Chapter 9 - Controls and Countermeasures Flashcards
What are the 3 factors to be considered when performing a Cost Benefit Analysis?
- Initial Cost
- Implementation Cost
- Compatibility Cost
- The cost to the end user should they be affected by the security control implemented
Countermeasures typically serve one of three goals, what are they?
Detective
- Detects threats when they occur such as IDS
Preventative
- prevents threats from happening such as fences or physical security controls
Corrective
- Failover sites/clusters should primary control fail such as firewall going down
What are directive controls?
Directive controls are controls that are required to be implemented by a higher power/authority.
What are the three different ways controls can be implemented?
Administrative Controls
- Written security policy and acceptable uses cases that employees are made aware of
Technical Controls
- Controls that have been implemented through technical means such as hardware/software
- disabling unused ports, whitelisting etc.
Physical Controls
- Physical security such as gates, barriers, fences etc.
What is a Policy?
A policy is a high-level authoritative document to provide guidance to members of staff.
A security policy will provide a high-level overview of what is to be expected from employees within an organization.
What is a Standard?
Standards are typically defined by common standardised practice/consensus within an industry.
TLS is the industry standard instead of SSL.
Standards are not authoritative but certainly shapes a company’s policy.
What are Procedures?
Procedures are specific steps an individual must follow when conducting an action that is accompanied with a procedure.
What are Guidelines?
Guidelines are suggestive recommendations, not authoritative or mandatory.
What is a Business Continuity Plan (BCP)?
A BCP helps and organization prepare for emergencies that can interrupt function/mission of the business.
What is a Business Impact Analysis (BIA)?
A BIA is conducted to determine the critical functions that are required for a business to operate.
What is a Disaster Recovery Plan?
A DRP identifies the necessary steps/resources required to recover critical systems and functions in the event of a disaster.
What is the main purpose of a Change and Configuration management process?
Change & Configuration management processes prevents any form of unintended, undocumented changes that could cause an outage.
Change & Configuration management makes it easy to track any changes that could have lead to an outage after the fact.
What are the steps involved in the patch management process?
- Evaluate Patch
- Determine which systems are in scope for the patch - Patch Testing
- Patch is tested on a small number of machines prior to wide roll out - Apply the Patch
- Patches can be automated through the use of SSCM or some other patching automation software - Auditing the Patch
- SSCM can provide a list of machines that have successfully received/failed the patch installation - Document the Patch
- The installation of the patch is documented for audit, compliance and logging reasons.
What is System Centre Configuration Management (SSCM)?
SSCM is a server application from Microsoft that can implement patches automatically across an entire estate.
SSCM can also verify successful/failed installation of patches.
What are Failover Clusters?
A Failover Cluster ensures service continuity by providing redundancy.
Two-Node cluster is a simple example where service is transferred to Node 2 should Node 1 fail.
This failover is automatic.