CISSP 8 Domains Flashcards
Password Attacks falls under what doman?
Communication and Network Security Doman
What are the two kinds of Password Attacks?
1) Brute Force
2) Rainbow Table
Types of Social Engineering attacks
- Phishing
- Smishing
- Vishing-
- Whaling
- Social media phishing
- Business Email Compromise
- Watering hole attack
- USB baiting
- Physical social engineering
Social engineering attacks fall under what domain?
Security and Risk Management Domain
Physical Attacks fall under what domain?
Asset Security Domain
What are examples of physical attacks?
Malicious USB cable, Malicious flash drive, Card cloning and skimming
Adversarial artificial intelligence is a technique that…
manipulates
artificial intelligence and machine learning
technology to conduct attacks more efficiently.
Adversarial artificial intelligence falls under what domains?
1) communication and network security and
2) the identity and access management domains
Supply chain attack targets…
systems, applications, hardware, and/or software to locate a vulnerability where malware can be deployed. Because every item sold undergoes a process that involves third parties, this means that the security breach can occur at any point in the supply chain.
Supply chain attacks fall under which domain?
including but not limited to the security and risk management, security architecture and engineering, and security operations domains
Cryptographic attacks affect…
secure forms of communication between a sender and intended recipient. Some forms of cryptographic attacks are:
Birthday
Collision
Downgrade
Cryptographic attacks fall under which domain?
communication and network security domain
Threat Actor Types
- Advanced persistent threats
- Insider Threats
- Hacktivists
- Hackers (authorized/ethical hackers, semi auth/researchers, and unauth/enthical hackers)
Tasks associated with Security and Risk Management domain
Compliance, Defining security goals and objectives, business continuity.
Tasks associated with the security assessment and testing domain…
- Collecting and analyzing data
- Conducting security audits
- Auditing user permissions
Tasks associated with Identity and Access Management…
- Ensuring users follow established policies
- Controlling physical assets,
- Setting up an employees access keycard
Security Controls
Safeguards designed to reduce specific security risks
CIA Triad
A foundational model that helps inform how organizations consider risk when setting up systems and security policies
C- Confidentiality
I- Integrity
A- Availability
Security Frameworks
guidelines used for building plans to help mitigate risks and threats to data and privacy. They have four core components:
- Identifying and documenting security goals
- Setting guidelines to achieve security goals
- Implementing strong security processes
- Monitoring and communicating results
Examples of frameworks include…
the NIST Cybersecurity Framework (CSF) and
the NIST Risk Management Framework (RMF)
FedRAMP is a U.S. federal government program that standardizes security assessment, authorization, monitoring, and handling of cloud services and product offerings. Its purpose is to provide consistency across the government sector and third-party cloud providers.
Center for Internet Security (CIS®)
CIS is a nonprofit with multiple areas of emphasis. It provides a set of controls that can be used to safeguard systems and networks against attacks. Its purpose is to help organizations establish a better plan of defense. CIS also provides actionable controls that security professionals may follow if a security incident occurs.
General Data Protection Regulation (GDPR)
GDPR is a European Union (E.U.) general data regulation that protects the processing of E.U. residents’ data and their right to privacy in and out of E.U. territory.
Payment Card Industry Data Security Standard (PCI DSS)
PCI DSS is an international security standard meant to ensure that organizations storing, accepting, processing, and transmitting credit card information do so in a secure environment. The objective of this compliance standard is to reduce credit card fraud.
HIPPA
HIPAA is a U.S. federal law established in 1996 to protect patients’ health information. This law prohibits patient information from being shared without their consent. It is governed by three rules:
Privacy
Security
Breach notification
Security Frameworks
guidelines used for building plans to help mitigate risks and threats to data and privacy. They have four core components:
- Identifying and documenting security goals
- Setting guidelines to achieve security goals
- Implementing strong security processes
- Monitoring and communicating results
International Organization for Standardization (ISO)
ISO was created to establish international standards related to technology, manufacturing, and management across borders. It helps organizations improve their processes and procedures for staff retention, planning, waste, and services.
System and Organizations Controls (SOC type 1, SOC type 2)
The American Institute of Certified Public Accountants® (AICPA) auditing standards board developed this standard. The SOC1 and SOC2 are a series of reports that focus on an organization’s user access policies at different organizational levels such as:
Associate
Supervisor
Manager
Executive
Vendor
Others
They are used to assess an organization’s financial compliance and levels of risk. They also cover confidentiality, privacy, integrity, availability, security, and overall data safety. Control failures in these areas can lead to fraud.
International standpoint on counterattacks
a person or group can counterattack if:
The counterattack will only affect the party that attacked first.
The counterattack is a direct communication asking the initial attacker to stop.
The counterattack does not escalate the situation.
The counterattack effects can be reversed.
