Chapter 9 - Controls and Countermeasures Flashcards
What are the 3 factors to be considered when performing a Cost Benefit Analysis?
- Initial Cost
- Implementation Cost
- Compatibility Cost
- The cost to the end user should they be affected by the security control implemented
Countermeasures typically serve one of three goals, what are they?
Detective
- Detects threats when they occur such as IDS
Preventative
- prevents threats from happening such as fences or physical security controls
Corrective
- Failover sites/clusters should primary control fail such as firewall going down
What are directive controls?
Directive controls are controls that are required to be implemented by a higher power/authority.
What are the three different ways controls can be implemented?
Administrative Controls
- Written security policy and acceptable uses cases that employees are made aware of
Technical Controls
- Controls that have been implemented through technical means such as hardware/software
- disabling unused ports, whitelisting etc.
Physical Controls
- Physical security such as gates, barriers, fences etc.
What is a Policy?
A policy is a high-level authoritative document to provide guidance to members of staff.
A security policy will provide a high-level overview of what is to be expected from employees within an organization.
What is a Standard?
Standards are typically defined by common standardised practice/consensus within an industry.
TLS is the industry standard instead of SSL.
Standards are not authoritative but certainly shapes a company’s policy.
What are Procedures?
Procedures are specific steps an individual must follow when conducting an action that is accompanied with a procedure.
What are Guidelines?
Guidelines are suggestive recommendations, not authoritative or mandatory.
What is a Business Continuity Plan (BCP)?
A BCP helps and organization prepare for emergencies that can interrupt function/mission of the business.
What is a Business Impact Analysis (BIA)?
A BIA is conducted to determine the critical functions that are required for a business to operate.
What is a Disaster Recovery Plan?
A DRP identifies the necessary steps/resources required to recover critical systems and functions in the event of a disaster.
What is the main purpose of a Change and Configuration management process?
Change & Configuration management processes prevents any form of unintended, undocumented changes that could cause an outage.
Change & Configuration management makes it easy to track any changes that could have lead to an outage after the fact.
What are the steps involved in the patch management process?
- Evaluate Patch
- Determine which systems are in scope for the patch - Patch Testing
- Patch is tested on a small number of machines prior to wide roll out - Apply the Patch
- Patches can be automated through the use of SSCM or some other patching automation software - Auditing the Patch
- SSCM can provide a list of machines that have successfully received/failed the patch installation - Document the Patch
- The installation of the patch is documented for audit, compliance and logging reasons.
What is System Centre Configuration Management (SSCM)?
SSCM is a server application from Microsoft that can implement patches automatically across an entire estate.
SSCM can also verify successful/failed installation of patches.
What are Failover Clusters?
A Failover Cluster ensures service continuity by providing redundancy.
Two-Node cluster is a simple example where service is transferred to Node 2 should Node 1 fail.
This failover is automatic.
What are the two different types of load balancing?
Round Robin Distribution
- Req 1 = server 1
- Req 2 = server 2
Source Address Affinity
- Sessions that require connection to the same server such as transactions.
What is a Full Back Up?
A Full Back Up backs up the entire data set at predefined intervals.
Works well for small data sets but can be cumbersome on larger data sets.
What is Full/Incremental Back up?
Full Incremental Back up backs up data based on what has changed since the last back up.
A full back up is taken in the beginning of a cycle and from then on, backs up data only on what has been changed.
What is Full/Differential Back up?
No Full back up at the beginning of a cycle, instead only backs up changes made to the data.
What is Image Based Backup?
An Image Based backup is when images of a system is taken as back up so that it can be reverted or replicated to a last known good state.
Full image back ups are typically taken prior to a significant change and outage is expected.
What is BYOD?
Bring Your Own Device
What is CYOD?
Choose Your Own Device
- user chooses from an approved list of devices
What is COPE?
Corporate owned, personally enabled
- What work does now
