Chapter 1: Mastering Security Basics Flashcards
Introduction to core security goals.
What are the three core goals of Cybersecurity?
Maintaining confidentiality, integrity, and availability. AKA CIA.
What is confidentiality?
The ability to prevent the unauthorized disclosure of information.
What is encryption?
Any number of methods that scramble data to make it unreadable to unauthorized personnel.
What are the three core identity and access control management activities of access controls?
Identification, Authentication, and Authorization.
What is Identification?
When a user claims an identity (e.g. userID, username, email).
What is Authentication?
When a user proves their identity (through something they know, something they have, something they know, or somewhere they are).
What is Authorization?
Determines what resources to grant or restrict access to based on some rules.
What is Integrity?
The various methods that prevent the unauthorized alteration of information or systems. It keeps info safe from intentional or accidental changes.
What is Hashing?
An integrity method that converts data into a fixed-size hash value to ensure data integrity, prevent tampering, and verify authenticity.
What is Availability?
The various methods that ensures authorized users are able to access information and systems when they need them.
What is Redundancy?
Adds duplicates of critical systems to provide FAULT TOLERANCE.
What is Fault Tolerance?
The ability for a system to continue functioning despite the failure of one or more components.
What are Disk Redundancies?
A method of storing the same data in multiple locations to ensure data availability and fault tolerance in case of hardware failure.
What are Server Redundancies?
Additional standby/backup servers can continue to make services available when the operating server fails.
What are Network Redundancies?
Adding additional bandwidth support in case any network path fails.
What are Power Redundancies?
Adding backup power sources in case commercial power fails (e.g. uninterruptible power supplies aka UPSs).
What is Scalability?
The ability to increase the capacity of your system/service in the face of increasing demand.
What is Horizontal Scalability?
Increasing the capacity of system/services by adding more servers to existing infrastructure.
What is Vertical Scalability?
Increasing the capacity of system/services by adding more resources to pre-existing servers (e.g. such as RAM, CPU power, storage, etc).
What is Elasticity?
The automation of scalability by having systems add/remove resources as needed.
What is Patching?
A process that ensures that systems stay available by keeping them up-to-date with patches that resolve bugs that can compromise CIA.
What is Resiliency?
The ability for a system to heal itself/recover from faults with minimal downtime.
What is the difference between high availability and resiliency?
High availability is proactive by keeping services alive continuously whilst resiliency is reactive by accepting failure might happen but prepares itself to recover quickly from them.
What is Risk?
The possibility of a threat exploiting a vulnerability resulting in a loss.
What is a Threat?
Any circumstance/event that has the potential to compromise CIA.
What is a Security Incident?
An adverse event/series of events that can negatively affect the CIA of an organization’s IT.
What is Risk Mitigation?
The methods used to reduce the chances that a threat will exploit a vulnerability or the impact that the risk will have on the organization if it does occur.
What are Control Categories?
They describe how particular controls work.
What are Technical Controls?
They use technology (e.g. hardware, software, and firmware) to reduce risk.
What are Managerial Controls?
They are primarily administrative in function. They are typically documented in an organization’s security policy and focus on managing risk.
What are Operational Controls?
They help ensure that the day-to-day operations of an organization comply with security policy. People implement them.
What are Physical Controls?
They impact the physical world (e.g locks on doors, fences, security guards).
What are Control Types?
They describe the goal the control is meant to achieve.
What are Preventive Controls?
These controls attempt to prevent an incident from occurring.
What are Detective Controls?
These controls attempt to detect incidents after they have occurred.
What are Corrective Controls?
These controls attempt to restore normal operations after an incident occurs.
What are Deterrent Controls?
These controls attempt to discourage individuals from causing an incident.
What are Compensating Controls?
These are alternative controls used when primary controls are not feasible (e.g. using a tmp account for new hires).
What are Directive Controls?
These are controls that provide instruction to individuals on how they should handle security related situations that arise.
What are some examples of Technical Controls?
Encryption, Antivirus software, IDSs & IPSs, Firewalls, and the least privilege principle.
What are examples of Managerial Controls?
Risk assessments and vulnerability assessments.
What are examples of Operational Controls?
Awareness and training, configuration management, and media protection.
What are examples of Physical Controls?
Any control that can be physically touched such as locks, fences, vestibules, etc.
What are some examples of Preventive Controls?
Hardening, training, security guards, account disablement process, or IPSs.
What are examples of Deterrent Controls?
Warnings signs and login banners.
What are examples of Detective Controls?
Log monitoring, Security Information and Event Management (SIEM) systems. security audits, video surveillance, motion detection, or IDSs.
What are examples of Corrective Controls?
Backups & system recovery and incident handling processes.
What are examples of Compensating Controls?
A new hire cannot use the primary method of authentication, so they need to use a TOTP in the meantime.
What are examples of Directive Controls?
Policies, standards, guidelines, and change management.
What are Logs?
Logs are entries that help identify what happened, when it happened, where it happened, and who/what did it.
What is a Security Information and Event Management (SIEM) system?
SIEM provides a centralized solution for collecting, analyzing, and managing data from systems, applications, and infrastructure devices.
What is Security and Event Management (SEM)?
SEMs provide real-time monitoring, analysis, and notification of security events.
What is Security Information Management (SIM)?
SIMs provide long-term storage of data, along with methods of analyzing the data for trends or creating reports needed to verify compliance with laws and regulations.
What is Syslog?
A syslog protocol specifies a general log entry format and details how to transport log entries.
What is an Originator? (in the context of Syslog)
Any system sending syslog messages.
What is a Collector? (in the context of Syslog)
Any device that receives syslog messages.
