Chapter 11 Flashcards

1
Q

What are Security Policies?

A
  • Written documents that out line the security plans within a company.
  • administration control to reduce and manage risks
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are Personnel Policies?

A

Policies that relate to issues around staff and their behaviors, expectations, and the consequences if they do not follow.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What’s is the Acceptable Use Policy?

A
  • AUP (Acronym)
  • Policy that determines how users will use the computers, network, and other company resources.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is the Privacy Policy?

A

The Privacy Policy clarifies the company’s stance on whether or not user activity on a company device will be private. Can be apart of the AUP. Users usually have to sign.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are Mandatory Vacation?

A

Personnel policy that force users to take leave from work. Also used to help identify and deter if there is potential theft or fraud.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is Separation of Duties?

A

Personnel policy used to keep one employee or entity from having too much access which can increase the potential of fraud, theft, errors, and or system failures.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is Least Privilege?

A

Personnel policy which states that a user should only have the rights, access, and permissions to perform their job and nothing more.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is Job Rotation?

A

Job Rotation is a Personnel policy which requires employees to change positions within a set time period. Period can be reoccurring. Used to identify fraudulent activity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is a Clean Desk Space policy?

A

Personnel policy that requires users to keep their work spaces organized and clean. Used to prevent data loss and undisclosure from easy accessed to files and devices out in the open.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is the Background Check?

A

Personnel Policy that require the company to do a history check on current and potential employees. Can include, criminal history, Online/Social media history, and or financial history to name a few.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is onboarding / off boarding?

A

Onboarding is the process of bringing a employee into a company and providing them access to all the required company resources.

Off-boarding is the process a employee follows to exit a company. Disabling and or Deleting their accounts to restrict access to resources and returning their equipment to the company.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is an NDA?

A
  • (Non-Disclosure Agreement)
  • an agreement between two or more parties that requirement them to not use it share proprietary information with an unauthorized person or entity.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is Social Media Analysis?

A

When a company reviews the online activity of a current or future potential employee.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is the Supply Chain?

A

All the elements required to produce and sell products and or services.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is Vendor Diversity

A

When a company reduces risk by using more than one vendor of the same Supplies or service in case a vendor is no longer able to provide said supply or service. This policy may also limit the amount of access vendors have to an orgs’ network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is EOL and EOSL?

A

End of Life (EOL) is basically the shelf life of a product, i.eg the product will no longer be sold.

End of Service Life (EOSL) indicates when a vendor will no longer provide support to the org. This may include patch or software support.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is an SLA?

A

A Service Level Agreement (SLA) outlines the terms, services, and performance expectations a vendor agrees to when working with an org.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is an MOU

A

A Memorandum of Understanding (MOU) is a less formal SLA that outlines the intent of two or more entities to work together to obtain a common goal.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What is a BPA?

A

A Business Partnership Agreement is a document that outlines the relationship between business partners, including the obligations towards the partnership. It also identifies shares of profit and losses.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What is an MSA?

A

A Measurement System Analysis (MSA) evaluates the processes and tools used to make measurements. The accuracy of the tool is dependent on the consistency of its results.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What are the elements of the Incident Response Process?

A

Preparation, identification, containment, eradication, recovery, and lesson learned.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What is SOAR, and what is its main benefit?

A

SOAR - Security Orchestration, Automation, and Response. These are tools that work together on a platform to automatically detect and respond to suspicious low-level activity. As an automated tool, it frees up administration time to focus on greater threats.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What is the difference between a Playbook and a Runbook?

A

Playbook - provides guidelines or steps in document form to address an incident response.

Runbook - uses the technical know-how to implement the steps provided by the Playbook.

In football, the Playbook is used by coaches to call the play, the Runbook would be the actual players that carry out the plays in real-time.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What is a Chain of Custody and how are Tags used?

