Dion Review Flashcards
Isolation
Isolation is a mitigation technique that can help prevent malware from spreading from one system or process to another by limiting their interaction and communication. Isolation involves sandboxing or simply disconnecting an infected system. This prevents potentially malicious programs or scripts from accessing the rest of the system or network. Isolation is most important when malware is on the system.
Data Controller
A Data Controller USES the data
Example: HR Department, which collects employee information
Exposure Factor
The exposure factor is an estimate of the potential damage to an asset if a given threat exploits a vulnerability, and it is not directly connected to the asset’s total value or frequency of threat events. An exposure factor of 100% suggests that a security incident or threat event would render the asset entirely unusable or worthless. Exposure factor is usually expressed as a percentage representing the portion of the asset’s value likely to be lost in an incident.
Threat Scope Reduction
Threat scope reduction refers to the proactive steps and strategies taken to reduce the potential areas of attack within a system or network. By limiting the avenues that attackers can exploit, organizations can more effectively secure their assets.
Chain of Custody
Chain of Custody is the process of securing and preserving evidence related to a security incident for potential use in legal proceedings. When handling digital evidence, it is crucial to maintain a clear and documented Chain of Custody. This ensures that the evidence is collected, stored, and transferred in a way that maintains its integrity and authenticity, making it admissible and reliable in legal proceedings.
Infrastructure Diversification
Diversifying infrastructure ensures that organizations are not overly reliant on a single data center, network, or platform. By distributing their assets and systems across multiple locations or platforms, they can significantly reduce the risk of total service disruption if one component fails.
Risk Identification
Risk identification is the proactive process of recognizing and recording potential threats that could adversely affect an organization.
Threat intelligence involves the collection and analysis of information about current and potential attacks that threaten the security of an organization but does not directly refer to the broader process of risk identification.
Attribute-Based Access Control (ABAC)
In an ABAC system, access permissions are dynamically evaluated based on various user attributes, such as job role, department, location, and time of access. The system combines these attributes to make access control decisions, allowing for more fine-grained and context-aware access control.
Security Content Automation Protocol (SCAP)
The Security Content Automation Protocol (SCAP) is a set of specifications that standardize the format and nomenclature for communicating security configuration information and software flaws. SCAP is a checklist that helps enterprises improve their cybersecurity posture.
Its main functionality lies in strengthening the security of systems via a standardized approach to maintaining system security, aiding in automating the process of detecting vulnerabilities, managing configurations, and maintaining compliance with regulatory standards.
Client-Based Software
Client-based software is software that runs on the user’s computer and requires installation and configuration. It may have vulnerabilities that can be exploited by attackers if not updated or patched regularly.
Agentless Software
Agentless software is software that does not require installation or configuration on the user’s computer. It runs on a remote server and communicates with the user’s computer via a web browser or other interface.
Time-of-Use (TOU)
A Time-of-use (TOU) vulnerability arises when there’s an opportunity for an attacker to manipulate a resource after its creation but before its use by an application.
Service-Level Agreement (SLA)
The Service-Level Agreement (SLA) is the document that precisely defines the agreed-upon service levels and performance metrics that the vendor is expected to meet. It outlines the specific services to be provided, performance expectations, response times, and remedies for not meeting the agreed-upon levels.
Detection Phase of Incident Response Plan
Identifying and classifying incidents based on severity and impact is typically part of the “Detection” phase of the incident response process. It involves recognizing that an incident has occurred and understanding its potential implications.
Preparation Phase of Incident Response Plan
The Preparation phase in the incident response process involves activities such as developing an incident response plan, defining roles and responsibilities of the incident response team, and conducting regular training and drills. These preparations ensure that the organization is ready to respond effectively and efficiently to any potential security incidents.
Enumeration (Hardware/Software/Data Management)
In the context of hardware, software, and data asset management, enumeration refers to a comprehensive process that involves assigning unique identifiers, access controls, and attributes to each asset. This practice aims to establish granular control over access permissions, ensuring that only authorized users can interact with the assets. Enumeration plays a crucial role in maintaining the confidentiality, integrity, and availability of data by preventing unauthorized access and facilitating proper resource management.
