Architecture And Design . Flashcards
What are the three main goals of information security?
- Confidentiality
- Integrity
- Availability
_______ prevents unauthorized disclosure.
Confidentiality
_______ prevents unauthorized alteration.
Integrity
_______ ensures authorized access.
Availability
Security activities must be aligned with…
- Business Strategy
- Mission
- Goals
- Objectives
(T/F)?
True!
What kind of planning is required with the alignment of security activities?
- Strategic
- Tactical
- Operational
Security _______ provide templates for security activities.
Frameworks
COBIT, NIST, CSF, and ISO 27001/2 are examples of security frameworks (T/F)?
True!
Due _____ is taking reasonable steps to protect the interest of the organization.
Care
Due _______ ensures those steps are carried out.
Diligence
What four things carry out security governance?
- Policies
- Standards
- Procedures
- Guidelines
This Security Governance…
States high-level objectives and is a MANDATORY COMPLIANCE.
Policies
This Security Governance…
States detailed technical requirements and is a MANDATORY COMPLIANCE.
Standards
This Security Governance…
Provides step-by-step processes and is a MANDATORY COMPLIANCE.
Procedures
This Security Governance…
Offers advice and best practices and is an OPTIONAL COMPLIANCE.
Guidelines
Security baselines such as NIST SP800-53, provides standardized set of controls that an organization may use as a benchmark (T/F)?
True!
An organization would typically adopt a baseline standard wholesale (T/F)?
False!
- They would tailor a baseline to meet their specific security requirements instead.
What does the principle of defense-in-depth say?
Organizations should use a variety of overlapping security controls to prevent against the failure of a single control.
When designing overlapping controls, strive for _______ of vendors and control types.
Diversity
What are the three most common zones that firewall deployment topologies use?
- a trusted intranet
- an untrusted Internet
- demilitarized zone (DMZ)
- These networks are often created using a triple-homed firewall.
When managing security of a system, what operating system security principles do you have to keep in mind?
- Disable unnecessary services and applications.
- Close unneeded network ports.
- Disable default accounts and passwords.
- Apply all security patches.
When developing new systems, organizations move them through a four-stage process using different environments, what are they?
- Development - environments where developers create and modify the system.
- Test - environments where the system is tested. If flaws are discovered, it is returned to development.
- Staging - environments are where approved code is placed, awaiting release to production.
- Production - environments contain systems that are currently serving customer needs.