A

A chain of custody is a document that establishes the proper handling of collected evidence from a security incident. This specifically includes, the initial use of tagging (stickers or identifier markers used to identify an article of evidence) and identifying the personnel who have been in possession of the evidence, its location while in use, and its storage location. All of this is done to ensure evidence that makes it to court is admissible.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

What is a Legal Hold?

A

A Legal Hold is a court order directive instructing an org to preserve or retain data is associated with a legal proceeding. Org’s data retention policy comes into play as it identifies how long an org holds on to its data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

How are Event Logs used in Digital Forensics?

A

Event logs are used to recreate the events that occurred before the incident, during, and after. They also identify when something, where, accounts used, etc.

27
Q

What are GMT and UTC?

A

Greenwich Main Time (GMT) and Coordinated Universal Time (UTC) are used to address time offset in logs. GMT and UTC are based on the clock at the Royal Observatory. Logs that are in GMT or UTC do not need to be converted to address offset. If time is kept in other time zones such as EST, PTC, or EDT (Eastern Daylight Time), these time logs will have to be converted to GMT OR UTC for standardization.

28
Q

What is a Right to Audit Clause?

A

A clause added in a contract which allows an org to audit its cloud provider to ensure services are provided as agreed on and to sure regulations is being followed.

29
Q

What is Regulatory Jurisdiction?

A

Regulatory Jurisdiction outlines the regulations that must be complied with depending on where a company’s data and resources are located. This includes data and resources in the cloud.

30
Q

Data Breach Notification Laws

A

Data Breach Notification helps to ensure that organization alert affected personnel of an authorized leak of their data. In the US these laws normally outline within 45 days that affected parties are to be notified. They also outline penalties and fees if not adhered to.

31
Q

What is the order of volatility?

A

The order of volatility specifies in which order data much be retrieved based on their location. In order of most to least volatile: Cache > RAM> Swap or Pagefile (extension of the RAM that is saved to the system disk and is rebuilt on every boot) > Disk > Attached external Memory (thumb drive) > Network (includes servers, shared folders).

32
Q

What are forensic artifacts?

A

Forensic artifacts are pieces of data that normal users are unaware of but a skilled forensic analysis can find and extract.

Some examples:
Web history - page visited and searches
Recycle Bin - Viewing content of deleted files and the metadata of those files
Windows error reporting - provides insight into what programs were running during a crash
Remote desktop protocol cache - provides insight into if an attacker moves laterally through the network or when they are connecting to a system from a server

33
Q

What is the dd command?

A

The dd command is available in Linux and kali Linux systems. The dd command is an imaging tool. The dd command can also be installed in windows.

34
Q

What is Kali Linux Volatility Framework?

A

The volatility framework is a collection of open-source tools in Kali Linux that is used to extract memory contents and digital artifacts.

35
Q

What is memdump?

A

Memdump (short for memory dumper), it can dump the memory of a system or RAM into a terminal or a dumpfile which helps developers and or forensic analysts determine what occurred at or caused a system crash.

Memdump is a part of the Kali Linux Volatility Framework.

36
Q

What is WinHex?

A

WinHex is a windows based proprietary tool. It is a window-based hexadecimal editor used for evidence gathering, data analysis, editing, recovery of data, and data removal. it can work with data on ALL drives.

37
Q

What is FTK imager?

A

FTK imager which stands for Forensic Tool Kit Imager allows for the creation of disk images, either as a single file or multiple files. After the image is created it allows for the viewing and analysis of the data within the image.

38
Q

What is Autopsy?

A

Autopsy is a graphical user interface (GUI) digital platform. This platform allows users to add command line utilities from The Sleuth Kit (TSK), which includes command line utilities from both Windows and Linux. These utilities are used to analyze data on Windows, Linux, and some Appl OS.

39
Q

What is provenance and what tools are used to establish it?

A

Provenance is the tracing of something back to its origin. Hashing and checksums are tools used to verify that an analyzed copy of data is the same as the original.

40
Q

Why is Bandwidth monitoring important in Cyber forensics?

A

By comparing network packets captured at different times forensic investigators can determine changes in network traffic.

