Chapter 5: Security Operations Flashcards

1
Q

Data Lifecycle

A

The data security life cycle model is useful because it can align easily with the different roles that people and organizations perform during the evolution of data from creation to destruction (or disposal). It also helps put the different data states of in use, at rest and in motion, into context. Let’s take a closer look.

All ideas, data, information or knowledge can be thought of as going through six major sets of activities throughout its lifetime. Conceptually, these involve:
- Create
- Store
- Use
- Share
- Archive
- Destroy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Classification

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Labeling

A

Security labels are part of implementing controls to protect classified information. It is reasonable to want a simple way of assigning a level of sensitivity to a data asset, such that the higher the level, the greater the presumed harm to the organization, and thus the greater security protection the data asset requires.

  • Highly restricted: Compromise of data with this sensitivity label could possibly put the organization’s future existence at risk. Compromise could lead to substantial loss of life, injury or property damage, and the litigation and claims that would follow.
  • Moderately restricted: Compromise of data with this sensitivity label could lead to loss of temporary competitive advantage, loss of revenue or disruption of planned investments or activities.
  • Low sensitivity (sometimes called “internal use only”): Compromise of data with this sensitivity label could cause minor disruptions, delays or impacts.
  • Unrestricted public data: As this data is already published, no harm can come from further dissemination or disclosure.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Retention

A

Information and data should be kept only for as long as it is beneficial, no more and no less. For various types of data, certain industry standards, laws and regulations define retention periods. When such external requirements are not set, it is an organization’s responsibility to define and implement its own data retention policy. Data retention policies are applicable both for hard copies and for electronic data, and no data should be kept beyond its required or useful life. Security professionals should ensure that data destruction is being performed when an asset has reached its retention limit. For the security professional to succeed in this assignment, an accurate inventory must be maintained, including the asset location, retention period requirement, and destruction requirements.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Destruction

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Remanence

A

Data that might be left on media after deleting is known as remanence and may be a significant security concern. Steps must be taken to reduce the risk that data remanence could compromise sensitive information to an acceptable level.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Ingress Monitoring

A

Different tools are used depending on whether the risk from the attack is from traffic coming into or leaving the infrastructure. Ingress monitoring refers to surveillance and assessment of all inbound communications traffic and access attempts. Devices and tools that offer logging and alerting opportunities for ingress monitoring include:

  • Firewalls
  • Gateways
  • Remote authentication servers
  • IDS/IPS tools
  • SIEM solutions
  • Anti-malware solutions
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Egress Monitoring

A

Egress monitoring is used to regulate data leaving the organization’s IT environment. The term currently used in conjunction with this effort is data loss prevention (DLP) or data leak protection. The DLP solution should be deployed so that it can inspect all forms of data leaving the organization, including:

  • Email (content and attachments)
  • Copy to portable media
  • File Transfer Protocol (FTP)
  • Posting to web pages/websites
  • Applications/application programming interfaces (APIs)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Hashing

A

Hashing takes an input set of data (of almost arbitrary size) and returns a fixed-length result called the hash value. A hash function is the algorithm used to perform this transformation. When used with cryptographically strong hash algorithms, this is the most common method of ensuring message integrity today.

To be useful and secure, a cryptographic hash function must demonstrate five main properties: 

  • Useful: It is easy to compute the hash value for any given message.
  • Nonreversible: It is computationally infeasible to reverse the hash process or otherwise derive the original plaintext of a message from its hash value (unlike an encryption process, for which there must be a corresponding decryption process).
  • Content integrity assurance: It is computationally infeasible to modify a message such that re-applying the hash function will produce the original hash value.
  • Unique: It is computationally infeasible to find two or more different, sensible messages that hash to the same value.
  • Deterministic: The same input will always generate the same hash, when using the same hashing algorithm.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Configuration Management

A

Configuration management is a process and discipline used to ensure that the only changes made to a system are those that have been authorised and validated. It is both a decision-making process and a set of control processes. If we look closer at this definition, the basic configuration management process includes components such as identification, baselines, updates and patches.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Application Server

A

A computer responsible for hosting applications to user workstations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Asymmetric Encryption

A

An algorithm that uses one key to encrypt and a different key to decrypt the input plaintext.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Checksum

A

A digit representing the sum of the correct digits in a piece of stored or transmitted digital data, against which later comparisons can be made to detect errors in the data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Ciphertext

A

The altered form of a plaintext message so it is unreadable for anyone except the intended recipients. In other words, it has been turned into a secret.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Cryptanalysis

A

One who performs cryptanalysis which is the study of mathematical techniques for attempting to defeat cryptographic techniques and/or information systems security. This includes the process of looking for errors or weaknesses in the implementation of an algorithm or of the algorithm itself.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Cryptography

A

The study or applications of methods to secure or protect the meaning and content of messages, files, or other information, usually by disguise, obscuration, or other transformations of that content and meaning.

17
Q

DLP

A

Data Loss prevention

System capabilities designed to detect and prevent the unauthorised use and transmission of information.

18
Q

Decryption

A

The reverse process from encryption. It is the process of converting a ciphertext message back into plaintext through the use of the cryptographic algorithm and the appropriate key for decryption (which is the same for symmetric encryption, but different for asymmetric encryption). This term is also used interchangeably with the “deciphering.”

19
Q

Degaussing

A

A technique of erasing data on disk or tape (including video tapes) that, when performed properly, ensures that there is insufficient magnetic remanence to reconstruct data.

20
Q

Digital Signature

A

The result of a cryptographic transformation of data which, when properly implemented, provides the services of origin authentication, data integrity, and signer non-repudiation.

21
Q

Hardening

A

A reference to the process of applying secure configurations (to reduce the attack surface) and locking down various hardware, communications systems, and software, including operating system, web server, application server, application, etc. Hardening is normally performed based on industry guidelines and benchmarks, such as those provided by the Center for Internet Security.

According to NIST SP 800-152, hardening is defined as the process of eliminating the means of an attack by simultaneously patching vulnerabilities and turning off nonessential services. “One of the best ways to achieve a hardened system is to have updates, patches, and service packs installed automatically”.

22
Q

Message Digest

A

A digital signature that uniquely identifies data and has the property such that changing a single bit in the data will cause a completely different message digest to be generated.

23
Q

Operating System

A

The software “master control application” that runs the computer. It is the first program loaded when the computer is turned on, and its main component, the kernel, resides in memory at all times. The operating system sets the standards for all application programs (such as the Web server) that run in the computer. The applications communicate with the operating system for most user interface and file management operations.

24
Q

Patch

A

A software component that, when installed, directly modifies files or device settings related to a different software component without changing the version number or release details for the related software component.

25
Q

Patch Management

A

The systematic notification, identification, deployment, installation and verification of operating system and application software code revisions. These revisions are known as patches, hot fixes, and service packs.

26
Q

Security Governance

A

The entirety of the policies, roles, and processes the organization uses to make security decisions in an organization.

27
Q

Social Engineering

A

Tactics to infiltrate systems via email, phone, text, or social media, often impersonating a person or agency in authority or offering a gift. A low-tech method would be simply following someone into a secure building.

28
Q

Symmetric Encryption

A

An algorithm that uses the same key in both the encryption and the decryption processes.

29
Q

Change Management

A

All significant change management practices address typical core activities: Request For Change (RFC), Approval, and Rollback.

30
Q

Clearing

A

Clearing is a method used to eliminate the residual physical effects of writing original values to a storage device. This process involves overwriting the data with zeros or ones to ensure the original data cannot be retrieved. For example, when a hard disk is erased, all previously stored data is overwritten, making it impossible to recover the original data.