Domain 2 Flashcards
Loss of control, compromise,
unauthorized disclosure, unauthorized
acquisition, or any similar occurrence where a person other than an authorized user
accesses.
Breach
An event that actually or potentially
jeopardizes the confidentiality, integrity,
or availability of an information system.
Incident
Any circumstance or event with the
potential to adversely impact organizational
operations (including mission, functions,
image, or reputation)
Threat
Reducing the impact of an incident so the
organization can resume the interrupted
operations as soon as possible.
Incident Response Plan
Preparation
Detection & Analysis
Containment, Eradication & Recovery
Post-Incident Activity
Components of an Incident Response Plan
Develop a policy approved by management
Identify critical data and systems and any single points of failure
Preparation
Monitor all possible attack vendors
Analyze the incident using known data and threat intelligence
Detection and Analysis
Gather evidence
Choose an appropriate containment strategy
Containment
Identify evidence that may need to be retained
Document lessons learned
Post-Incident Activity
Representative(s) of senior management
Information security professionals
Legal representatives
Public affairs/communications
representatives
Engineering representatives
Incident Response Team
Concept that a user should only have access to the resources that they need in order to do their job but no more
Principle of Least Privilege
Permissions beyond normal users, such as Administrators, Help Desk/IT Staff and Security Analysts
Privileged Accounts
Owner of the resource, typically the creator, has full control to configure which subjects can access the object
Discretionary Access Control (DAC)
Leverages a central authority that regulates access based on security labels, such as the clearance level that a subject (user) has been approved for, as well the classification of the object
Mandatory Access Control (MAC)
Reduce the likelihood of an outage occurring in the first place (Ex: natural disasters and physical incidents)
Preventive Controls
Discover or identify when something bad might have occurred. Like a security camera or a barking dog
Detective Controls
Provide functionality that serves to communicate expected behavior. A traffic sign like “stop” or “yield”
Directive Controls
Functionality that fixes a system, process or activity after an adverse event has occurred. Using a fire extinguisher to put out a kitchen fire
Corrective Controls