41
Q

What is eDiscovery?

A

eDiscovery is the process of identifying and collecting electronically stored data of any kind, including social media entries, voice mails, website data, as well as the data’s meta data.

42
Q

What is strategic intelligence in digital forensics?

A

Strategic intelligence in digital forensics is the process of collecting data, processing it, and analyzing it to create long-term cyber security goals.

43
Q

What is Private Data classification in IT security?

A

Data about an individual that should be kept private, such as PII or health information.

44
Q

What is Confidential Data classification in IT security?

A

Information that an organization intends to keep secret among a certain group of people within the organization. Like salary data (accounting department).

45
Q

What is Proprietary Data classification in IT security?

A

Data owned by an individual,m a group, or an organization. This would include patents, trade secrets, software algorithms, designs, etc.

46
Q

What is the Sarbanes-Oxley Act (SOX)?

A

SOX requires executives within an organization to ensure accurate financial reporting is conducted and that regular auditing of this information is carried out to maintain compliance with the act.

47
Q

What is the Gramm-Leach-Bliley Act (GLBA)?

A

Also known as the financial service modernization act, the GLBA requires financial institutions to provide the consumer with a privacy notice explaining what information they collect and how it is used.

48
Q

What is the General Data Protection Regulation (GDPR)?

A

The GDPR is an EU directive that mandates the protection of privacy data for individuals living in the EU regardless of where the organization is located. GDPR also requires privacy notices to be placed on websites.

49
Q

What is critical data?

A

Critical data is any data that is crucial to the success of a mission within an organization, this includes its overarching goals or specific objectives.

50
Q

What is data minimization?

A

Data minimization is a principle requiring orgs to limit the information they collect and use from their consumers

51
Q

What is data Masking?

A

Data masking is the process of altering data to hide the original content.

52
Q

What is anonymization?

A

Anonymization is the process of removing all PII from the data so that the data can be utilized without directly identifying the individual.

53
Q

What is pseudo-anonymization?

A

Pseudo-anonymization replaces PII within the data with other data or artificial identifiers. Pseudo-anonymization can be undone if individuals get their hands on both the original data and the matching pseudonyms.

54
Q

What is data tokenization?

A

Data tokenization replaces sensitive data elements with a Token. Tokenization systems often hold both the original data and its representative token. Tokens are used at terminals rather than sensitive data.

55
Q

What is data sanitization?

A

Data sanitization methods ensure that data is removed or destroyed from any device, or area before it is disposed of.

56
Q

What is file shredding?

A

File shredding is a data sanitization method that removes all remnants of a file by overwriting the space where the file is located with 1s and 0s.

57
Q

What is wiping?

A

Wiping is a data sanitization method that removes all remnants of data on a disk by repeatedly overwriting the data with 1s and 0s.

58
Q

What is pulverizing?

A

Pulverizing is the physical process of physically destroying media to sanitize it.

59
Q

What is degaussing?

A

Degaussing is a very powerful electronic magnet that when disks are passed through it renders the data on the disk unreadable.

60
Q

What are some responsibilities of the Data owner?

A

Ensuring that data is classified correctly and ensuring that the data is labeled to match the classification. Also, ensuring adequate security controls

61
Q

What are some responsibilities of the data controller?

A

In many case the data controller is the same as the data owner. The controller decides why and how personal data should be processed.

62
Q

What are some responsibilities of the data processor?

A

A data processor is any entity that uses and manipulates the data on behalf of the data controller. At times this may be a third-party provider (such as payroll) or an in-house department.

63
Q

What are some responsibilities of the data custodian/steward?

A

A data custodian AKA data steward is responsible for day-to-day tasks such as backing up data, storage, and implementing business rules. This person would likely be a database administrator (DBA).

64
Q

What are some responsibilities of the Data Protection Officer?

A

The DPO is a rule identified in the GDPR. This individual is responsible for ensuring the organization is complying with all relevant laws. They also need to act as an independent advocate for customer data.