Code of Ethics + steps to remember + forumulas

Question 1

what is the code ethics preamble

Answer 1

• The safety and welfare of society and the common good, duty to our principals, and to each other, requires that we adhere, and be seen to adhere, to the highest ethical standards of behavior.
• therefore, strict adherence to this Code is a condition of certification

Question 2

list the code of ethics

Answer 2

• protect society, the common good, necessary public trust and confidence, and the infrastructure.
• Act honorably, honestly, justly, responsibly, and legally
• . provide diligent and competent service to principals
• advance and protect the profession

Question 3

list computer ethics institute ten commandments of computer ethics

Answer 3

• thou shalt not use a computer to harm other people
• thou shalt not interfere with other people’s computer work
• thou shalt not snoop around in other people’s computer files
• thou shalt not use a computer to steal
• thou shalt no use a computer to bear false witness
• thou shalt not copy or use proprietary software for which you have not paid
• thou shalt use other people’s computer resources without authorization or proper compensation
• thou shalt not appropriate other people’s intellectual output
• thou shalt think about the social consequences of the program you are writing or the system you are designing
• thou shalt always use a computer in ways that ensure consideration and respect for the fellow humans

Question 4

NIST 800-37 - Risk Management framework steps

Answer 4

1. Prepare - to execute the RMF
2. Categorize - BIA
3. Select - select controls
   4.Implement - implement security contols
   5.Assess - assess the security controls
   6.Authorize - upper mananagment authorize the controls
   7.monitor - monitory and evaluate the controls

Question 5

quantitative risk analysis steps

Answer 5

1. Inventory Assets - assign a value (AV)
2. identify threats - produce a list of all threats of assets ( EV and SLE)
3. perform a threat analysis - calculate the likelyhood of each threat per year (ARO)
4. estimage the potentional anual loss - (ALE)
5. reaserch countermeasures for each threat - calculate ARO and ALE vs the applied countermeasures
6. perform cost benefit analysis - anual cost of countermeasure, can not exced ALE for each threat

Question 6

forumal for controls gap

Answer 6

• total risk - controls gap (reduced risk after applying control) = residual risk
• controls gap - amount of risk reduced by implementing safeguards

Question 7

stride steps

Answer 7

1. spoofing
2. tampering
3. repudiation (reject)
4. information disclosure
5. denial of service
6. elevation of privilege

Question 8

Threat model PASTA steps (countermeasures based on asset value)

Answer 8

Stage I: Definition of Objectives
Stage II: Definition of Technical Scope
Stage III: App Decomposition & Analysis
Stage IV: Threat Analysis
Stage V: Weakness & Vulnerability Analysis
Stage VI: Attack Modeling & Simulation
Stage VII: Risk Analysis & Management

Question 9

Threat model VAST

Answer 9

• Visual
• Agile
• Simple
• Threat

Question 10

threat model DREAD steps

Answer 10

1. Damage potential
2. Reproducibility
3. Exploitability
4. Affected users
5. Discoverability

Question 11

Incident managment framework
* per ISC2*

Answer 11

1. Preparation - prepare for an incident (what is your team, what are the steps, define roles, communication process etc.)
2. Detect - discover the incident
3. Response - incident response team goes into action
4. mitigation - contain the damage and scope of the incident
5. reporting - if needed send details to senior management or regulatory authorities
6. recovering - restore the system back to the original state, maybe reimage the server.
7. remediation - root cause analysis to fix/patch the server to prepare for future attacks.
8. lessens learned - review and document for improvements in case of future attacks.

mnemonic (PDRMRRRL)

Question 12

capability maturity model (SW-CMM)
* software developement maturity*

Answer 12

1. intial (no plan)
2. repeatable (lifecycle management)
3. defined (formal documented SW dev process)
4. managed ( quantitive measures to gain understanding)
5. optimized (continunous development w/ feedback loops)

Question 13

IDEAL model

Answer 13

1. Initating - business reason outlined
2. Diagnosing - engineers make recommendations for change
3. Establishing - org take recommendations and devlops a plan
4. Acting - plan put into action. solution developed, test, refine and implement
5. Learning - continuously analyze efforts, propose to actions do drive better results

Question 14

data lifecycle

Answer 14

1. create
2. store
3. use
4. share
5. archive
6. destroy

Question 15

information lifecycle

Answer 15

1. creation - created by user or system
2. clasification - classify data to ensure proper handling and authorization
3. storage
4. usage
5. archive - per regulatory or org retention policy
6. destruction - when data is no longer needed, it should be destroyed

Question 16

patch management process

Answer 16

1. evaluate patches
2. test patches
3. approve the patches
4. deploy the patches
5. verify the patches are deployed (vulnerability scanning)

Question 17

Evidence types (steps?)

Answer 17

1. Best - original
2. secondary evidence - copy
3. direct evidence - proves or disproves based off the 5 senses
4. conclusive - incontrovertible, this overrides all other evidence
5. circumstanstantial - inference from other information
6. corroborative evidence - supporting evidence but can’t stand on its own
7. opinions - expert and non-expert
8. hearsay - not based on first-hand knowledge

Question 18

Business continuity planning (BCP) steps
per NIST 800-34 rev 1

Answer 18

1. Develop a business continuity policy
2. conduct a BIA
3. identify preventative controls
4. create contingency strategies
5. develop a system/IT contingency plan
6. perform DRP training and testing
7. Perform BCP/DRP maintenance

GOAL: efficient response to enchance a company’s ability to recover from a disruptive event promptly

Question 19

ways to test your disaster recovery plan
5 ways

Answer 19

1. read-through
2. structured walk-through
3. simulation test – still a “walk through” nothing physical has been shutdown yet
4. parallel test
5. full interruption test

Question 20

to enforce the integrity of a database data, there is a standard set of properties. the Mnemonic is ACID. what are these properties

Answer 20

• Atomicity - if any part of a transaction fails, the entire transaction fails
• Consistency - updates to the database are consistent with the rules. the rules of the database are enforced
• Isolation - one transaction must be complete before another transaction can modify that same data
• durability - once transactions are commited to the database, they will be preserved.

Question 21

Common Criteria testing (ISO 15408) process

Answer 21

1. Description of assets
2. identification of threats
3. analysis and rating of threats
4. Determination of security objectives
5. Selection of security functional requirements
6. (repeat)

Question 22

NIST cybersecurity framework core functions

Answer 22

1. Identify - asset managment, governance risk assessment
2. Protect - access control, awareness, data security
3. Detect - anomalies, monitoriing, detection processes
4. Respond - response planning, communication, analysis
5. Recover - recovery planning, improvements, lessons learned

Question 23

BIA consists of two steps

Answer 23

1. business continuity team works with management to identify critical business functions
2. the team continues to work with management to determine measures of impact and acceptable and achievable recovery milestones

Note: a critical business function is required for continued business operations. this includes customer facing and internal functions like payroll

Question 24

RTO and WRT MTD clarification

Answer 24

RTO - lenght of time needed or expected to achieve the recovery point objective (recoverying backups from the the point of RPO) the is going to be some data loss
* minimum operational capability expected by the function owner

WRT - the time to re-enter information or transactions that were lost due to the age of the restored backup
* the time from the minimum operational capability restored at teh RTO to full functional operability
* at the end of WRT the business functions are fully restored

RTO + WRT is equal to or less than MTD

Question 25

BCP step 1 is what and whats is involved

Answer 25

1. policy statement
   * managemen support
   * roles and responsibilities
   * policy scope
   * training, testing

Question 26

BCP step 2
what is it
what is involved

Answer 26

2. BIA
   * sets prioritization
   * identifies qualitatiave or quantitative impact
   * requires identification of critical business functions

Question 27

BCP step 3
is what
what is involved

Answer 27

3. ID preventative controls
   * manage MTBF (mean time between failure)
   * implement redundancy
   * offsite storage of backup media or cloud
   * cryptographic key management

Question 28

BCP step 4
is what
what is involved

Answer 28

4. Create contingency strategies
   * this enables recover within the RTO and MTD
   * backup and recovery strategies
   * alternate sites for recovery
   * cold, warm, hot, mobile, mirrored sites
   * vendor agreements
   * spare sites

Question 29

BCP step 6
is what
what is involved

Answer 29

6. Train and Test
   * Recover team identification
   * training
   * table and recovery site exercises
   * plan is improved as gaps are found during testing

Question 30

BCP rcover team
might include who

Answer 30

• coordinatior
• OS admins
• Network engineers
• Comm team
• legal
• outage assessor
• server engineer
• DBAs
• media relations
• procurement

Question 31

BCP step 7
is what
what is involved

Answer 31

7. Maintain the plan
   * changes that effect the BCP
   * system changes
   * business funcitons added/changed
   * integrate BCP maintenance into change management

Question 32

NIST 800-34 - guide to contingency planning - what types of plans might be part of your contingency planning

Answer 32

• BCP
• COOP (continuity of operations)
• crisis communications plan
• critical infrastrucutre protection plan (CIP)
• cyber incident respons plan
• disaster rcover plan (DRP)
• occupant emergancy plan (OEP)

Question 33

Continuity of Operations (COOP)

Answer 33

• the plan for continuing to do business until the IT infrastructure can be restored
• sustains critical business functions up to 30 days at alternate site or systems

Question 34

crisis communications plan

Answer 34

• internal and external communications capabilities
• who is contacted and when

Question 35

critical infrastructure protection plan

Answer 35

• polices and procedures that identify and manage the necessary infrastrucure that enable critical business functions
• includes managing single points of failure and availability of replacement infrastructure where and when needed to meet recovery time objectives

