Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Security+ > 4.3 Explain various activities associated with vulnerability management > Flashcards

4.3 Explain various activities associated with vulnerability management Flashcards

1
Q

Identifying Vulnerabilities

A

Systematically finds and categorizes weaknesses in systems, networks, or applications to enhance security

  • Methods for Identifying Vulnerabilities:
    • Vulnerability Scanning: Uses tools like Nessus or OpenVAS to find weaknesses
    • Application Security: see a separate card
    • Penetration Testing: Simulates real-world attacks to evaluate security
    • System and Process Audits: Reviews systems and policies to ensure adherence to best practices
  • Four-Step Vulnerability Management Process: Planning, Testing, Test patches, Implementation, Auditing
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Threat Intelligence Feeds

A

THE MAIN ONE (by attackers/pen-testers):

  • Open-Source Intelligence (OSINT): Free, public insights from reports, forums, and blogs.

OTHERS

  • Proprietary Feeds: Paid, refined feeds (e.g., FireEye, McAfee).
  • Sharing Organizations: Industry collaboration (e.g., ISACs).
  • Vulnerability Databases: Document known vulnerabilities for automation (e.g., NVD - National Vulnerability Database, CVE - Common Vulnerabilities and Exposures).
  • TAXII (Trusted Automated Exchange of Indicator Information): Standard for sharing threat info; manages message exchanges.
  • STIX (Structured Threat Information eXpression): Complements TAXII by defining cyber threat info types to share. STIX data is shared via TAXII.
  • AIS (Automated Indicator Sharing): CISA (Cybersecurity and Infrastructure Security Agency) platform for real-time threat indicators using TAXII and STIX.
  • Dark Web
  • Public/Private Sharing Organizations: Entities like InfraGard connect sectors with law enforcement for intel sharing.
  • Indicators of Compromise (IoCs): Attack signs (e.g., malicious URLs/files) noted in CISA reports.
  • Predictive Analysis: Aims to anticipate attacks, challenging without full data.
  • Threat Maps: Visualize active threats by location, usually anonymized.
  • File/Code Repositories: Sites like GitHub host threat intel tools (e.g., Awesome Threat Intelligence).
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Responsible Disclosure Programs

A

Ethical reporting of vulnerabilities.

  • Volunteering reporting
  • Bug Bounty Programs: Rewards for reported vulnerabilities.
    • Run internally or via HackerOne, Bugcrowd, Synack.
    • Benefits:
      • Stronger security
      • Community input
      • Cost-effective
    • Challenges: Communication, legal protection, rules.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Analyzing Vulnerabilities

A

Factors to consider:

  • Confirmation: True/False Positive/Negative
  • Prioritizing: Rank by severity and impact.
  • Classifying: Categorize by type and impact.
    • Examples:
      • Software flaws
      • Configuration errors
      • Security policy gaps
    • Use CVE for standard identification and mitigation strategies.
  • Organizational Impact:
    • Assess effects on confidentiality, integrity, availability.
    • Consider industry impact, reputation, continuity, and fines.
  • Exposure Factor (EF): Measures percentage of potential asset damage.
  • Risk Appetite: Overall level of risk the organization is willing to accept to achieve objectives; categorized as:
    • Expansionary/Aggressive: Higher risk for higher returns
    • Neutral: Balanced approach to risk and caution
    • Conservative: Preference for safety and predictability
  • Risk Tolerance: Maximum risk level acceptable in specific scenarios; expressed in quantitative terms
    • Example: High tolerance for financial risks with strong cash reserves; low tolerance for reputational risks
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Vulnerability Response and Remediation

A
  • Patching:
  • Insurance Policy: * Cybersecurity insurance mitigates financial losses from incidents (e.g., data breaches, outages).
  • Network Segmentation:
  • Compensating Controls:
    • Alternative protections when standard controls are impractical (e.g. using strong passwords when MFA is non-applicable).
  • Exception and Exemption:
    • Exemption: Permanent waiver of controls, often for legacy systems.
    • Exception: Temporary bypass of security for business needs, with risk awareness.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Validating Vulnerability Remediation

A
  • Rescanning Devices
  • Auditing Devices:
    • Review logs, configurations, and patches for compliance.
    • Check for misconfigurations and verify patches.
  • Verification of Devices:
    • Ensure vulnerabilities are resolved and systems are stable.
    • Conduct penetration tests and user feedback checks.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Security+ (29 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions