Chapter 2.3 Flashcards
asset management
An asset management process takes inventory of and tracks all of the organization’s critical systems, components, devices, and other objects of value. It also involves collecting and analyzing information about these assets so that personnel can make more informed changes, or otherwise work with assets to achieve business goals.
KPI
Key performance indicators (KPI) can be used to determine the reliability of each asset.
BIA
Business impact analysis (BIA) is the process of assessing what losses might occur for each threat scenario.
Border firewalls
Border firewalls filter traffic between the trusted local network and untrusted external networks, such as the Internet. DMZ (Demilitarized Zone) configurations are established by border firewalls.
Internal firewalls
Internal firewalls can be placed anywhere within the network, either inline or as host firewalls, to filter traffic flows between different security zones.
whole network firewalls
Whole network firewalls are put into place to protect the whole network. They are placed inline in the network and inspect all traffic that passes through
single host firewalls
Single host firewalls are installed on the host and only inspect traffic destined for the host.
automated alerts
If a threshold is exceeded (a trigger), an automated alert or alarm notification must take place. A low priority alert may simply be recorded in a log. A high priority alarm will create an active notification, such as emailing a system administrator or triggering a physical alarm signal.
thresholds
Thresholds are points of reduced or poor performance or change in configuration (compared to the baseline) that generate an administrative alert.
baseline
A baseline establishes (in security terms) the expected pattern of operation for a server or network.
Log analysis
Not all security incidents will be revealed by a single event. One of the features of log analysis and reporting software should be to identify trends.
