Chp 10: Cybersecurity tools, techniques and reporting Flashcards
What are the three levels of forensic analysis in cybersecurity?
- System level analysis - is the entire system affected or just certain parts
- Storage analysis - has any data stored by the organisation been affected?
- Network analysis - could the threat have come from an outside source?
What are the four steps suggested by the National Institute of Standard and Technology (NIST) for handling a cybersecurity breach?
- Prevention - try to reduce incidents, where possible, before they occur
- Detection and analysis - incidents need to be analysed, prioritised and communicated to the right people
- Containment, eradication and recovery - ensure you gather evidence before removing the threat, recovery would involve restoring data form back ups
- Post-incident activity - classic feedback loop, learn from the experience
What are the five steps the International Association of Chiefs of Police recommend when dealding with cybersecurity incidents?
- Assess the situation
- Conduct initial investigation
- Identify possible evidence
- Secure devices and obtain court orders
- Analyse results with prosecutors
What is decompilation and disassembly?
Decompilation - A form of reverse engineering that turns binary code into source code, which is much easier for humans to read
Disassembly - similar to the above but converts it into assembler or native code, which is harder for humans to read
What is White, Grey and Black-box testing?
Levels of penetration testing
- White-box allows testers access to the entire network and typically review how the system works
- Grey-box grants access up to a certain level
- Black-box provides no access and testers must find a way in themselves, thereofre assessing the output of the system. Typically takes longer and is therefore more expensive
What are the three tiers of software security?
- Tier 1 simply stops the cybersecurity attacks
- Tier 2 stops attacks and alerts security functions
- Tier 3 protects sensitive data, while stopping the attack and alerting security functions
What are the following acronyms?
IPSec
MIKEY-SAKKE
- IPSec - IP Security is a suite of protocols that provide secure, private communications across IP networks
- MIKEY-SAKKE - A protocol which allows organisations to provide secure communicatinos with end-to-end encryption
What are the five key features that the National Cyber Security Centre (NCSC) recommends for controlling, directing and communicating cyber security risk management activites?
- Covers how cybersecurity happens and who leads it
- Depends on the organisation (size regulation etc.)
- Link cybersecurity with organisational objectives
- Identifies individual(s) with responsibility for making security decisions
- System of feedback, empowermnet and accountability to ensure effective governance to existing arrangements
According to the NCSC what are the internal and external reporting requirements for cybersecurity risk management?
2 internal; 3 external
Internal
1. The organisations core values and why
2. The risk an organisation is prepared to make (and those they’re not)
External
1. The risk management and decision-making context
2. What needs to be protected and why
3. The reliance placed on one party by another when protecting it’s assets (SLA)
What are the three components for comparative purposes of the SOC for cybersecurity framework?
- Decription criteria - managment describes the CRMP
- Control criteria - management assess the effectiveness of the controls used
- Attestation - independent certified accountants provide their opinion on the above two criteria
What would be in a SOC for cybersecurity report?
3 items
- Description of CRMP, in line with agreed description criteria
- Written assertion by managemend that: the description is in line; controls were effective in achieving security objectives
- Opinion from certified accountant that: description is in line; controls were effective
What is the difference between SOC 2 and SOC?
4 points
SOC 2 is similar but is porduced by service organisations
- intended for users to assesss their service organisations controls
- Specific SOC 2 criteria that must be used and are reviewed by a certified accountant
- Description criteria includes types of services provided, the system used and the boundaries of the system
- Written assertion by management that the design and controls were effective
How does a SOC 2 report differ from a SOC report?
Also includes a detailed list of all the tests that were carried out