Domain 1.0 - General Security Concepts Flashcards
What are technical security controls?
Technical controls are controls that protect computer networks, software and data. Examples include firewalls and data encryption.
What are managerial security controls?
Managerial controls encompass the implementation of policies, procedures and practices by management to guide and direct the activities of individuals and teams. Examples include performance reviews, risk assessments, and codes of conduct.
What are operational security controls? Who implements them?
Operational controls revolve around the execution of day-to-day activities and processes necessary for delivering goods and services. Examples include incident response procedures, security awareness training and user access management.
What are physical security controls?
Physical controls are controls that protect the actual building or facility. Examples include an access control vestibule, biometric locks, security guards, fences, CCTV systems, mantraps, vehicle barriers, tamper evident seals, and panic buttons/alarms.
What are preventative security controls?
Preventative controls are designed to prevent problems or risks from occurring in the first place. Examples include firewalls to prevent unauthorized access to computer networks using access control lists, employee training programs to educate staff about safety procedures and prevent workplace accidents, and quality control checks in a manufacturing process to prevent defects.
What are deterrent security controls?
They aim to discourage people from engaging in undesirable behavior or activities. They create a perception of risk or negative consequences to deter potential offenders. Examples of deterrent controls include surveillance cameras in public areas to deter criminal activity, warning signs indicating the presence of a security system to discourage burglars, and strong passwords and MFA to discourage unauthorized access to online accounts.
What are detective security controls?
These are used to identify and detect problems or risks that have already occurred. Examples include financial audits and SIEM software.
What are corrective security controls?
Corrective controls address problems or risks after they have been identified. Examples of corrective controls include implementing a backup and recovery system to restore data after a system failure and implementing fixes or patches for software vulnerabilities.
What are compensating security controls?
Compensating controls are alternative measures implemented when primary controls are not feasible or sufficient. Examples of compensating controls include requiring additional layers of approval for financial transactions in the absence of automated control systems, utilizing a secondary method of authentication when the primary method fails or is unavailable, and increasing physical security measures when technical controls are compromised.
What are directive security controls?
Directive controls involve providing specific instructions or guidelines to ensure compliance with policies, procedures or regulations. Examples of directive controls include a code of conduct or ethical guidelines that outline acceptable behavior within an organization, stand operating procedures (SOPs) that detail step-by-step instructions for completing tasks, and regulatory requirements that mandate specific reporting procedures for financial institutions.
What is the CIA triad and what does CIA stand for? Define each letter.
CIA stands for confidentiality, integrity and availability. Confidentiality ensures that only those with proper authorization can access sensitive information. Integrity ensures that the data remains unaltered. Availability ensures that the data remains accessible.
What is non-repudiation?
This prevents denial of actions, ensuring accountability and reliability in electronic transactions and communications. This is done through authentication, digital signatures and audit trails.
What is the AAA security concept and what does each letter stand for? Define each letter.
AAA stands for authentication, authorization and accounting. AAA is handled by an AAA server which is software on a computer server.
How are people authenticated in AAA?
When a user initiates an authentication request, the AAA server interfaces with the domain controller - the specialized server responsible for managing user accounts and authentication within a Windows domain environment. A AAA server can work with various methods of authentication.
How are systems authenticated in AAA?
Using the AA framework and the 802.1x protocol. 802.1x is used to authenticate devices to the network and each device must have a valid certificate.
What are authorization models?
They define the scope of permissible activities on a network which creates a controlled environment that mitigates the risks associated with unauthorized access.
What is accounting in AAA?
This process involves capturing essential details such as usernames, timestamps, IP addresses, accessed resources, and actions performed. This data is then stored securely, ensuring its integrity and confidentiality. The accounting information can be used for real-time monitoring, historical analysis, and generating reports for compliance or troubleshooting purposes.
What are the AAA protocols?
The AAA protocols include RADIUS, Diameter and TACACS+.
What is RADIUS? What does it stand for?
RADIUS stands for Remote Authentication Dial-In User Service. RADIUS is used particularly in remote access scenarios. RADIUS clients can include wireless access points, routers, and switches. The authentication requests from the clients require a shared secret. This secret, known to both the RADIUS client and server, safeguards the exchange of sensitive data, improving the integrity of the authentication process.
What is Diameter?
Diameter is RADIUS’s successor. It works with 4G, 5G and LTE and WiMAX access points. The shared secret is important with Diameter as with RADIUS.
