Definitions Flashcards
Payment Card Industry Data Security Standard (PCI-DSS)
Applies to companies that process credit card payments
HIPPA
applies to healthcare and patient records
Federal Information Security Management Act (FISMA)
Security standards for many federal agencies in the US
What does the CIA Triad consist of?
Confidentiality, Integrity, Availability
What is Confidentiality?
Ability to protect our data from those who are not authorized to view it
What is Integrity?
ability to prevent changing data in an unauthorized manner
What is Availability?
ability to acecss data when we need it
How does the CIA triad relate to security?
Allows us to discuss security measures in more detail
What are the three addtional principals in the Parkerian Hexad?
Control, Authenticity, and Utility
What is Control?
the physical possession of the media that data is stored on
What is Authenticity
Whether the data is attributed to the right owner or creator
What is Utility?
How useful the data is to you
What are the four categories of attacks?
Interception, interruption, modification, and fabrication
Which attacks affect the confidentiality of the CIA triad?
Interception
Which attacks affect the integrity of the CIA triad?
Interruption, modification, fabrication
Which attacks affect the availability of the CIA triad?
Interruption, modification, fabrication
What is an interception attack?
allows unauthorized users to access data, applications or environments
Are interception attacks primarily against confidentiality, integrity, or availability?
Primarily against confidentiality
What is an example of an interception attack?
eavesdropping on a call or reading someone else’s emails
What is an interruption attack?
makes your assets unusuable or unavailable to you on a temporary or permanent basis
Are interruption attacks primarily against confidentiality, integrity, or availability
Primarily affect availability, but can affect integrity as well
What is an example of a interruption attack?
a DoS attack on a mail server
What is a Modification Attack?
it involves tampering with assets
Are modification attacks primarily against confidentiality, integrity, or availability?
primarily on integrity, but could also affect availability.
What is an example of a modification attack?
unauthorized access to a file and then altering the data
What is a Fabrication Attack?
generating data, processes, communications, etc. in a system
Are fabrication attacks primarily against confidentiality, integrity, or availability?
primarily affect integrity, but could affect availability as well
What is data at rest?
data not in the process of being moved
What is an example of data at rest?
hard drive or flash drive
What is data at rest protected with?
encryption
What is data in motion?
data that is moving from one place to another
whats an example of data in motion?
sensitive data moving between your browser and the bank
What is data in use?
data that is actively being accessed or modified
What is data in use protected with?
permissions and authentication of users
What is a threat?
something that has the potential to cause harm
What is a vulnerability?
Weaknesses or holes that threats can exploit
What is a risk?
the likelihood that something bad will happen
What two things do you need in order for a risk to be possible?
a threat and a vulnerability
What is impact?
determines risks based on the value of an Asset
What does risk management do?
it compensates for risks in your environment
What are the 5 processes for risk management?
Identify assets, Identify threats, Assess Vulnerabilities, Assess Risks, Mitigate Risks
What does Identify assets mean?
Make an accurate determination of which assets are truly critical
What does Identify Threats mean?
identifying the threats that might affect the critical assets
What things do you need to be concerned with in the identify threats stage?
losing data
maintaining accurate data
keeping the system up and running
What does assessing vulnerabilities mean?
Assessing the vulnerability in the context of potential threats
What does assessing risks means?
making sure that there is both a threat and a vulnerability present
What disqualifies a risk?
no vulnerability with matching threat or no threat with a matching vulnerability
How do you mitigate risks?
by putting controls in place to account for each threat
What are the three types of controls?
physical, logical, and administrative
What do physical controls do?
protects the physical environment where the systems or data is stored
What are some examples of physical controls?
fences, gates, locks
What do logical controls do?
protects the systems, networks, and evironments that interact with the data
what are examples of logical controls?
passwords, encyrptions, firewalls, IDS
What do administrative controls do?
dictates how the users in the environment should behave
What are some examples of adminstrative controls?
rules, laws, policies or guidelines
What is an incident response?
Reactions based on documented incident response plans
What’s important to do with these response plans?
should be reviewed regularly, tested, and practiced by those enacting them
What are the four processes of the incident response plan?
Prepartion, detection and analysis, containment, eradication, recovery, and post-incident activity
What happens during the preparation stage?
creating policies and procedures, training and education, developing and maintaining documentation
What happens during the detection and analysis phase?
detects an issue, decide on whether its an incident, and repond appropriately
what tools are used during the detection phase?
Intrusion detection system (IDS)
Antivirus software (AV)
firewall logs
proxy logs
What happens during the analysis phase?
decides what contitutes an incident, evaluate criticality, contacting additonal resources if needed
What does Containment mean?
ensuring the situation doesnt cause more damage
What are examples of what to do for containment?
disconnecting the server, firewall rules in place, updating signatures on the IDS
What does eradication mean?
removes the effect of the issue from the enviroment
What are examples of what to do for eradication?
scanning other hosts for malware, examing logs on the server or network to remove malware
What does recovery entail?
restoring devices or data from backup media, rebuilding systems, reloading applications
What is the Post-Incident activity do?
determines exactly what happened, why, and prevention
What is defense in depth?
multilayerd defense that will still be succesful should a defensive measure fail
What are some layers you might have in place?
data, application, host, internal network ,and external network
why is it important to have defenses at each layer?
makes it difficult for attackers to penetrate the network and directly attack assets
What is the goal of defense in depth?
to notice an attack in progress and have time to prevent it
How can you add complexity to the defensive model?
physical defenses, making policies, and user awareness/training
What defenses would you use for the external layer?
DMZ, VPN, Logging
What defenses would you use for the network perimeter?
Firewalls, Proxy servers, logging
What defenses would you use for the internal network?
IDS, IPS, Logging, Auditing
What defenses would you use for the Host?
Authentication, Anti-virus, Passwords, Hashing
What defenses wold you use for the Application?
SSO, Content filtering, Data Validation
What defenses would you use for Data?
Encryption, Access controls, backups
What is penetration testing?
method of finding gaps in your security using attacks that an attacker would use
