CySA+ Study Notes 20 Flashcards
is the process of determining whether the security system is fit-for-purpose (so that, for instance, its design goals meet the requirements for a secure system).
Validation
Deperimeterization -> taking phone out of perimiter and may fall into wrong hands. Unpatched and Unsecure Devices : mobile devices may be difficult to patch and many devices may lack built-in anti-malware software, and malware can spread through network when device connects to network.
BYOD
solutions include -> Device enrollment and authentication, remote lock and wipe, locating devices by GPS etc, Pushing out OS, app, and firmware updates to devices, preventing root access or jailbreaking of devices, restricting certain features and service based on access control policies, etc …
MDM (Mobile Device Management) / EMM (Enterprised Mobility Management)
all processors, controllers, and devices are provided on a single chip.
SoC
provide mechanisms for workflow and process automation. These systems control machinery used in critical infrastructure, like power suppliers, water suppliers, health services, telecommunications, and national security services. An ICS that manages process automation within a single site is usually referred to as a distributed control system (DCS). An ICS comprises plant devices and equipment with embedded PLCs. The PLCs are linked either by a fieldbus serial network or by industrial Ethernet to actuators that operate valves, motors, circuit breakers, and other mechanical components, plus sensors that monitor some local state, such as temperature. Output and configuration of a PLC is performed by one or more human-machine interfaces (HMIs). An HMI might be a local control panel or software running on a computing host. PLCs are connected within a control loop, and the whole process automation system can be governed by a control server. Another important concept is the data historian, which is a database of all the information generated by the control loop.
Industrial control systems (ICSs)
system takes the place of a control server in large-scale, multiple-site ICSs. ??? typically run as software on ordinary computers, gathering data from and managing plant devices and equipment with embedded PLCs, referred to as field devices.
SCADA
for offices and data centers (“smart buildings”) can include physical access control systems, but also heating, ventilation, and air conditioning (HVAC), fire control, power and lighting, and elevators and escalators. These subsystems are implemented by PLCs and various types of sensors that measure temperature, air pressure, humidity, room occupancy etc …
building automation system (BAS)
network of monitored locks, intruder alarms, and video surveillance.
PACs
have following concerns -> Greater Complexity, Absence of Data Redundancy (lack of ability to back up data example), Demonstrating Compliance, Security Management.
Hybrid Clouds
example of IaaS, can put virtual servers and appliances on virtual network hosted on cloud, consumer is responsible for configuring IP address space and routing in cloud and handles all admin security work of network including software install and patching, account management, load balancing, disaster recovery, security monitoring and backup. Hosted on VLANs.
VPCs
