Chapter 1 Flashcards
What are the 3 objectives in CS
Confidentiality, integrity and availability. - CIA Triad
What does the confidentiality stand for
Confidentiality making sure only authorised personal are able to access the system/information.
What does the integrity stand for
Making sure no unauthorized modifications are done both intentionally and unintentionally. They may try to utilise certain scenarios which can weaken the integrity of the system such as a power spike which can cause corruption of information.
What does the availability stand for
Ensuring that information and systems are ready to meet the needs of authorized personal whenever requested. Threats may come from attackers seeking to disrupt the access
Give Examples of Confidentiality Controls
Security Controls are Firewalls, Access control lists and encryption
Give Examples of Integrity Controls
Hashing, integrity monitoring solution
What is hashing
Hashing is the practice of transforming a given key or string of characters into another value for the purpose of security
Give Examples of Availability Controls
Fault Tolerance, Clustering and backups.
what is Fault Tolerance and Clustering
Fault Tolerance: is a process that enables an operating system to respond to a failure in hardware or software.
Clustering: Cluster analysis simply means grouping data points that are similar to each other and are found throughout the network in order to reveal hidden and unusual patterns of activity and detect cyber security attacks
What does the DAD triad stand for
Disclosure: Alteration: Denial. These are 3 different types of threats.
What does the Disclosure mean
The exposure of sensitive information to unauthorized personal AKA data loss. This violates the first part of the CIA triad (Confidentiality) Attackers may gain access to sensitive information can remove it from the organization which is known as data exfiltration.
Define Alteration
Unauthorized modification of data and violates integrity. Attackers may be using it to seek financial gain or modifying documents.
What is a bit flip
A natural activity causing a power surge which can cause a bit flip which modifies stored data.
What does the denial stand for in DAD triad
Disruption of availability, Such as DDoS attack. This can happen accidently such as failure of critical server of natural activity.
Define Breach Impact
There are different types of incidents which may occur, Example: Financially, Reputational. Strategic, Operational and compliance.
Define Financial Risk
Monetary Damage to the company such as worker losing laptop or rebuilding data centre after its been destroyed
Define Reputational Risk
How your public image will be, good will among customers, suppliers and stakeholders.
What is PII
Personally Identifiable Information(PII): Name, DOB, SSN, Passport data
Define Strategic Risk
Risk that an organization will become less effective in meeting its major goals and objectives due to breach
Define Operational Risk
Risk to the organizations ability to carry out its day to day function. This can slow down businesses. Inefficiency/delay risk
Define Compliance Risk
When a security breach causes an organization to run afoul or legal requirements. For example losing medical records can be sanctioned by fines.
How are security controls implemented
Security Controls are Categorized based on the mechanism of action required and how will the objective be met.
Name 3 different categories of security controls there are
Technical Controls, Managerial Controls, Operational Controls
Define technical controls and give examples
Technical Controls: Enforce CIA in the digital space. Examples: Firewalls, access control lists, IPS (Intrusion Prevention systems) and encryption.
Define Operational Controls and give examples :
Processes that we put in place to manage technology in a secure manner. Examples: User Access Reviews, Log monitoring and vulnerability management.
Define Managerial Controls and give examples
Procedural mechanisms that focus on the mechanics of the risk management process, Examples: Admin Controls which could be risk assessments, security planning exercises. And including security into organizations change management, services acquisition and project management practices.
How are security controls set out
Organisations select a set of security controls to meet their control objects based on the criteria and parameters. A company that deals with sensitive data may require the highest level of security controls.
Define some security control types
Preventative Controls, Detective Controls, Corrective Controls, Physical Controls, Compensating Controls
Define preventative controls
Stopping a security issue before it occurs Example Firewall/Encryption
Define detective controls
Identify security events that have occurred. IDS (intrusion detection systems) are detective controls.
Define Physical Controls
Physical security: CCTV, lock doors, lighting, burglar alarms.
Define Compensating controls
Controls designed to mitigate the risk associated with exceptions made to a security policy.
