Chapter 15-17 Forensics, Policies/Standards/Compliance, Risk Management Flashcards
Order of Volatility
- CPU cache and registers
- Routing Table, ARP cache, process table, kernal stats
- System Memory - RAM
- Temporary files and swap space
- Data on the hard disk/remote logs
- Backups
- Cache file
- RAM
- Page file
- Hard drive
- Network drive
- remote storage/backups
What is dd?
dd is a Linux command line tool that allows you to create images for forensic purposes
What is FTK Imager?
FTK imager is a free tool for creating forensic images
What is memdump?
Memdump is a linux command line tool used for capturing memory
What is WinHex?
WinHex is a disk editing tool that can acquire disks in a raw format
What is Autopsy?
Autopsy is the only “forensic suite” on the exam, it is open source and has broad capabilities
How can you validate a forensic copy?
create hashes of both the original and the copy, then compare the hash.
Policies
Standards
Procedures
Guidelines
Policies are high level statements of management intent, usually BROAD statements
Standards provide mandatory requirements describing how an organization will carry out policies
Procedures are detailed step by step processes that individuals and organizations must follow
Guidelines provide best practices and recommendations related to a concept, technology, or task
Guidelines are the only one that is not mandatory
What are the PCI DSS compensating control criteria?
- intent and rigor
- similar level of defense
- above and beyond the original control
What is least privilege and privilege creep
The concept of least privilege is that no employee should have more privileges than absolutely necessary to do their job
Privilege creep is when an employee changes positions in the company and accumulates privileges without them being revoked from the last position
What is separation of duties
for extremely sensitive job functions where two different tasks combined have significant sensitivity such as accounting. Two person control should be used
What is job rotation
takes employees with sensitive roles and moves them periodically to other positions within the company, making fraud difficult. Mandatory vacations serve the same purpose.
Clean desk policies are designed to protect confidentiality
What is an MSA
Master service agreements provide umbrella contract for work that the vendor does with an organization over an extended period of time often with detailed security and privacy requirements
What is a SLA
service level agreement specifies the conditions of service that will be provided
What is an MOU
memorandum of understanding documents aspects of the relationship
What is a BPA
Business Partnership Agreement exists when two organizations do business together in a partnership
What is EOL/EOSL
end of life/ end of service life
What is HIPAA and PCI DSS
industry data protection standards for healthcare and payment card
what is GDPR
General Data Protection Regulation implements security and privacy requirements for personal info of EU residents worldwide.
what is AUP
acceptable use policy
what is the NIST CSF and its 5 elements
what is NIST RMF
cyber security framework, Identify Protect Detect Respond Recover
Risk management framework
What is the ISO
international organization for standardization for best practices for cyber security and privacy
what is ISO 27001
information security standards
what is ISO 27002
information security standards like 27001, but goes beyond control objectives and describes actual controls
what is ISO 27701
standard guidance for managing PRIVACY controls
What is ISO 31000
Risk management guidelines
What is the difference between an audit and assessment
Audits are formal, assessments usually aren’t. Audits are often performed by 3rd party companies, assessments are usually requested by the company itself.
What is SOC 2
SOC 2 assesses the organizations security and privacy controls
What is SOC type 1 vs 2
SOC type 1 assesses the design of security processes at a specific point in time
SOC type 2 assesses how effective these controls are over time
What is “risk” the combination of?
Threat and Vulnerability
what is Quantitative vs Qualitative risk?
quantitative risk is numerically calculable
qualitative is subjective judgements for risks difficult to quantify
What is AV in quantitative risk assessment
asset value is the dollar amount of an asset.
What is ARO in quantitative risk assessment
annualized rate of occurrence is the frequency at which the risk is likely to occur
What is EF in quantitative risk assessment
exposure factor determines the amount of damage that will occur
What is SLE in quantitative risk assessment
Single loss expectancy is the financial damage each time the risk materializes
What is ALE in quantitative risk assessment?
annual loss expectancy is the amount of damage expected from a risk each year
Risk management strategies
Risk Mitigation - reducing probability and magnitude of a risk
Risk Avoidance - changing business practices to eliminate the potential that a risk will materialize (typically has impact on productivity)
Risk Transference - shifts the impact from the organization to another entity like an insurance company
Risk Acceptance - taking no other RM strategy, just facing the risk.
Presenting risk management to senior leadership
A risk matrix or risk heat map is far more effective in communicating risk to senior leadership than the risk register, which is a lengthy, detailed document.
What is RTO
recovery time objective is the amount of time an organization can tolerate a system being down
What is RPO
recovery point objective is the amount of data the organization can tolerate losing
what is MTTR
mean time to repair is the average system restoration time after a failure
What is MTBF
Mean time between failures is a measure of system reliability
Government Data Types
Top Secret
Secret
Confidential
Unclassified
Business Data Types
Highly Sensitive
Sensitive
Internal
Public
COMPTIA data classification levels
Public Private Sensitive Confidential Critical Proprietary
Data Roles
Data Controller - determine the reasons for processing personal information
Data Steward - individuals who carry out the intent of the data controller
Data Custodians - does not have controller or steward responsibility, but is responsible for secure safe keeping of information
Data Processor - service providers that process personal information on behalf of the data controller
GDPR formalizes the chief privacy officer, calls it DPO data protection officer.