Chapter 9: Implementing Controls to Protect Assets Flashcards
What is a Physical Security Control?
A safeguard to protect physical locations and assets from unauthorized access.
What are some examples of Physical Security Controls?
Perimeter, Buildings, Secure Work Areas, Server Rooms, and Hardware.
What are Access Badges?
A physical card used to authenticate and allow entry into secured locations.
What are Security Guards?
They monitor, enforce access, and respond to physical security threats.
What is Video Surveillance?
Monitoring and recording physical spaces to detect and deter unauthorized access.
What are sensors?
Devices that detect changes and trigger alerts for potential intrusions or anomalies.
What is a Motion Sensor?
Detects movements within its coverage zone and can trigger an alert.
What is Noise Detection?
Device that detects unexpected or abnormal sounds that may indicate a breach.
What is an Infrared Sensor?
A device that can detect heat signatures from bodies or objects.
What is a Pressure Sensor?
A device that can detect changes in weight or force in an area.
What is a Microwave Sensor?
A device that can sense motion by detecting changes in reflected microwaves.
What is an Ultrasonic Sensor?
A device that uses sound waves to detect movement.
What are Access Control Vestibules?
A secure area with two doors to control entry, allowing one person through at a time.
What is Asset Management?
Keeping records of devices and systems to ensure accountability and security.
What is Acquisition/Procurement?
Buying and onboarding assets following security policies.
What is Assignment/Accounting?
Assigning responsibility for assets to users or teams.
What is Monitoring and Asset Tracking?
Monitoring the location and state of assets to prevent loss or misuse.
What is Hardware Asset Management?
Tracking and maintaining physical devices to ensure proper use and security.
What can an effective asset management system help reduce?
Architecture and design weaknesses and system sprawl and undocumented assets.
What is Software Asset Management (SAM)?
The process of tracking and managing software licenses, installations, and compliance to avoid legal and financial risks.
What is Defense in Path? AKA layered security.
A cybersecurity strategy that uses multiple layers of security controls to protect against threats, so if one layer fails, others still protect the system.
What is Data Asset Management?
Managing data as an asset by identifying, categorizing, and protecting it throughout its lifecycle.
What are some example implementations of layered security?
Vendor diversity, Technology diversity, and Control Diversity.
What is Skimming?
A method where attackers secretly install a device to capture credit/debit card data during legitimate transactions.
What is Card Cloning?
Creating a duplicate of a legitimate card using data stolen via skimming or other techniques.
What are Brute Force Attacks?
An attack that repeatedly tries different combinations of passwords or encryption keys until the correct one is discovered.
What is a Single Point of Failure?
A critical part of a system that, if it fails, causes the whole system or service to become unavailable.
What are Environmental Attacks?
Non-human threats like fire, flood, or power loss that can damage systems and interrupt operations.
What is Redundancy?
The duplication of critical system components to ensure services continue if one part fails.
What is Fault Tolerance?
A system’s ability to remain operational even after a failure in one or more components.
What are some Single Points of Failure examples?
Disks, Servers, Power, and Personnel.
What is the Redundant Array of Inexpensive Disks (RAID)?
A data storage virtualization method that combines multiple physical drives for performance and redundancy.
What is RAID-0 (stripping)?
Splits data across drives to increase speed; no redundnacy–if one disk fails, all data is lost.
What is RAID-1 (mirroring)?
Duplicates data on two disks for redundancy; provides fault tolerance but sues twice the storage.
What is Disk Duplexing?
RAID-1 variation where each drive has its own controller; it improves performance and fault tolerance.
What is RAID-5?
Stripes data with distributed parity across 3+ disks; allows one disk to fail without data loss.
What is RAID-6?
Like RAID-5 but with no parity blocks; can survive two simultaneous disk failures.
What is RAID-10? AKA RAID-1+0.
Combines mirroring and stripping; requires at least 4 disks; fast and fault-tolerant.
What is High Availability?
System design approach ensuring continuous operation and minimal downtime.
What is a Load Balancer?
Distributes traffic across multiple servers to ensure availability and improve performance.
What is Clustering?
Group of connected computers working as a single system to provide redundancy and load distribution.
What is an Active/Active Load Balancer?
All servers handle traffic simultaneously; maximizes resource usage and performance.
What is an Active/Passive Load Balancer?
