Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CISSP > Chapter 1 > Flashcards

Chapter 1 Flashcards

1
Q

AAA

A

Identification
Authentication
Authorization
Auditing
Accounting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Security Management Planning

A

Strategic plan - long term 5 years
Tactical plan - 1 year
Operational plan - detailed short-term to support strategic and tactical plans

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Most important to do for organization, hardware, software, service acquisition

A

Identify risks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Security roles (CISSP)

A

Senior management (approve policy)
Security professional (write policy and implement)
Asset owner (responsible for protection; security classifications)
Custodian (day to day protection activities)
User
Auditor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

COBIT
- security framework reference
- used for auditing

A

Provide Stakeholder Value
Holistic Approach
Dynamic Governance System
Governance Distinct from Management
Tailored to Enterprise Needs
End-to-End Governance System

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Due Diligence - planning
Due Care - implementing

A

Senior management - show due diligence and due care

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Documentation review

A

For gov’t agencies
ATO

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Security Management Plan:
Policy, Standards, Procedures, Guidelines

A

Policy - scope
Standards - support policy
Baseline - minimum level of security for all assets, systems, etc. must meet
Procedures - satisfy standards
Guidelines - recommendations only

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Threat Modeling
- Identify
- Categorize
- Analyze

A

STRIDE - Microsoft, s/w development, threat categorization
PASTA - risk centric around value of assets
VAL - for agile development

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

STRIDE

A

Spoof
Tampering
Repudiation
Info disclosure
Denial of service
Elevation of privilege

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

PASTA
(Threat modeling)

A

7 stages:
Stage I: Definition of the Objectives (DO) for the Analysis of Risks
Stage II: Definition of the Technical Scope (DTS)
Stage III: Application Decomposition and Analysis (ADA)
Stage IV: Threat Analysis (TA)
Stage V: Weakness and Vulnerability Analysis (WVA)
Stage VI: Attack Modeling & Simulation (AMS)
Stage VII: Risk Analysis & Management (RAM)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Reduction analysis or decomposition of system

A

Diagram that shows:
Trust boundaries
Data flow
Input points
Privilege operations
Security policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Threat modeling - Focus on threats
Risk assessment - Focus on assets

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Rank threats (Threat modeling)

A

Probability x Damage
High/Med/Low Matrix
DREAD

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

DREAD
(Rank threats)

A

Damage potential
Reproducibility
Exploitability
Affected users
Discoverability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

CISSP (8 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions