Course 2 - Play it Safe: Manage Security Risks Flashcards
The web is actually an interlinked network of online content that’s made up of three layers: _____ _______ and ___________.
the surface web, the deep web, and the dark web.
The ____________ is the layer that most people use. It contains content that can be accessed using a web browser.
surface web
The _________ generally requires authorization to access it. An organization’s intranet is an example of the deep web, since it can only be accessed by employees or others who have been granted access.
deep web
The _____________ can only be accessed by using special software. The dark web generally carries a negative connotation since it is the preferred web layer for criminals because of the secrecy that it provides.
dark web
Now, let’s discuss three key impacts of threats, risks, and vulnerabilities.
1.financial impact.—– When an organization’s assets are compromised by an attack, such as the use of malware, the financial consequences can be significant for a variety of reasons. These can include interrupted production and services, the cost to correct the issue, and fines if assets are compromised because of non-compliance with laws and regulations.
2.identity theft——- Organizations must decide whether to store private customer, employee, and outside vendor data, and for how long. Storing any type of sensitive data presents a risk to the organization. Sensitive data can include personally identifiable information, or PII, which can be sold or leaked through the dark web. That’s because the dark web provides a sense of secrecy and threat actors may have the ability to sell data there without facing legal consequences.
3.organization’s reputation———- A solid customer base supports an organization’s mission, vision, and financial goals. An exploited vulnerability can lead customers to seek new business relationships with competitors or create bad press that causes permanent damage to an organization’s reputation. The loss of customer data doesn’t only affect an organization’s reputation and financials, it may also result in legal penalties and fines. Organizations are strongly encouraged to take proper security measures and follow certain protocols to prevent the significant impact of threats, risks, and vulnerabilities. By using all the tools in their toolkit, security teams are better prepared to handle an event such as a ransomware attack.
What are the 7 steps in the RMF
RMF - Step one
PREPARE
Prepare refers to activities that are necessary to manage security and privacy risks before a breach occurs. As an entry-level analyst, you’ll likely use this step to monitor for risks and identify controls that can be used to reduce those risks.
RMF - Step Two
CATEGORIZE
categorize, which is used to develop risk management processes and tasks. Security professionals then use those processes and develop tasks by thinking about how the confidentiality, integrity, and availability of systems and information can be impacted by risk. As an entry-level analyst, you’ll need to be able to understand how to follow the processes established by your organization to reduce risks to critical assets, such as private customer information.
RMF - Step Three
SELECT
Select means to choose, customize, and capture documentation of the controls that protect an organization. An example of the select step would be keeping a playbook up-to-date or helping to manage other documentation that allows you and your team to address issues more efficiently.
RMF - Step Four
IMPLEMENT
Implement security and privacy plans for the organization. Having good plans in place is essential for minimizing the impact of ongoing security risks. For example, if you notice a pattern of employees constantly needing password resets, implementing a change to password requirements may help solve this issue.
RMF - Step Five
ASSESS
Assess means to determine if established controls are implemented correctly. An organization always wants to operate as efficiently as possible. So it’s essential to take the time to analyze whether the implemented protocols, procedures, and controls that are in place are meeting organizational needs. During this step, analysts identify potential weaknesses and determine whether the organization’s tools, procedures, controls, and protocols should be changed to better manage potential risks.
RMF - Step Six
AUTHORIZE
Authorize means being accountable for the security and privacy risks that may exist in an organization. As an analyst, the authorization step could involve generating reports, developing plans of action, and establishing project milestones that are aligned to your organization’s security goals.
RMF - Step Seven
MONITOR
Monitor means to be aware of how systems are operating. Assessing and maintaining technical operations are tasks that analysts complete daily. Part of maintaining a low level of risk for an organization is knowing how the current systems support the organization’s security goals. If the systems in place don’t meet those goals, changes may be needed.
Allows attackers to manipulate a server-side application into accessing and updating backend resources. It can also allow threat actors to steal data.
Server-side request forgery
Insufficient logging and monitoring capabilities that result in attackers exploiting vulnerabilities without the organization knowing it
Security logging and monitoring failures
PetitPotam: Affects Windows New Technology Local Area Network (LAN) Manager (NTLM). It is a theft technique that allows a LAN-based attacker to initiate an authentication request.
PetitPotam
Allows attackers to run Java code on someone else’s computer or leak sensitive information. It does this by enabling a remote attacker to take control of devices connected to the internet and run malicious code.
Log4Shell
A vulnerability in Microsoft’s Netlogon authentication protocol. An authentication protocol is a way to verify a person’s identity. Netlogon is a service that ensures a user’s identity before allowing access to a website’s location.
ZeroLogon
A pre-authenticated vulnerability that affects the Microsoft Exchange server. This means a threat actor can complete a user authentication process to deploy malicious code from a remote location.
ProxyLogon
Anything that can impact the confidentiality, integrity, or availability of an asset
Risk
An organization’s ability to manage its defense of critical assets and data and react to change
Security posture
Risk mitigation: The process of having the right procedures and rules in place to quickly reduce the impact of a risk like a breach
Risk mitigation
The idea that all individuals within an organization take an active role in lowering risk and maintaining both physical and virtual security
Shared responsibility
An organization’s ability to maintain their everyday productivity by establishing risk disaster recovery plans
Business continuity
________________ are guidelines used for building plans to help mitigate risks and threats to data and privacy, such as social engineering attacks and ransomware.
Security frameworks
___________ are used to reduce specific risks
controls
_______________ are safeguards designed to reduce specific security risks. In this video, we’ll discuss three common types of controls: encryption, authentication, and authorization.
Security controls
____________ is the process of converting data from a readable format to an encoded format. Typically, _________ involves converting data from plaintext to ciphertext. Ciphertext is the raw, encoded message that’s unreadable to humans and computers. Ciphertext data cannot be read until it’s been decrypted into its original plaintext form. __________ is used to ensure confidentiality of sensitive data, such as customers’ account information or social security numbers.
Encryption
Another control that can be used to protect sensitive data is ____________. ___________ is the process of verifying who someone or something is. A real-world example of __________ is logging into a website with your username and password. This basic form of __________ proves that you know the username and password and should be allowed to access the website. More advanced methods of ___________, such as multi-factor ______________, or MFA, challenge the user to demonstrate that they are who they claim to be by requiring both a password and an additional form of authentication, like a security code or biometrics, such as a fingerprint, voice, or face scan.
Authentication
____________ are unique physical characteristics that can be used to verify a person’s identity. Examples of ___________ are a fingerprint, an eye scan, or a palm scan.
Biometrics
Another very important security control is ____________. _____________ refers to the concept of granting access to specific resources within a system. Essentially, ___________ is used to verify that a person has permission to access a resource. As an example, if you’re working as an entry-level security analyst for the federal government, you could have permission to access data through the deep web or other internal data that is only accessible if you’re a federal employee.
Authorization
_______________ are guidelines used for building plans to help mitigate risk and threats to data and privacy. ____________ support organizations’ ability to adhere to compliance laws and regulations. For example, the healthcare industry uses ____________ to comply with the United States’ Health Insurance Portability and Accountability Act (HIPAA), which requires that medical professionals keep patient information safe.
Security frameworks