Chapter 5 Flashcards
What is ingress monitoring
surveillance and assessment of all inbound communications traffic and access attempts
What is Egress monitoring
monitoring of all outbound network traffic, used to regulate data leaving the organization’s IT environment.
Give an example of some devices that perform ingress monitoring
Firewalls
Gateways
Remote authentication servers
IDS/IPS tools
SIEM solutions
Anti-malware solutions
Egress monitoring should be combined with DLP and deployed to what attack vectors for Data leak
Email (content and attachments)
Copy to portable media
File Transfer Protocol (FTP)
Posting to web pages/websites
Applications/application programming interfaces (APIs)
What is an encryption system
is the set of hardware, software, algorithms, control parameters and operational methods that provide a set of encryption service
Explain configuration management
a process and discipline used to ensure that the only changes made to a system are those that have been authorized and validated
what are the components of configuration management
Identification
Baseline
Change Control
Verification and audit
Define the identification of CM
Baseline identification of a system and all its components, interfaces and documentation.
define the baseline component of CM
A security baseline is a minimum level of protection that can be used as a reference point. Baselines provide a way to ensure that updates to technology and architectures are subjected to the minimum understood and acceptable level of security requirements.
define the Change Control component of CM
An update process for requesting changes to a baseline, by means of making changes to one or more components in that baseline. A review and approval process for all changes. This includes updates and patches.
Define the Verification and Audit of CM
A regression and validation process, which may involve testing and analysis, to verify that nothing in the system was broken by a newly applied set of changes. An audit process can validate that the currently in-use baseline matches the sum total of its initial baseline plus all approved changes applied in sequence.
What is the first step to security baselining
Take inventory of the assets you have and their compliance
What is the second step to security baselining
The baseline is a total inventory of all the system’s components, hardware, software, data, administrative controls, documentation and user instructions
Third step to security baselining
Ensure updating is in place with controls to validate backwards compatibility and forwards compatiiblity of updates. Also perform security review of assets to determine if things once considered secure are still, in fact, secure.
Final step to security mgmt
Patch management mostly applies to software and hardware devices that are subject to regular modification. Orgs should test the patch before rolling it out across the organization.
What are some common security policies
BYOD, Change MGMT, Privacy, AUP, Data Handling, password policy
Describe Data handleing
Determines how data can be used in a company, who can see and use it. May be based on regulatory bases
Proper data classification also helps the organization comply with pertinent laws and regulations.
Describe some common items in a AUP
Data access
System access
Data disclosure
Passwords
Data retention
Internet usage
Company device usage
describe a privacy policy
A policy that describes how PII and PHI will be used within an environemnet in acordance with GDPR, HIPAA, PIPEDA)(CA)and other laws concerning this type of data
The organization should also create a public document that explains how private information is used, both internally and externally.
What are the three steps in a change management policy
deciding to change, making the change, and confirming that the change has been correctly accomplished
What is the first component to change mgmt
an RFC or request for change is submitted and documented
What is the second step in CM
Evaluate RFCs for completeness.
Assignment to the proper change authorization process based on risk and organizational
practices, Stakeholder reviews, resource identification and allocation.
Appropriate approvals or rejections, and Documentation of approval or rejection.
What activities are included in the third step of CM
Scheduling the change, Testing the change, Verifying the rollback procedures, Implementing the change, Evaluating the change for proper and effective operation, and Documenting the change in the production environment
True or False? Business continuity planning is a reactive procedure that restores business operations after a disruption occurs
Business continuity planning is proactive preparation for restoring operations after disruption
What is the risk associated with delaying resumption of full normal operations after a disaster?
Alternate operations are typically more costly than normal operations, in terms of impact to the organization; extended alternate operations could harm the organization as much as a disaster.
When should a business continuity plan (BCP) be activated?
When senior management decides
A senior manager with the proper authority must initiate the BCP.