Ch.1 Todays Security Professional Flashcards
Foundational model for cybersecurity and defines three primary objectives for protecting information systems
CIA Triad: Confidentiality, Integrity, Availability
What is Confidentiality in the CIA security model and what security controls are implmented to prevent unauthorized access to information?
Definition: Ensures that unauthorized individuals cannot access sensitive information.
Purpose: Protects private or sensitive data from being disclosed to unauthorized parties.
Security Controls Implemented:
Encryption: Converts data into unreadable format unless the user has the decryption key.
Firewalls: Filter network traffic to block unauthorized access.
Access Control Lists (ACLs): Define who can access specific resources and what actions they can perform.
Multi-Factor Authentication (MFA): Requires multiple forms of verification to access systems.
What is Integrity in the CIA security model and what security controls are used to aid in data integrity?
Definition: Ensures that information is accurate, consistent, and unaltered unless modified by authorized individuals.
Purpose: Prevents unauthorized changes to data, ensuring it remains trustworthy and reliable.
Security Controls Implemented:
Hashing: Generates a unique value based on data input to verify that data hasn’t been altered.
Digital Signatures: Confirms that data comes from a verified source and hasn’t been changed.
Integrity Monitoring Systems: Continuously check files and systems for unauthorized modifications.
Access Controls: Restrict who can modify specific data.
What is Availability in the CIA security model and what security controls ensure that legitimate users may gain access as needed?
Definition: Ensures that systems and data are accessible to authorized users when needed.
Purpose: Supports business continuity by ensuring critical systems remain operational.
Security Controls Implemented:
Backups: Create copies of data for recovery if primary data is lost or corrupted.
Fault Tolerance: Systems that continue to operate even if one component fails.
Clustering: Using multiple servers to ensure system uptime even if one fails.
Disaster Recovery Plans: Strategies to recover systems and data after incidents.
What is Non-Reupudation and what security controls are used?
Definition: Ensures that a party cannot deny performing an action, such as sending a message or initiating a transaction.
Purpose: Provides proof of authenticity for actions or communications, ensuring accountability.
Security Controls Implemented:
Digital Signatures: Verify the sender’s identity and ensure that the message hasn’t been altered.
Audit Logs: Record user actions to trace who performed specific tasks.
Email Receipts: Confirm that the recipient received the message.
What identifies three primary threats to the CIA triad?
DAD Triad - Disclosure, Alteration, Denial
Explain Disclosure
Definition: The unauthorized exposure of sensitive information.
Related to: Violates Confidentiality.
Examples:
Data exfiltration (an attacker stealing sensitive data).
Misconfigured access controls exposing data.
Losing an unencrypted laptop with sensitive data.
Explain Alteration
Definition: The unauthorized modification of data or systems.
Related to: Violates Integrity.
Examples:
An attacker altering financial records.
A power surge causing data corruption.
A user accidentally changing critical information.
Explain Denial
Definition: Disrupting access to systems or data for legitimate users.
Related to: Violates Availability.
Examples:
Distributed Denial-of-Service (DDoS) attack taking down a website.
Hardware failure preventing access to services.
Natural disasters destroying key systems.
Security incident categories generally used by businsses to describe risk. Explain each
Financial Risk: Direct losses (system repairs, fines) or indirect losses (loss of business or customers).
Reputational Risk: Negative publicity that damages trust among customers and stakeholders.
Strategic Risk: Interference with long-term business goals or objectives (e.g., losing product plans to a competitor).
Operational Risk: Disruptions in daily operations that reduce efficiency or delay processes.
Compliance Risk: Legal or regulatory violations that result in penalties or sanctions (e.g., violating HIPAA or GDPR).
*Risks can fit into more than one category
What are the main categories of security controls?
Technical (or Logical) Controls, Operational Controls, Mangerial Controls, Physical Controls
Explain Technical Controls
Technical controls are technology based measures that enforce confidentiality, integrity, and availability to protect systems, networks, and data. They are often automated and enforced through hardware or software.
Examples:
Firewalls
Encryption
IDS and IPS
Access control mechanisms (e.g., passwords, multi-factor authentication)
Antivirus and anti-malware software
Network segmentation
Explain Operational Controls
Operational controls are day-to-day execution and implementation of security practices. They involve delivering and enforcing the security training planned and polices at the managerial level.
Examples:
User access reviews
Backup and recovery procedures
Incident response processes
Log monitoring and analysis
Patch management
Vulnerability scanning
Security Training
Explain Managerial Controls
Managerial (or Administrative) controls are high-level policies, plans, and governance structures that guide how security is managed within an organization. They foucs on decision-making, risk management, and compliance
Examples:
Security policies and procedures
Risk assessments and management frameworks
Security awareness planning
Compliance audits
Business continuity planning (BCP) and disaster recovery planning (DRP)
Change management processes
Explain Physical Controls
Physical controls are tangible measures used to protect physical assets, facilities, and infrastructure. They prevent unauthorized physical access and protect against environmental threats.
Examples:
Security guards
Surveillance cameras (CCTV)
Locks, keycards, and biometric scanners
Fences and barriers
Environmental controls (e.g., fire suppression systems, temperature controls)
CompTIA divides security into control types based on their desired effect. What are they?
Preventive Controls: Stop incidents before they happen. Examples: Firewalls, access controls, encryption.
Detective Controls: Identify incidents after they have occurred. Examples: Intrusion Detection Systems (IDS), security audits, log monitoring.
Corrective Controls: Fix issues after an incident has occurred. Examples: Restoring data from backups, applying patches.
