Chapter 8

Question 1

What is the idea of employing multiple layers of controls to avoid a single-point-of-failure?

Answer 1

Defense-In-Depth. Foir example - using not only firewalls but also multiple authentication methods (passwords, tokens, and biometircs)

Question 2

ExplAin the time-based model of security

Answer 2

Implementing a combination of preventive, detective, and cocrective controls that protect information assets long enough to enbale an organization to recognize tht an attack is occuring and take steps to thwart it before any information is lost or compromised.

Question 3

Explain the P > D+C model in time-based security

Answer 3

P = Time is takes an attacker to break through an organization’s preventive controls. D is the time it takes to detect that attack is in prgress. C is the time it takes to respont and take corrective action, if P> D + C, then we good

Question 4

Basic steps used by criminals to attack system?

Answer 4

1. Conduct reconnaisance (learn as much as possible to identify weknesses)
2. Attempt social engineering (deception to gain unauthorizaed access to information.
3. Scan and map the target (if socialk engineeing didnt work, do more recon ton find potential points of remtoe entry)
4. Research - (once identified targets, conduct research to see what programs sued, then find weaknesses)
5. Execute attack
6. Cover the tracks (create “back dorrs” that can be sued to obtain access if initial attack is discovered

Question 5

See table 8-1 p. 233 for a summary of predictive, detective, and corrective IS controls

Answer 5

See table 8-1 p. 233 for a summary of predictive, detective, and corrective IS controls

Question 6

Examples of social engineering

Answer 6

over telephone (pretending to be an employee), spear phishing (sending e-mails as a relative and the employee opens a link to a virus), spreading USB’s around the driveway

Question 7

NIC’s are

Answer 7

Network Interface Cards - Unique identifiers on printers, workstations, or any computing device. They connects to the organizations internal network.

Question 8

A ___ ___ matrix is often used to implement authorization controls

Answer 8

Access control matrix - see figure 8-4 p 237. It should be updated regularly to reflect changes in job duties due to promotions or transfers, so a n employee wont accumulate rights and privileges not right for segregation

Question 9

What is the compatibility test

Answer 9

matching user’s authentication credentials against the access control matrix to determine

Question 10

Preventive Controls in regards to people?

Answer 10

Creation of a “securty-aware” culture

Training

Question 11

a limit check would be a

Answer 11

corrective control

Question 12

three types of credentials to uniquely identify users

Answer 12

1. biometic indentifiers
2. smart cards or ID badges
3. PIN’s and Passwords

Question 13

preventive controls from training people consists of

Answer 13

teaching people things like never divulging passwords, no piggybacking (letting people in), , teaching senior employees new things about teachnology. However, security training will only be effective if management clearly demonstrates that it supports employees who follow prescribed policies.

Question 14

Multifactor authentication vs multimodal authentication

Answer 14

Multifactor - used two or more TYPES of authentication in conjunction.

Multimodal - use the same type to achieve a greater level of security

Question 15

Authentication vs. Authorization

Answer 15

Authentication - Verifying the
identity of the person or device attempting to access the
system.

Authorization - the process of 
restricting access of authenticated users to specific portions 
of the system and limiting what 
actions they are permitted to 
perform.

Question 16

efficiency.
Like authentication controls, authorization controls can and should be applied not only
to people but also to devices. For example:

Answer 16

“example, including MAC addresses or digital certificates in the access control matrix makes it possible to restrict access to the payroll system and payroll
master files to only payroll department employees and only when they log in from their desktop or assigned laptop computer.”

Question 17

What is malware?

Answer 17

Malware (e.g., viruses, worms, keystroke logging software, etc.) is a major threat. Malware
can damage or destroy information or provide a means for unauthorized access.

Question 18

What might one be able to do with physical access to workstations?

Answer 18

“a keystroke logging device that captures a user’s authentication credentials,
thereby enabling the attacker to subsequently obtain unauthorized access to the system by
impersonating a legitimate user. Someone with unsupervised physical access could also insert
special “boot” disks that provide direct access to every file on the computer and then copy
sensitive files to a portable device such as a USB drive or an iPod. Alternatively, an attacker
with unsupervised physical access could simply remove the hard drive or even steal the entire computer.”

Question 19

Encryptions should be used for transmissions and ____ ___

Answer 19

data storage

Question 20

Define “Change control and change management”

Answer 20

the formal process used to ensure that modifications to hardware, software,
or processes do not reduce
systems reliability.

Question 21

Log analysis is the process of examining logs to idnetify evidence of possible attacks. It is especially important to analyze

Answer 21

failed attempys to log on / changes to the logs themsevles since they are not normally deleted or updated

Question 22

Intrustion Detection Systems (IDS) are

Answer 22

a system that creates
logs of all network traffic that
was permitted to pass the firewall and then analyzes those logs for signs of attempted or
successful intrusions.

Question 23

the team that deals with major security incidents are the

Answer 23

Computer Incident Response Team (CIRT)

1. Recognition
2. Containment
3. Recovery
4. Follow-up -

Steps may need to be taken to modify existing security policy and procedures to minimize the likelihood of a similar incident occurring in the future.

Question 24

Describe the CISO

Answer 24

who should be independent of other information
systems functions and should report to either the chief operating officer (COO) or the chief
executive officer (CEO). The CISO must understand the company’s technology environment
and work with the chief information officer (CIO) to design, implement, and promote sound
security policies and procedures. The CISO should also be an impartial assessor and evaluator of the IT environment. Accordingly, the CISO should have responsibility for ensuring
that vulnerability and risk assessments are performed regularly and that security audits are
carried out periodically.

Question 25

Exploits are

Answer 25

a program designed
to take advantage of a known
vulnerability.

Question 26

Patch management sounds simple, but why may it be difficult?

Answer 26

Patches represent modifications to already complex software. Consequently, patches sometimes create new problems
because of unanticipated side effects. Therefore, organizations need to carefully test the
effect of patches prior to deploying them; otherwise, they run the risk of crashing important
applications. Further complicating matters is the fact that there are likely to be multiple
patches released each year for each software program used by an organization. Thus, organizations may face the task of applying hundreds of patches to thousands of machines every
year.

Question 27

What is virtualization?

Answer 27

” running multiple
systems simultaneously on one
physical computer..”