Give an example of a compensating control used today
The payment card industry data security standard (PCI DSS) is one of the most formal compensating control processes used today.
What are the 3 criterias must be met for CC to be satisfactory
The control must meet the intent and rigor of the original requirements
The control must provide a similar level of defense as per the original requirements.
The control must be above and beyond other PCI Dss requirements
Define Compensating Controls
Finding an alternative to achieve an objective when the organization cannot meet the original requirements. It is used as a temporary exception to a security requirement. Plans are made to reinsure compliance of original controls after.
Define Data Protection
The security of data, Loss can have a wide range of impact.
Name 3 states where data might exist
Data in Motion: Transit of data over a network, when data travels in a vulnerable network it is open to eavesdropping attacks by anyone who have access to the networks.
Data in processing: Data which is actively being used by a computer system. This includes the data stored in memory while processing takes place. An attacker with control of system may be able to read its content
Data in Motion: Transit of data over a network, when data travels in a vulnerable network it is open to eavesdropping attacks by anyone who have access to the networks.
Name Some Security Controls Used to safeguard Data
Data Encryption: Mathematical algorithms to protect info, this can be done while in transit or when at rest. Cannot be read by people who don’t have the correct decryption key.
Data Loss Prevention (DLP): This helps organisations enforce info handling policies and procedures to prevent data theft/loss. This searches systems which may be unsecure and blocks the transmission before damage is done to the system. It alerts the admins to the type of breach.
2 ways a DLP system works
- Host based DLP
- Network DLP
Define Host based DLP
Host based DLP uses software agents installed on system that search those systems for presences of sensitive information. Examples SSN, CC numbers, Once detected security professionals can take the correct action. You can also monitor system configuration and user actions and able to block certain actions from being taken.
Example: Organization takes action to stop usage of USB devices to stop information being stolen.
Define Network Based DLP
Network Based DLP systems block traffic that violates the organization’s policies, they may automatically apply encryption to the content. This is normally used in DLP systems that focus on email.
Name 2 actions taken in NBDLP
Pattern Matching: Watch for signs of sensitive information, example seeing numbers formatted like a CC or SSN, they can automatically trigger on that. Or if they detect words like confidential or secure, they may automatically take action.
Watermarking: Where systems or administrators apply electronic tags to sensitive documents and then DLP systems can monitor systems and networks for unencrypted content containing those words. This is normally used with copyright and data ownership restrictions.
Define data minimisation
Reducing the amount of sensitive one maintains. Best practice of doing this is data minimisation which is destroying data you no longer need.
If one cannot destroy the data then you can transform it into a format where the original sensitive information is de identified. This removes the ability for the data to link to someone.
What is data obfuscation
is turning it into a format where the original cant be retrieved.
Give an example of data obfuscation
Hashing: uses hash function to transform a value in our dataset to a corresponding hash value. A negative to using hashing is that it is prone to rainbow table attack. In this attack the attacker computes the hashes of those candidate values and then checks to see if those hashes exist in our data file.
Tokenization: Replaces sensitive values with unique identifier using lookup table. Examples replace a widely known value such as Student ID with a random 10 digit number. These 10 digits can be converted back into student ID original value.
Masking: Redacts sensitive information by replacing some or all sensitive fields with blank characters. Examples replace all but last 4 digits of CC number with X’s or *s to render the Card number unreadable.
Tina is tuning her organizations intrusion prevention system to prevent false positive alerts. What type of control is Tina implementing?
Technical Control
Tony is reviewing the status of his organization’s defense against a breach of their file server. He believes that a compromise of the file server could reveal information that would prevent the company from continuing to do business. What term best describes the risk that Tony is considering?
Strategic
Greg recently conducted an assessment of his organization’s security controls and discovered a potential gap: the organization does not use full-disk encryption on laptops. What type of control gap exists in this case?
Preventive
Which one of the following data protection techniques is reversible when conducted properly?
Tokenization