Chapter 9: Implementing Controls to Protect Assets Flashcards
____ ____ (or defense in depth) employs multiple layers of security to protect against threats. Personnel constantly monitor, update, add to, and improve existing security controls.
Layered security
____ diversity is the use of different security control types, such as technical controls, administrative controls, and physical controls.
Control
____ diversity is the practice of implementing security controls from different vendors to increase security.
Vendor
____ security controls are controls you can physically touch. They often control entry and exit points, and include various types of locks.
Physical
An____ is a physical security control that ensures that a computer or network is physically isolated from another computer or network.
airgap
Controlled areas such as data centers and server rooms should only have a single ____ and ____ point. Door lock types include cipher locks, proximity cards, and biometrics.
entrance and exit
A ____ ____ can electronically unlock a door and helps prevent unauthorized personnel from entering a secure area. By themselves, they do not identify and authenticate users. Some systems combine them with PINs for identification and authentication.
proximity card
____ occurs when one user follows closely behind another user without using credentials.
Tailgating
A ____ can prevent tailgating.
mantrap
____ ____ are a preventive physical security control and they can prevent unauthorized personnel from entering a secure area. A benefit is that they can recognize people and compare an individual’s picture ID for people they don’t recognize.
Security guards
Cameras and ___-___ ___ ____ provide video surveillance. They provide reliable proof of a person’s identity and activity.
closed-circuit television (CCTV) systems
Fencing, lighting, and alarms are commonly implemented with motion detection systems for physical security. ____ motion detection systems detect human activity based on the temperature.
Infrared
____ provide stronger physical security than fences and attempt to deter attackers.
Barricades
_____ are effective barricades that allow people through, but block vehicles.
Bollards
____ ____ secure mobile computers such as laptop computers in a training lab.
Cable locks
____ ____ include locking cabinets or enclosures within a server room.
Server bays
____ ____processes protect against vulnerabilities related to architecture and design weaknesses, system sprawl, and undocumented assets.
Asset management
_____ ____ and ___ ______ systems control airflow for data centers and server rooms. Temperature controls protect systems from damage due to overheating.
Heating, ventilation, and air conditioning (HVAC)
___ and ____ aisles provide more efficient cooling of systems within a data center.
Hot and cold
___ ____ prevents problems from EMI sources such as
fluorescent lighting fixtures. It also prevents data loss in twisted-pair cables.
EMI shielding
A ____ ____ prevents signals from emanating beyond a room or enclosure.
Faraday cage
A ___ ____ __ ____ is any component that can cause the entire system to fail if it fails.
single point of failure
____ disk subsystems provide fault tolerance and increase availability. ____ (mirroring) uses two disks. ____ uses three or more disks and can survive the failure of one disk. ____ and ____ use four or more disks and can survive the failure of two disks.
RAID
RAID-1
RAID-5
RAID-6 and RAID-10
Load balancers spread the processing load over multiple servers. In an ____-____ configuration, all servers are actively processing requests. In an ____-____ configuration, at least one server is not active, but is instead monitoring activity ready to take over for a failed server. Software-based load balancers use a virtual IP.
active- active
active-passive
____ ____ sends client requests to the same server based on the client’s IP address. This is useful when clients need to access the same server for an entire online session. Round-robin scheduling sends requests to servers using a predefined order.
Affinity scheduling
____ strategies include full, full/differential, full/incremental, and snapshot strategies. A ____ backup strategy alone allows the quickest recovery time.
Backup
full
____/____ backup strategies minimize the amount of time needed to perform daily backups.
Full/incremental
____ ____ verify the integrity of backups and that it can be restored in its entirety.
Test restores
Backups should be ____ to identify the contents. A copy of backups should be kept ____-____.
labeled
off-site
The data contained in the backups can have legal implications. If it includes ___ ___ ___ or ___ ___ ___, it must be protected according to governing laws.
Personally Identifiable Information (PII) or Protected Health Information (PHI)
The location of the data backups affects the data ____. If backups are stored in a different country, the data on the backups is now subject to the ___ and _____ of that country.
sovereignty
laws and regulations
A ____ ____ ____ is part of a business continuity plan (BCP) and it identifies mission-essential functions, critical systems, and vulnerable business processes that are essential to the organization’s success.
business impact analysis (BIA)
The ___ ___ ____ identifies maximum downtimes for critical systems and components. It considers various scenarios that can affect these systems and components, and the impact to life, property, safety, finance, and reputation from an incident.
business impact analysis (BIA)
A ____ _____ assessment identifies if a system processes data that exceeds the threshold for PII. If the system processes PII, a privacy impact assessment helps identify and reduce risks related to potential loss of the PII.
privacy threshold
A ____ ____ ____ identifies the maximum amount of time it should take to restore a system after an outage. The ____ ___ ____ refers to the amount of data you can afford to
lose.
recovery time objective (RTO)
recovery point objective (RPO)
____ ____ ___ ____ identifies the average (the arithmetic mean) time between failures.
Mean time between failures (MTBF)
The ____ ____ ___ ____ identifies the average (the arithmetic mean) time it takes to restore a failed system.
mean time to recover (MTTR)
____ of _____ planning identifies alternate processing sites and alternate business practices.
Continuity of operations
____ ____ provide alternate locations for business functions after a major disaster.
Recovery sites
A ___ site includes everything needed to be operational within 60 minutes. It is the most effective recovery solution and the most expensive.
hot
A ____ site has power and connectivity requirements and little else. It is the least expensive to maintain.
cold
____ sites are a compromise between hot sites and cold sites.
Warm
Periodic testing validates continuity of operations plans. Exercises validate the steps to restore individual systems, activate alternate sites, and document other actions within a plan. _____ exercises are discussion-based only. _____ exercises are hands-on exercises.
Tabletop
Functional