Primary server handles traffic; backup server takes over if the primary server fails.
What is NIC Teaming?
Combines multiple network interface cards to increase bandwidth or provide failover.
What is Backup Media?
Physical or digital devices used to store backup data (tape drives, hard disks, SSDs).
What are other types of media used to store backups?
Disks, Network-attached Storage (NAS), Storage Area Network (SAN), and Cloud Storage.
What is Network-attached Storage (NAS)?
A storage device connected to a network that allows multiple users to retrieve and store data centrally.
What is Cloud Storage?
Data storage hosted on the Internet by third-party providers, accessible from anywhere.
What are some examples of power supplies that provide redundancy?
Uninterruptible power supplies (UPSs), Dual Supply, Generators, and Managed Power Distribution Units (PDUs).
What are Offline Backups?
Backups stored on devices not connect to the network to prevent cyber threats.
What is Storage Area Network (SAN)?
A dedicated network that provides block-level storage to servers, used for high-performance, large-scale storage needs.
What are Online Backups?
Backups done while the system is running, ensuring continuous availability during the backup process.
What are Full backups?
A complete copy of all data, serving as the foundation for other backup types.
What are Differential Backups?
A backup of all changes made since the last full backup.
What are Incremental Backups?
A backup of changes made since the last backup of any type.
What are Snapshot and Image Backups?
Snapshot captures the system’s state; image backup includes the entire system for full restoration.
What is the process for conducting an Differential Backup?
Backup data changed since the last full backup.
What is the process for conducting a Full Backup?
- Select all data to back up.
- Prepare backup destination.
- Start a full data copy.
- (Optional) Verify integrity.
- Log and schedule next backup.
What is Replication?
The process of duplicating data to another location for redundancy.
What is Journaling?
Logging data changes before applying them to help with recovery and integrity.
What is the process for conducting an Incremental Backup?
Backup only the data changed since the last backup (of any type).
When it comes to backups, what are some important geographic considerations to take into account?
Offsite vs onsite storage, Distance, Location Selection, Legal Implications, Data Sovereignty, and Encryption.
What is a Business Continuity Plan (BCP)?
A documented strategy to maintain critical operations during and after a disruption.
What is a Business Impact Analysis (BIA)?
An evaluation that identifies how disruptions affect critical operations and outlines potential impacts.
What are Mission-essential Functions?
Core business operations must must continue or quickly resume after a disruption.
What is Site Risk Assessment?
An evaluation of physical sites to identify threats that may disrupt operations.
What is Recovery Time Objective (RTO)?
The max time a system can be down before recovery must occur.
What is Recovery Point Objective (RPO)?
The max acceptable data loss in time (e.g last 4hrs of data).
What is Site Resiliency?
The capability of a location to continue operating during/after a disruption.
What is Mean Time Between Failures (MTBF)?
The average time a system operates before failing.
What is Mean Time to Repair (MTTR)?
The average time it takes to fix a failure and restore service.
What is Continuity of Operations Planning (COOP)?
A plan that ensures essential functions continue during emergencies.
What is a Recovery Site?
A location used to recover and restore business operations during a disaster.
What is Failover?
Automatic switching to a backup system or site when a primary system fails.
What is Geographic Dispersion?
Placing backup systems in physically separate locations.
What is a Hot Site?
A fully functional operational recovery site with real-time data replication.
What is a Cold Site?
A site with infrastructure but no active data or systems.
What is a Warm Site?
A partially equipped recovery site with updated backups and hardware.
What is a Disaster Recovery Plan (DRP)?
A documented strategy to restore IT systems and data after a disruption.
What are the different phases of a DRP?
Active DRP, Implement Contingencies, Recover Critical Systems, Test Recovered Systems, After-Action Report.
What are Tabletop Exercises?
A discussion-based simulation to test plans and roles without real systems.
What is a Simulation?
Hands-on training that imitates disaster scenarios without real system interruption.
What is Parallel Processing?
Running systems simultaneously at a backup site to mirror production.
What is a Failover Test?
Intentional switching to a backup system/site to verify readiness.
What is Capacity Planning?
Forecasting resource needs (CPU, RAM, storage, bandwidth, people) for growth or failure.
What are the three typical areas that businesses should conduct Capacity Planning?
People, Technology, and Infrastructure.
