Chapter 11 - Mgmt Issues in Info Security

Question 1

What is Info Security?

Answer 1

More than just preventing HW and SW from crashing

• set of practices to keep data secure from unauthorized access
• both when stored or being transferred
• Keeps the company operating

Question 2

What is the goal of info security?

Answer 2

Ensure data integrity and business contuity

Question 3

What are security threats?

Answer 3

Many different forms including

• software attacks
• theft of intellectual property
• identity theft
• theft of info or equipment
• sabatoge
• extorsion

Question 4

What are some rising trends in security threats?

Answer 4

• rising password misuse leading to unauthorized logins
• social engineering

Trends and types of threats will be different depending on the country

Question 5

What are some examples of data theft?

Answer 5

• employee illegally access emails to extract info for malicious intent
• employee angry about low bonus brings down comp system by deleting data records
• unhappy administrator changes code of legacy systems and creates bad data
• ## marketing salesman sells data

Question 6

What is the scope of secutiy mgmt?

Answer 6

Personnel security - who has access, modify data
Applixation secutiy - security of app
OS security - protecting OS from threats
Network security - prevent unauthirzed access of computer network
Web services securtiy - preventing web services from attacks
Facitlity security

Question 7

What are some common attacks?

Answer 7

Virus - comp programs that appear to perform a task but hidden malware
Sniffing - monitor network traffic reading messages
Spoofing - pretending to be a legit site
Denial of service - flooding a service until it crashes
Phishing - email or website attempting to obtain personal info
Playing middleman - positions between user and application, appear normal exchange of info.

Question 8

What are the five pillars of info sec?

Answer 8

1) Authentication
2) Identification
3) Privacy
4) Data Integrity
5) Non-repudiation - proof a transaction occured

Question 9

What are technical countermeasures?

Answer 9

Used to protect the confediality and integrity of data.

They are a wide variety of measures available at every level of the tech stack

Question 10

What are some easy ways to increase security?

Answer 10

• adding additional security measures
• removing unneeded services
• hardening systems
• limiting access

Question 11

What are some tools to increase security?

Answer 11

• Firewalls
• Encyption
• VPNs (cheapter, doesnt provide 100% end-to-end security)

Question 12

What are the most common info sec tools?

Answer 12

Firewalls - controls access between networks, filters illegal message packets

Encryption - secret key (e.g. DES), public key (e.g. RSA, used in web browsers, basis of RSA)

VPNs - use tunneling and encryption (uninterruptable pathway and encrypted messages ) to keep data secure

Anti-virus software
Anit-spyware sw

Question 13

What are some management countermeasures?

Answer 13

• computer auditing - making sure programs do what they are supposed to do
• computer monitoring - searching for security loopholes
• economic evaluation of security measures - done by conducting cost/benefit anal of countermeasures

Question 14

What are security loopholes?

Answer 14

Vulnerability is software, particularly in OS

Question 15

What is the first weapon for prevention and recovery of damage from security threats?

Answer 15

Establishing a bus continuity plan

Question 16

What are some strategies for a bus continuity plan?

Answer 16

• establishing alternative work places
• back-up it sites
• evacuation planss
• disaster recovery plan

Question 17

What are the two options for dister plans

Answer 17

Internal resources

• multiple data centers
• distributed processing
• back-ups

External resources

• integrated disaster recovery
• specialized disaster recovery
• online/offline data storage

Question 18

What are integrated disaster recovery services?

Answer 18

Fully operational processing facilities available in less than 24 hours
- usually subscriptions

Question 19

What are specialized data recovery services?

Answer 19

Accomodate mainframe clients or mid-range systems

- even provide HW

Question 20

What are onine/offline data storage?

Answer 20

Fire resistant, temp controlled alternate data storage locations

Question 21

Should organizations consider security a core compotence?

Answer 21

Yes - it is a strategic investment. tied to an orgs success and improving resilience

Question 22

What are the steps needed to make security a core compotence?

Answer 22

1) Create and communicate an enterprise security framework
2) Create culture for enforcing info sec by knowledge mgmt
3) securing security info structure
4) Assure internal security policy and external regulatory compliance, incorporate into app features
5) Governance - incorporate experts in design and implementation

Question 23

Why is data theft one of the worst security threats?

Answer 23

Stolen data can be used to steal people’s identities with major economic and legal implications

It can also go undetected

89% of companies still feel vulnerable

Corporate info costs can go into the billions of dollars as it is far reaching

Question 24

What are some warning signs of an insider criminal?

Answer 24

• mental health
• personalities
• history of violations
• poor people

Question 25

What is the scope of infosec mgmt

Answer 25

• Personnel security
• application security
• operating system security
• network sec
• middleware and web service sec
• facility sec
• egress sec

Question 26

What are some reaons the risk of security threats are increasing?

Answer 26

• mobile and telecommuting increases number of network openings
• e-commerce open to anyone, internet does not have built in security
• hacker communities have become public clubs

Question 27

What are the 9 approaches that hackers use?

Answer 27

1) Cracking the password - guessing or brute forcing a password
2) Tricking someone - disguise as an admin to ask for passwords
3) Network sniffing - monitoring un-encrypted networks for passwords
4) Misusing admin tools - includes tools that find weak spots that hackers can exploit
5) Playing middleman - disguising as one party or denying service to a party
6) Denial of service - floods and crashes a site
7) Trojan horse - hiding a malicous program in a seemingly harmless one
8) Spoofing - pretending to be a legit ip adress and re-directing traffic

Question 28

What are the three ways you can authenticate yourself

Answer 28

• something they know (e.g. a password)
• something they have
• somehting they are

Question 29

Some countermeasure stats

Answer 29

Of 616 security firms in a 2006 FBI survey

• 98% use firewalls
• 97% use anti-virus sw
• 79% use anti-spyware sw

Question 30

What are the three types of VPNs

Answer 30

1) Remove access VPNs - VPN established remotely to enterprise intranet via an ISP
2) Remote office VPN - private networks made in remote offices, ISPs transmit messages to other office
3) External VPN - two networks touch tips

Question 31

What were the 5 findings from the FBI survey about managing security policy?

Answer 31

• most companies conduct an economic eval on security ops
• compliance with sarbanes oaxley raises chances of info threats
• over 80% conduct audits
• virus attacks source of largest financial losses followed by unauthorized access, damage to hw, theft of indo
• % of outsourced sec is low
• cyberinsurance is insignificant
• security awareness training is important

Question 32

Why should security be considered a core competency?

Answer 32

• threats can halt critical activities at any moment

Question 33

What are some steps to create an infosec strat?

Answer 33

• create and communicate enterprise sw sec framework
• knowledge mgmt training
• secure info infrastructure
• assure internal sec policy and ext reg policy
• governance