CySA+ Study Notes 9

Question 1

Real Evidence : consists of tangible objects that may be brought into a courtroom.

Order of Volatility : Network Traffic -> Memory Contents -> System and Process Data -> Files -> Logs -> Archived Records.

Live Analysis : retrieves volatile evidence.

Cellebrite is a popular mobile forensic tool.

Answer 1

info …

Question 2

??? regulates handling of student educational records.

??? regulates financial institutions.

??? protects privacy of children under 13 years of age.

Answer 2

FERPA / GLBA / COPPA

Question 3

Due Care : fulfilling legal responsibilities and professional best practices.

Due diligence : take reasonable measures to investigate security risks.

Answer 3

info …

Question 4

??? use human driven processes to manage technology in a secure manner.

??? improve security of the risk management process itself.

??? remediate security issues that have already occurred.

??? implement incident response procedures.

??? use technology to achieve security control objectives.

Answer 4

Operational Controls / Managerial Controls / Corrective Controls / Responsive Controls / Technical Controls

Question 5

COBIT : business focused control framework.

ISO 27001 : part of a series of business standards.

Answer 5

info …

Question 6

??? business leaders w/overall responsibility for data they set policies and guidelines for their datasets.

??? handle day-to-day governance activities, they are delegated responsibility by data owners.

??? store and process info and are often IT staff members.

Answer 6

Data Owner / Data Steward / Data Custodians

Question 7

??? data is only subject to laws of jurisdictions where its collected, stored or processed; storing data in multiple locations subjects it to multiple jurisdictions.

??? transforms PII into form where its no longer possible to tie to an individual person.

Answer 7

Data Sovereignty / Data Obfuscation

Question 8

Tokenization : replaces sensitive fields w/a random identifier.

Masking : replaces sensitive info with blanks or for example X’s.

Pattern Matching : recognizes known patterns of sensitive info, like SSNs.

Watermarking : identifies sensitive info using electronic tags.

Answer 8

info …

Question 9

IRM (Information Rights Management) : enforces data rights, provisions access, implements access control models.

DRM (Digital Rights Management) : provides owners of intellectual property w/technical means to prevent unauthorized use of their content through use of encryption technology.

Answer 9

IRM / DRM

Question 10

??? external force jeopardizing information and systems.

??? weaknesses in security controls that a threat might exploit to undermine CIA.

??? combo of vuln. and corresponding threat.

Answer 10

Threat / Vuln. / Risk