Horizontal Password Attack
In a horizontal password attack, an attacker targets multiple accounts by trying a few common passwords across them. It’s a method to bypass account lockout policies that would trigger if too many failed attempts are made on a single account.
What type of wireless connection is best for ensuring reliable and secure communications between multiple branch offices?
Cellular connections are the best choice for secure and reliable communication between branch offices.
Cellular connections use GSM (Global System for Mobile Communications) or CDMA (Code Division Multiple Access) technologies to provide wireless communication between devices. Cellular connections are more secure than Wi-Fi or Bluetooth because they use encryption and authentication mechanisms to protect the data. Cellular connections also have a high bandwidth and can support a large number of devices at a time.
Bluetooth connections are not designed for long-distance communication. Bluetooth connections use short-range radio waves to connect devices within a few meters of each other. Bluetooth connections also have a low bandwidth and can only support a small number of devices at a time.
Satellite connections have higher latency and lower bandwidth than cellular connections. Satellite connections use orbiting satellites to transmit data, which can cause delays and signal loss due to atmospheric conditions and interference. Satellite connections also have a high cost and require specialized equipment to access them.
Security Officer
The security officer, also known as the Chief Information Security Officer (CISO) or Information Security Manager, is a senior-level role responsible for leading and overseeing the organization’s information security program. They are tasked with defining, implementing, and enforcing information security policies and procedures throughout the organization. The security officer collaborates with various stakeholders, including management, IT teams, and compliance personnel, to ensure that security measures align with the organization’s objectives and industry best practices.
Control Plane (Zero Trust Model)
The Control Plane within the Zero Trust model is fundamentally responsible for deciding on access based on policies and threats, which is a dynamic and multifaceted task. While it does consider user behavior as part of its decision-making process, employing security decisions based on user behavior is only one aspect of its function.
Federation
A federated network is a network model in which a number of separate networks or locations share resources (such as network services and gateways) via a central management framework that enforces consistent configuration and policies. By employing federation, companies can leverage single sign-on across multiple domains or organizations.
Extended Detection and Response (XDR)
Implementing XDR gives the ability to integrate and correlate security data from various sources, such as endpoints, network, and cloud environments. By doing so, XDR can detect and respond to sophisticated, multi-vector cyber threats more effectively. While XDR may contribute to enforcing security policies, its primary role is to detect and respond to multi-vector cyber threats across the IT environment. While some XDR solutions may include features for software updates and patch management, the primary focus of XDR is not on updating and patching software on endpoints. XDR’s primary purpose is to enhance threat detection and response capabilities. One of the main advantages of EDRs is that they provide real-time monitoring and reporting of attacks.
XDR works best in situations where company security data is spread across a number of applications and tools.
Golden Image
A golden image is a template for a virtual machine, virtual desktop, server or hard disk drive. A golden image ensures consistency and saves time by providing a standardized configuration for each VM deployed.
Concurrent Session Usage
Concurrent session usage is an indicator of malicious activity that shows that an attacker or malware has compromised an account and is using it simultaneously with the legitimate user, creating multiple sessions from different locations or devices.
What is the purpose of internal and external compliance reporting?
External compliance reporting is crafted to meet mandatory disclosures and inform external stakeholders such as regulators and shareholders about the company’s compliance status at a high level. Internal compliance reporting is designed to give detailed insights to internal stakeholders like executives and security analysts, assisting in strategic planning and operational improvements.
Total Cost of Ownership (TCO)
The TCO (Total Cost of Ownership) not only includes the initial purchase price of the tool but also the ongoing expenses related to maintenance, updates, and other associated costs over its lifecycle.
While ROI (Return on Investment) evaluates the profitability or benefit of a particular investment, it doesn’t primarily focus on the entire financial impact over a tool’s lifecycle.