Deterrent Controls: Discourage attackers from initiating actions. Examples: Security warning signs, visible security cameras.
Compensating Controls: Mitigate risks when primary controls cannot be implemented or fail. Examples: Using two-factor authentication if biometric controls are unavailable.
Directive Controls: Provide instructions or guidelines to influence security behavior. Examples: Acceptable use policies (AUP), security training.
What is Gap Analysis?`
Definition: Identifies the difference between current security controls and the desired security objectives.
Purpose: Helps organizations discover areas where current controls are insufficient and identifies risks that need remediation.
Process:
Define control objectives.
Evaluate current controls.
Identify gaps (unmet objectives).
Plan remediation strategies.
What are the three states of data in which data can exist during its lifecycle?
Data at Rest, Data in Transit, Data in Use
Explain Data at Rest, Threats, and Security Controls
Definition: Data stored on hard drives, tapes, cloud storage, or other media.
Threats: Theft by insiders or external attackers accessing stored data.
Security Controls:
Encryption: Encrypt stored data to protect against unauthorized access (e.g., AES encryption for files).
Access Controls: Use permissions to limit who can access the data (e.g., role-based access control).
Physical Security: Secure storage devices in locked rooms or safes.
Explain Data in Transit, Threats, and Security Controls
Definition: Data actively moving across networks (e.g., emails, web traffic).
Threats: Eavesdropping attacks by intercepting data over untrusted networks.
Security Controls:
Transport Layer Security (TLS): Encrypts data in transit.
Virtual Private Networks (VPNs): Encrypt traffic over public networks.
Secure Protocols: Use HTTPS, FTPS, and SSH for secure communication.
Explain Data in Use, Threats, and Security Controls
Definition: Data actively being processed in memory or used by applications.
Threats: Attackers gaining control of the system and accessing data in RAM.
Security Controls:
Endpoint Protection: Use anti-malware and host-based intrusion prevention systems (HIPS).
Secure Application Development: Prevent exploits through coding best practices.
Access Restrictions: Limit which applications can access sensitive data.
Access controls (e.g., least privilege principles).
Data loss prevention (DLP) tools.
Explain Data Encryption and name key security controls
Definition: Uses mathematical algorithms converting plain text data into an unreadable format, only accessible by those with the decryption key. This ensures confidentiality.
Purpose: Protects data from unauthorized access, whether it’s in transit or at rest.
Key Security Controls:
AES (Advanced Encryption Standard): Common for data at rest.
TLS (Transport Layer Security): Secures data in transit over networks.
Public Key Infrastructure (PKI): Manages encryption keys for secure communications.
What is the purpose of DLP Systems and what types are there?
Data Loss Prevention systems enforces information handling policies to prevent data loss, theft, or unauthorized transmission.
Two types are Agent-based DLP (Host Based) and Agentless-based DLP (Network Based)
Explain Agent-based DLP
Host-Based
Installed on individual systems.
Scans devices for unsecured sensitive information (like Social Security numbers).
Can block certain actions (e.g., disabling USB access).
Explain Agentless-based DLP
Network-Based
Monitors outbound network traffic for sensitive information.
Blocks or encrypts unapproved transmissions (common with email security).
What are the methods of dectection used by DLP systems?
Pattern Matching: Detects data based on patterns (like credit card numbers).
Watermarking: Tags sensitive documents, allowing DLP systems to track and block unauthorized transmissions.
Explain Data Minimization
Data minimization techniques seek to reduce risk by reducing the amount of sensitive information that we maintain on a regular basis by the following
Data Destruction: Remove data when it is no longer needed.
Deidentification: Remove personally identifiable information (PII) to prevent identification.
Obfuscation: Alter data so it can’t be linked back to individuals.
Explain Data Obfuscation
Data obfuscation is the process of masking or disguising sensitive data to make it unreadable or meaningless to unauthorized users, while still preserving its usability for authorized purposes. It is commonly used to protect sensitive information (e.g., PII, financial data) during testing, development, or analytics, where real data is not required.
Name key techniques of Data Obfuscation
Masking:
Replaces sensitive data with fictional but realistic values (e.g., replacing a real credit card number with --**-1234).
Tokenization:
Substitutes sensitive data with a non-sensitive equivalent (token) that has no exploitable value (e.g., replacing a Social Security Number with a random token).
Encryption:
Converts data into an unreadable format using encryption algorithms (e.g., AES encryption).
Scrambling:
Randomly reorders characters or numbers (e.g., changing 1234 to 3412).
Data Shuffling:
Rearranges data within a dataset to break the link between sensitive data and its owner.
Nulling Out:
Replaces sensitive data with null values (e.g., replacing an email address with NULL).
Explain Segmentation
Definition: Dividing a network into smaller, logical segments (subnets) based on function, department, or security requirements restricing access between them.
Purpose: Limit lateral movement of attackers within the network.
Improve performance and manageability.
Techniques:
VLANs (Virtual Local Area Networks): Logically separate network traffic.
Subnetting: Divide a network into smaller IP address ranges.
Firewalls: Control traffic between segments.
Example: Placing sensitive financial systems on a separate VLAN.
Explain Isolation
Definition: Completely separating systems or networks to prevent any interaction.
Purpose: Protect highly sensitive systems (e.g., payment processing, critical infrastructure).
Prevent unauthorized access or data leakage.
Techniques:
Air-Gapping: Physically isolating a system from all networks.
Virtual Machines (VMs): Running isolated environments on the same hardware.
Containers: Isolating applications using technologies like Docker.
Example: Isolating a SCADA system controlling industrial equipment from the corporate network.
