6. Vulnerability Types Flashcards
Vulnerability impact
Vulnerability impact
Vulnerabilities expose organizations to security breaches.
Information security goals
Vulnerability impact
Confidentiality, integrity, and availability.
Confidentiality
Vulnerability impact
Unauthorized changes, hacker alterations, service disruption.
Integrity
Vulnerability impact
To prevent unauthorized changes to information.
Availability
Vulnerability impact
Authorized access, denial of service attacks.
Financial risk
Vulnerability impact
Costs, incident response, data theft, identity theft.
Reputational risk
Vulnerability impact
Negative publicity, loss of goodwill, stakeholder decisions.
Strategic risk
Vulnerability impact
Impact on goals and objectives, product development, competition.
Operational risk
Business process slowdown, customer order delays, manual workarounds.
Compliance risk
Vulnerability impact
Legal and regulatory violations, HIPAA, sanctions, fines.
Evaluating impacts
Vulnerability impact
Categorizing risks, financial, reputational, strategic, operational, compliance.
Supply chain vulnerabilities
Supply chain vulnerabilities
IT organizations rely on external vendors for hardware, software, and services.
Impact on organizations
Supply chain vulnerabilities
Security issues in the supply chain can affect organizational operations.
End-of-life announcements
Supply chain vulnerabilities
Security professionals must monitor vendor announcements about product lifecycle terminations.
Importance of patch management
Supply chain vulnerabilities
Timely patch updates protect systems against new vulnerabilities.
Running products without patches
Supply chain vulnerabilities
End-of-life announcements mean no more patches, making it difficult to maintain secure systems.
Different terms for product support termination
Supply chain vulnerabilities
Terminology varies among vendors; understanding definitions is crucial.
Steps in product lifecycle termination
Supply chain vulnerabilities
Product end-of-sale and end-of-support announcements mark different stages.
Risks of using legacy products
Supply chain vulnerabilities
Legacy products may introduce unpatchable vulnerabilities.
Informal lack of vendor support
Supply chain vulnerabilities
Lack of vendor support can be as dangerous as running an unsupported product.
Vulnerabilities in embedded systems
Supply chain vulnerabilities
Integrated vendor systems may have hidden vulnerabilities.
Risks of relying on vendors for cloud services
Supply chain vulnerabilities
Vendors assume responsibility for managing risks in cloud services.
Importance of vendor viability
Supply chain vulnerabilities
Ensuring vendors remain viable is crucial for sustained support and security.
Mitigating risks in data storage
Supply chain vulnerabilities
Keeping independent backups reduces the risk of vendor inability to provide data access.
Configuration vulnerabilities
Configuration vulnerabilities
Potential risks arising from system configuration errors that can compromise enterprise security.
Default configurations
Configuration vulnerabilities
The pre-set settings on devices, such as copiers or building controllers, which may contain security flaws if not modified.
Misconfigured systems
Configuration vulnerabilities
Systems with errors in their settings or weak security configurations that can lead to serious security issues.
Least privilege principle
Configuration vulnerabilities
The concept that users should only have the minimum necessary permissions required for their job function.
Encryption protocols
Configuration vulnerabilities
Protocols used to secure communications, which, if misconfigured, can result in eavesdropping and tampering risks.
Cryptographic keys
Configuration vulnerabilities
Keys used in encryption systems that must be carefully managed to prevent unauthorized access and impersonation.
Digital certificates
Configuration vulnerabilities
Certificates used to verify the authenticity and integrity of digital communications, requiring strong management processes to prevent misuse.
Patch management
Configuration vulnerabilities
The practice of regularly applying security updates and patches to systems, applications, and firmware to address known vulnerabilities.
Operating system patches
Configuration vulnerabilities
Updates specifically targeting the security of the operating system to mitigate potential risks.
Unpatched devices
Configuration vulnerabilities
Devices that have not received the latest security updates, posing a potential entry point for attackers into the network.
Account management
Configuration vulnerabilities
The process of properly configuring user accounts with appropriate permissions to prevent misuse or unauthorized access.
Strong certificate management
Configuration vulnerabilities
Effective procedures and controls in place to safeguard the issuance and use of digital certificates and protect associated private keys.
Documented security standards
Configuration vulnerabilities
Established guidelines and protocols that IT professionals should rely on when installing systems to ensure secure configurations.
Architectural vulnerabilities
Architectural vulnerabilities
Flaws in a complex system due to improper design, leading to fundamental issues that are difficult to fix.
Incorporating security requirements
Architectural vulnerabilities
The importance of integrating security needs early in the design process to avoid weaknesses in architecture and system designs.
Business processes and people
Architectural vulnerabilities
Considering the impact of business processes and users on the security of a system, as untrained users and insecure processes can have a significant effect.
System sprawl
Architectural vulnerabilities
The phenomenon of having numerous devices connected to a network without proper management throughout their lifecycle, leading to security issues and open vulnerabilities.
Assessing architectural processes
Architectural vulnerabilities
The need for security professionals to evaluate all organizational architectural processes to ensure the inclusion of proper security controls.