Domain 2 Flashcards
__ is for industries where we are constantly in litigation, no one can say any info was modified or changed because it is not possible with this technology.
WORM (Write Once Read Many)
__ is volatile memory.
RAM (Random Access Memory): real/primary memory, volatile memory e.g. data lost when power is lost
DRAM (dynamic, dumb/slow): cheap which means its slow and you have a lot of it; needs to be constantly refreshed
SRAM (static, speed): expensive which means
A __ creates/manages info e.g. salary data managed by HR dept, and is ultimately responsible even if the __ (internal/external entity accessing the data e.g. outsourced payroll company) gets breached.
Data controller, data processor
Customizing a standard for an organization, beginning with scoping, and then adding compensating controls and parameters (security configuration settings).
Tailoring
Data classification process
- Identify who’s in charge (Identify administrator/custodian)
- Criteria for classification (Specify criteria for how information will be classified and labelled)
- Classify the data with approval by the supervisor (Classify the data by its owner who is subject to review by a supervisor)
- Document exceptions (Specify and document exceptions to the classification policy)
- Determine controls (Specify controls that will be applied to each classification level)
- Determine declassification (Specify the termination procedures for declassifying the information or for transferring custody of the information to another entity)
- Make people aware of the classification process (Create an enterprise awareness program about the classification controls
Degaussing and sector-by-sector overwrite are good for __ media.
Magnetic media e.g. HDD
-degaussing (changing magnetic field on device destroys data)
-sector-by-sector overwrite
-physical destruction
EEPROMs e.g. Flash drives/SSDs
-use ATA Secure Erase (all blocks in physical address space completely erased)
-physical destruction
Describe FIPS 199 levels of impact for CIA
limited adverse effect=low impact
serious adverse effect=moderate impact
severe or catastrophic=high impact
Describe options for securely erasing drives
Magnetic media e.g. HDD
-degaussing (changing magnetic field on device destroys data)
-sector-by-sector overwrite
-physical destruction
EEPROMs e.g. Flash drives/SSDs
-use ATA Secure Erase (all blocks in physical address space completely erased)
-physical destruction (more expensive but more secure)
-NOT effective on EEPROMs: sector-by-sector overwrites can miss data (since writes randomly), degaussing (since not magnetic)
Describe the house analogy in terms of who owns and manages the data
Data owner (CEO, board): designs the house, makes the high-level strategic decisions, ultimately responsible System owner: designs the HVAC/electrical subsystem in the house; plans design/updates, supports system processes; delegated a portion of the design but ultimately the data owner can still overrule Business owner: focuses on security priorities to support the mission Custodian (DBA, engineer): builds the house; very tactical, does all activities that need to be performed on behalf of owner, hardening/locking down, changing network User: lives in the house; running application to perform function, analyzes info
How can an EEPROM device be securely erased?
Magnetic media e.g. HDD
-degaussing (changing magnetic field on device destroys data)
-sector-by-sector overwrite
-physical destruction
EEPROMs e.g. Flash drives/SSDs
-use ATA Secure Erase (all blocks in physical address space completely erased)
-physical destruction
Process that involves determining applicable portions of a standard that will be followed.
Scoping
The __ describes SBU data where the impact for CIA is:
limited adverse effect=low impact
serious adverse effect=moderate impact
severe or catastrophic=high impact
FIPS (Federal Information Processing Standards Publication) 199
SBU (Sensitive but Unclassified)
The __ manages/monitors protocols and specifications of the Internet. They specify requirements via RFCs which must be followed by everyone e.g. TCP/IP protocols.
IETF (Internet Engineering Task Force)
The __ says that at least 85% of targeted cyber intrusions could be prevented by top 4 mitigation strategies:
- application whitelisting
- patch applications
- patch OS vulnerabilities
- restrict admin priveleges and applications based on duties
ASD (Australian Signals Directorate)
Types of primary memory
RAM (Random Access Memory): real/primary memory, volatile memory e.g. data lost when power is lost
DRAM (dynamic, dumb/slow): cheap which means its slow and you have a lot of it; needs to be constantly refreshed
SRAM (static, speed): expensive which means its faster and you have less of it; SRAM is cache
Good to be familiar with “Computer Architecture (Map of Targets) - Drawing 3C” but basically just need to know and be able to draw out “Memory diagram - Drawing 2A”