Question 36

cyberincident response plan

Answer 36

• mitigation and recovery from security incidents
• addresses
• indentification
• analyssi
• containment
• eradication
• recovery
• post incident activities

Question 37

DRP attributes

Answer 37

• the plan for recovering from an IT disaster and having the IT infrastructure back in operation.
• catastrophic event takes down muitiple or all of Critical business functions that cant be reovered in the MTD
• relocation of systems possibly
• activated for major, long term interruptions (could be more than 30 days)

Question 38

system contingency plan

Answer 38

• needed for each critical system to support other sub plans, like coop and drp

Question 39

Occupant Emergency plan
human life is the MOST important

Answer 39

• minimize human injury and loss of life
  —possibly reducing sctructural damage to prevent injury—
• focuses on the type of incident
• related to the coop and disaster recovery plan

Question 40

the difference between brute force and dictionary attack?

Answer 40

• brute force - a large number of possibly key permutations are checked (every possibly combination) take a lot longer
• dictionary - “a type of brute force” only the words with the most possibilities of success are checked - less time consuming

Question 41

sniffer the network to collect passwords to use later as an attack would be what type of attack

Answer 41

1. replay attack

Question 42

STRIDE threat modeling methodology steps and attributes

Answer 42

1. Spoofing (identity) - impersonating someone else to the computer
2. Tampering (with data) - malicious modification of data
3. Repudiation - *ability for a user can deny performing that action with no proof *
4. Information disclosure - expsure of data to unauthorized entities
5. Denial of service -
6. elevation of privileges

Question 43

PASTA threat modeling methodology attributes

Answer 43

• 7 steps that aligns with business requirements technical requirements and compliance expectations
• process identifies and assesses threat and attack patterns
• process for attack simulation and threat analysis

Question 44

OCTAVE threat modeling methodology

Answer 44

• operationally
• critical
• threat
• asset and
• vulnerability
• evalution

Question 45

octave threat modeling has 3 phases

Answer 45

• risk-based strategic assessment and planning technique for security

Question 46

octave threat modeling 3 phases

Answer 46

1. oraganizational view
   * assets
   * threats
   * current practices
   * organization vulnerabilities
   * security requirements
2. Technological view
   * key components
   * technical vlunerabilities
3. STragegy and plan development
   * risks
   * protection stragety
   * mitication plans

Question 47

NIST 800-192 is what

Answer 47

• verification and test methods for access control policies/models
• definitions and guidance on how to identify requiremnts for an access control model to apply to a specific system or organization

Question 48

CISSP Mindset for the exam

Answer 48

Exam mindset

Question 49

OSI model - Kelly H

Answer 49

OSI

Question 50

stragetic plan attributes

Answer 50

• highest level
• typically 5 years
• organizational policies, vision, goals, missions, objectives long term
• human safety
• business continuity
• protect profits, reduce liability and risk

CISO live here

Question 51

tactical plans attributes

Answer 51

• usaually 1 year
• standards fall in here

IT Director and Manger live her

Question 52

operational attributes

Answer 52

• short term
• implement and operate

IT Engineer live here

Question 53

remember

Answer 53

this

Question 54

SDLC from shon harris and technical institue of america youtube

Answer 54

remember this one

Question 55

incident management frame work - step 1
what is it and what does it involve

Answer 55

1. Preparation - prepare for an incident (what is your team, what are the steps, define roles, communication process etc.)

Question 56

incident management framework step 2
what is it in and what does it involve

Answer 56

2. Detect - discover the incident

Question 57

incident management framework step 3
what is it in and what does it involve

Answer 57

3. Response - incident response team goes into action

Question 58

incident management framework step 4
what is it in and what does it involve

Answer 58

4. mitigation - contain the damage and scope of the incident

Question 59

incident management framework step 5
what is it in and what does it involve

Answer 59

5. reporting - if needed send details to senior management or regulatory authorities

Question 60

incident management framework step 6
what is it in and what does it involve

Answer 60

6. recovering - restore the system back to the original state, maybe reimage the server.

Question 61

incident management framework step 7
what is it in and what does it involve

Answer 61

7. remediation - root cause analysis to fix/patch the server to prepare for future attacks.

Question 62

incident management framework step 8
what is it in and what does it involve

Answer 62

8. lessens learned - review and document for improvements in case of future attacks.

Question 63

software assurance maturity model (SAMM)

Answer 63

1. governance
   * metrics, policy, compliance, education, guidance
2. Design
   * security - threat assessment - threat modeling, security architecture
3. Implementation
   * design - secure build, secure deployment, defect management practices
4. Verification
   * architecture testing, requirements driven testing, security testing
5. Operations
   * maintain security throughout lifecycle - incident management, environment and operational management