16 - Managing Security Operations

Question 1

What is Need-to-Know and Least Privilege?

Answer 1

• Need-to-Know Access: Grants users access to data or resources they need to perform assigned work tasks.
• Least Privilege: Subjects are only granted privileges necessary to perform assigned work tasks and no more.
• Entitlement: The amount of privileges granted to users, typically when first provisioning.
• Aggregation: The amount of privileges a user collects over time.
• Transitive Trust: A trust relationship between 2 security domains allows subjects in one domain (primary) to access objects in the other domain (training).

Question 2

What is the Separation of Duties and Responsibilities?

Answer 2

• Ensures that no single person has total control over a critical function or system.
• Separation of Privilege: Applies granular rights to a user or process, only what is needed.
• Segregation of Duties: Ensures an individula does not have excessive rights on a system that can cause a conflict of interest.
• Two-Person Control (Two Man Rule): Requires the approval of two individuals for critical tasks.

Question 3

What is Job Rotation?

Answer 3

aka Rotation of Duties, employees are rotated through jobs or job responsibilities which enables peer review, reduces fruad, and enables cross-training.

Question 4

What are Mandatory Vacations?

Answer 4

Requires employees to take vactions in 1-2 week increments. This helps provide peer review and helps detect fraud when the employee is out.

Question 5

What is Privileged Account Management?

Answer 5

Any type of privileged account or activity should be monitored such as:

• Accessing audit logs
• Changing system time
• configuring interfaces
• managing user accounts
• controlling system reboots
• backing up and restoring the system
• Configuring security controls

Question 6

What is Managing Information Lifecycle?

Answer 6

Protecting data throughout each stage of its life:

• Creation or Capture
• Claffification
• Storage
• Usage
• Archive
• Destruction or Purging

Question 7

What is an SLA?

Answer 7

A Service Level Agreement is an agreement between an organization and an outside entity, such as a vendor. Usually includes performance expectations and often inlcudes penalties if the vendor doesn’t meet these expectations.

Question 8

What are some components of Personnel Safety & Security?

Answer 8

Organizations should implement security controls that enhance personnel safety because people can’t be replaced like other assets.

• Duress: Systems that can send a distress call.
• Travel: Criminals can target an organization’s employees while traveling. Safe practices while traveling can prevent issues.
  
  • Sensitive Data: Ideally, devices should not contain sensitive data but if they do, encryption should be used.
  • Malware and Monitoring Devices: Malware and monitoring devices can be put on people’s devices while traveling. Best practices are generally keeping devices with you at all times or just taking a temporary device.
  • Free Wi-Fi: Free Wi-Fi can be a trap to capture all’s traffic. If needed, user’s should create their own internet connection with a smartphone or mi-fi device.
  • VPNs: Use VPN’s to create a secure connection.
• Emergency Management: Helps an organization address personnel safety and security after a disaster.
• Security Training and Awareness: Helps ensure that personnel are aware of duress systems, travel best practices, emergency management plans, and other best practices.

Question 9

How do organizations Managing Hardware & Software Assets?

Answer 9

• Hardware Inventories: The use of database or inventory applications to perform inventories and track hardware assets.
• Software Licensing: The purchase of the right to use proprietary software on organization machines. Also the monitoring for unapproaved software on machines.

Question 10

How do companies protect Physical Assets?

Answer 10

organizations generally put assets behind fences, barricades, locked doors, guards, etc. They also attempt to put data centers towards the middle of a buidling so they can put progressively more secure barriers as you towards the center.

Question 11

What are some different components for Software Defined Everything (SDX)?

Answer 11

• Virtual Machines (VMs): Run as guest OSs on physical servers.
• Virtual Desktop Infrastructure (VDI): aka Virtual desktop Environment (VDE), hosts a users desktop as a VM on a server.
  
  • Persistent: Retains a custom desktop for the user.
  • Nonpersistent: Desktops are identical for all users. Reverts to a known state after the user logs off.
• Software-Defined Networks (SDNs): Uses a SDN controller to handle traffic routing using simpler network devices that accept instructions from the controller.
• Virtual Storage Area Networks (VSANs): A virtual high speed network that hosts multiple storage devices.

Question 12

What are the different service levels of Cloud based solutions?

