise.
policy engine
includes subject and host identities and credentials, access control policies, up-to-date threat intelligence, behavioral analytics, and other results of host and network security scanning and monitoring.
Adaptive identity
dynamically adjusting user access rights based on various factors, such as user behavior, to maintain security and mitigate risk.
Authenticating systems
refers to the process of confirming the identity of a system to ensure it’s trustworthy
Policy-driven access control
uses policies to control access to resources. It is crucial for maintaining security but does not directly address the dynamic adjustment of access rights.
Authorization models
determine what resources a user or system can access within a system.
control plane uses router tables to
determine which path the data packets should take through the network.
data plane is the network part that carries
user data
router
device that routes data packets based on their destination internet protocol (IP) address. However, the path of the data based on routing tables is the control plane
switch
network device connecting various devices on a computer network. The role of determining the path of data based on routing tables falls under the control plane.
Threat scope reduction
involves minimizing the possible attack vectors and surfaces. This process reduces the company’s exposure to potential threats.
Standard Operating Procedures
Outline regular operations or modifications and provide specific guidance for their execution.
The cybersecurity analyst can streamline and standardize the documentation process for legacy system’s code and integrations by implementing…
Automation and Orchestration
Data privacy policy
Defines how the company collects, stores, processes, and shares customer data and measures taken to protect customer information.
It ensures that the organization complies with relevant data protection laws and regulations, safeguarding sensitive data and promoting transparency in data handling practices
Acceptable use policy
Outlines appropriate computer and network usage
Information Security Policy
Ensures that all users follow the guidelines related to information security
Disaster recovery policy
Deals with steps to recover from catastrophic events such as natural disaster or security breaches.
Impact analysis
Assesses the potential implications of a proposed change but it does not test the changes.
Testing results
Evaluate proposed changes in a test environment to ensure the changes will work as intended and not cause issues.
Backout plan
A contingency plan for reversing changes and returning systems and software to their original state if the implementation plan fails but does not assess the implication of proposed changes.
Maintenance Window
Predefined, recurring time frame for implementing changes but does not test the changes
How can a cybersecurity analyst effectively utilize version control to maintain a historical record of changes and ensure security in the organization’s IT systems and applications?
Use version control to track changes in network diagrams and configuration files.
Trusted Plateform Module
A crypto-processor implemented as a module within the CPU on a computer or mobile device
Hardware Security Module
Cryptoprocessor that implements hardware through a removable or dedicated form factor, such as plug-in peripheral component interconnect express adaptor cards
Certificate revocation list
Provides a summation of all revoked and suspended certificates and must be accessible to anyone relying on the validity of the certificate authority’s certificates
Public key infrastructure
Framework that establishes trust in using public key cryptography to sign and encrypt messages via digital signatures
Which encryption method would be inefficient for encrypting a large amount of data on a disk or transporting it over a network?
Asymmetric encryption: it becomes inefficient when dealing with large volumes of data on disks or during network transport due to its computational overhead.
Tokenization
Replacing all or part of the value of a database field with a randomly generated token while maintaining the original data on a separate token server.
Data masking
When a user redacts all or part of the contents of a database field by substituting the string, such as using “x” in its place.
Salting
Cryptography hash method where the user hashes data used for something like a password, and the system cannot decrypt it back to the plaintext password that generated it,
Stenography
Occurs when a user embeds information, such as a document, within an unexpected source, such as as a message hidden in a picture, to guise either true appearance
Key escrow
Involves securely storing a copy of the private key with a trusted third party for recovery and availability in case of key loss or compromise. It serves as a backup mechanism for private keys
Secure Enclave
Enhances security by providing an isolated environment for executing sensitive operations and protecting critical data.
wildcard certificates
streamline the certificate deployment process and simplify ongoing maintenance tasks, leading to improved operational efficiency.