Chapter 13: Security Operations Flashcards
What is the need to know principle?
The requirement that users are granted access only to data or resources they need to perform assigned work tasks.
What is the principle of least privilege?
Subjects are granted only the privileges necessary to perform assigned work tasks and no more.
What is separation of duties and responsibilities?
Ensuring that no single person has total control over a critical function or system.
What is separation of privilege?
Similar to separation of duties and responsibilities. Applies the principle of least privilege to applications and processes.
What is segregation of duties?
Ensuring that individuals do not have excessive system access that may result in a conflict of interest. Combines separation of duties with least privilege.
What is split knowledge?
Combines separation of duties and two-person control into a single solution. Information or privilege to perform an operation is divided among multiple users.
What is two-person control?
Requiring approval of two individuals for critical tasks.
What is job rotation?
AKA rotation of duties. Employees are rotated through jobs or job responsibilities.
What are the benefits of job rotation/rotation of duties?
Provides peer review, reduces collusion and fraud, enables cross-training.
What are examples of privilged operations that should be monitored for administrative accounts?
accessing audit logs changing system time configuring interfaces managing user accounts controlling system roboots controlling communication paths backing up and restoring the sstem running script/task automation tools configuring security mechanism controls user operating system control commands using database recovery tools and log files.
What is PII?
Personally Identifiable Information.
Any information that can distinguish or trace a person’s identity. Name, SSN, date/place of birth, mother’s maiden name, biometric info.
What is one common way sensitive information is compromised?
Loss of backup tapes.
What is data reminance?
Data that remains after it has supposedly been removed.
List terms commonly associated with destroying data.
Erasing, clearing, purging, declassification, sanitization, degaussing, destruction.
What is erasing?
Performing a delete operation against a file, selection of files, or the entire media. Usually only deletes an index.
What is clearing?
Unclassified data is written over all addressible locations on the media. Data can’t be recovered using traditional recovery tools.
What is purging?
More intense form of clearing. Provides a level of assurance that the data is unrecoverable using all known methods. Often multiple clearing passes.
What is declassification?
Any process that purges media or a system in preparation for reuse in an unclassified environment.
What is sanitization?
A combination of processes that removes data from a asystem or from media. Ensures data can’t be recovered by any means.
What is degaussing?
Erasing data using a strong magnetic field. Not usually recommended for hard disks. Doesn’t work on optical media.
What is destruction?
Final stage in the media life cycle, after proper sanitization. Incineration, crushing,shredding, dissolving.
Why would organizations buy smartphones for their employees?
It gives them control over the devices which they can use to secure them for example enabling encryption, screen locks, GPS, and remote wipe capabilities.
How can you overcome remote wipe capabilities?
Remove the SIM card.
What are the steps of patch management?
- Evaluate patches
- Test patches
- Approve patches
- Deploy the patches
- Verify that patches are deployed
What is CVE?
Common Vulnerabiltiies and Exposures
Who maintains the CVE dataase?
MITRE.
What is the CVE database used for?
Usually used by patch management and vulnerability management tools for scanning for specific vulnerabilties.
What is baselining?
In configuration management, it’s the starting configuation for a system.
What are the steps in the change management process?
- Request the change
- Review the change
- Approve/disapprove the change
- Schedule and implement the change
- Document the change
What are common items to check in a security audit?
Patch management, vulnerability management, configuration management, change management