Answer 12

• Software-as-a-Service (SaaS): Fully functional applications typically via a web browser.
• Platform-as-a-Service (PaaS): Provides a computing platform, including hardware, an OS, and applications.
• Infrastructure-as-a-Service (IaaS): Provides basic computing resources to consumers including servers, storage, and networking resources.

Question 13

What are the different Cloud models available?

Answer 13

• Public Cloud: Assets available for any consumers to rent or lease and is hosted by an external CSP.
• Private Cloud: Cloud-based assets for a single organization.
• Community Cloud: Provides cloud based assets to two or more organizations.
• Hybrid Cloud: Includes a combination of tow or more clouds.

Question 14

What is Media Management?

Answer 14

The steps taken to protect media and the data stored on it. Media can be anything that can hold data such as tapes, optical media such as CDs and DVDs, USB drives, eSATA, SSDs, and flash drives.

Media should be stored in a secure location with controlled access and climate control.

Media management can also include technical controls such as restricting device access from a computer system.

Question 15

What is Tape Media management?

Answer 15

• Tape media is generally saved in 2 copies: 1 offsite and 1 onsite.
• Tape media needs to kep away from magnetic fileds as it will wipe the data.
• Maintain climate (avoid outside exposure)
• keep in original packaging until needed
• Consider encrypting the data

Question 16

What is a MDM?

Answer 16

A Mobile Device Management system montiors and manages the devices and ensures they are kept up to date.

Question 17

What is MTTF?

Answer 17

Mean Time to Failure is the number of times media can be reused or the number of years you can expect to keep it.

Question 18

What is Baselining in terms of configuration management?

Answer 18

The process of deploying systems in a set secure state as the starting point.

Group Policy is used for setting up a secure configuration.

Images are also used to deploy baslelines:

1. Baseline system is set up with necessary configs and apps. Extensive testing is performed to ensure performance is up to par
2. Image is captured and stored on an image server
3. Images are deployed from the server as needed.

Question 19

What is Change Management?

Answer 19

CM ensures the appropriate personnel reveiw and approve changes before implementation and also ensures the proper testing and documentation has been done.

Common tasks:

1. Request the Change
2. Review the Change
3. Approve/Reject the Change
4. Test the Change
5. Schedule and implement the Change
6. Document the Change

Question 20

What is Version Control?

Answer 20

The labeling or numbering system that differentiates between software sets/configurations. This helps keep track of changes over time to deployed software.

This includes minor updates and major updates.

Question 21

What systems are included in an organization’s vulnerability and patch management structure?

Answer 21

• workstations
• servers
• routers
• switches
• firewalls
• appliances
• printers
• embedded systems
• mobile devices

Question 22

What is a patch?

Answer 22

Any type of code written to correct a bug or vulnerability or to improve the performance of existing software.

Question 23

What is a Patch Management Program?

Answer 23

A system that ensures systems are kept up-to-date with current patches.

Common steps include:

• Evaluate Patches:
• Test Patches: Test on isolated, non-prod for side-effects
• Approve the Patches:
• Deploy the Patches:
• Verify the Patches are Deployed: Audit systems to ensure systems are patched.

Question 24

What is Patch Tuesday?

Answer 24

Microsoft regularly releases patches on the 2nd Tuesday of every month.

If MS releases a patch earlier due to the vulnerability, this is known as releasing a patch “Out of Band”.

Question 25

What is Vulnerability Management?

Answer 25

Regularly identifying vulnerabilities, evaluating them, and taking steps to mitigate the risks associated with them.

It isn’t possible to eliminate risks.

Two common elements of a vulnerability management program are routine vulnerability scans and periodic vulnerability assessments.

Question 26

What is a Vulnerability Scan?

Answer 26

Vulnerability scanners are software tools that test systems and networks for known security issues. After weaknesses are found, attacks are launched to exploit them.

Vulnerability scanners use a database of known security issues, vendors genarally update the databases and it is on the customer to regularly keep their database up-to-date.

Question 27

What is the most common Vulnerability?

Answer 27

An unpatched system

Question 28

What is a Vulnerability Assessment?

Answer 28

A review of vulnerability scans over a certain time period to determine the progress and issues of the vulnerability management program.

Question 29

What is CVE?

Answer 29

Common Vulnerabilities and Exposures refers to a dictionary that is used to identify vulnerabilities. It is commonly used as the standard for vulnerability and patch management tools.