4.0 Security Operations Flashcards
What are the steps involved in establishing secure baselines?
Establish, Deploy, Maintain
What are the hardening targets in securing computing resources?
- Mobile devices
- Workstations
- Switches
- Routers
- Cloud infrastructure
- Servers
- ICS/SCADA
- Embedded systems
- RTOS
- IoT devices
What are the installation considerations for wireless devices?
- Site surveys
- Heat maps
These considerations help ensure optimal placement and performance of wireless devices.
What is a Mobile Device Management (MDM) solution?
A system that allows organizations to manage and secure mobile devices
MDM solutions are important for enforcing security policies on mobile devices.
What are the deployment models for mobile solutions?
- Bring your own device (BYOD)
- Corporate-owned, personally enabled (COPE)
- Choose your own device (CYOD)
These models determine how organizations manage mobile devices in their environments.
What are the connection methods for mobile solutions?
- Cellular
- Wi-Fi
- Bluetooth
These methods define how mobile devices connect to networks.
What security settings are recommended for wireless networks?
- Wi-Fi Protected Access 3 (WPA3)
- AAA/Remote Authentication Dial-In User Service (RADIUS)
- Cryptographic protocols
- Authentication protocols
These settings enhance the security of wireless communications.
What are key aspects of application security?
- Input validation
- Secure cookies
- Static code analysis
- Code signing
These practices help protect applications from security vulnerabilities.
What is sandboxing in the context of security?
A security mechanism that isolates applications to prevent unauthorized access
Sandboxing is essential for testing and running untrusted applications safely.
What is the purpose of monitoring in security?
To detect and respond to security incidents in real-time
Effective monitoring is vital for maintaining the security posture of an organization.
ICS/SCADA
RTOS
What are the security implications of proper hardware, software, and data asset management?
Ensures protection against unauthorized access, data breaches, and loss of sensitive information.
Proper management minimizes risks associated with asset vulnerabilities and enhances overall security posture.
What is involved in the acquisition/procurement process of asset management?
The process includes selecting and acquiring hardware and software that meet security requirements.
This step is crucial for ensuring that assets are compliant with security standards from the outset.
What key aspects are included in the assignment/accounting phase of asset management?
- Ownership
- Classification
Proper assignment and accounting help in tracking who is responsible for assets and determining their security classification.
What does monitoring/asset tracking involve?
- Inventory
- Enumeration
Monitoring assets helps in maintaining an accurate record of all hardware and software in use, which is vital for security.
What are the key components of disposal/decommissioning in asset management?
- Sanitization
- Destruction
- Certification
- Data retention
Proper disposal ensures that sensitive data is irretrievable, thus preventing data breaches from decommissioned assets.
What is the purpose of sanitization in asset disposal?
To remove all data from an asset to prevent unauthorized access to sensitive information.
This is crucial for compliance with data protection regulations.
What does destruction refer to in the context of asset disposal?
Physically destroying an asset to ensure data cannot be recovered.
This step is often necessary for highly sensitive materials.
What is the significance of certification in asset disposal?
Certification provides proof that an asset has been properly sanitized or destroyed.
This documentation is important for compliance and audit purposes.
What does data retention refer to in asset management?
The policies that govern how long data should be stored and when it should be deleted.
Proper data retention policies help in managing risks associated with data breaches.
