Domain 2 - Asset Management Flashcards
What is data acquisition?
The creation or retrieval of data
What are top secret and confidential classifications considered to be when applied to data?
Exceptionally grave damage
What arethe secret or private data classifications considered to be?
Serious Damage
What are the confidential and sensitive data classifications considered to be?
Damage
What are labels assigned to?
Objects
What manipulates objects?
Subjects
Who are the mission and business owners in data policies?
Senior executives / management
Who are the data / information owners in data policies?
Managers. They assign sensitivity labels and backup frequency.
Who are the data custodians in data policies?
Technical employess who handle backups, restore data, patch, etc..
Who are the system owners in data policies?
Managers and they are the owner of the systems that house the data. Like the infrastructure team.
Who are the data controllers and data processors in data policies?
They create and manage sensitive data in the organization. Processors manage data for controllers.
What is non-volatile memory?
It retains data in memory even after power loss. Most common use is the BIOS. Also known as ROM (Read only memory).
What is Programmable read only memory (PROM)?
Programmable, but usually done at the factory and could not be updated.
What is Erasable Programmable read only memory (EPROM)?
erasable read only memory.
What is Electronically erasable read only memory (EEPROM)?
Electronically erasable read only memory.
Where is L1 cache located?
On the CPU and is the fastest.W
What is the definition of Sanitization in data destruction?
It is a process of rendering target data infeasible for a given level of recovery.
What is the definition of purge in data destruction?
removing sensitive data from a system or device to a point where data recovery is no longer feasible even in a lab environment.
What is degaussing?
It is used for destroying magnetic media. It is useless on SSD.
What is Cloud Access Security Broker (CASB)?
Monitors user activity and enforces security policy compliance. Think AWS config.
In discretionary access control, who gives subjects ownership of objects.
Users give access to their files.
How does access control work when dealing with mandatory access control?
Based on a subjects clearance and an object’s labels.
What is RUBAC?
Rule based access control based on IF and THEN statements. Like a firewall.
What is the focus of the Bell-Lapadula security model focus?
Confidentiality
What type of access control is Bell-Lapadula?
Mandatory Access Control
What are the properties of Bell-Lapadula
No write ups
No write down
No read or write up and down.
(Think clearances)
What is the focus of the Biba security model?
integrity
What are the properties of the Biba?
No read down
No write up
No read or write up
What access control type is Biba?
Mandatory Access Control
What is Lattice (Label) Based Access Control?
Users have multiple access rights. Very complex.
What is the Grahm-Denning Model?
Uses objects, subjects, and rules.. Has 8 rules that a specific subject can execute.
What is Harrisonn-Ruzzo-Ullman model?
An OS level security model that dealsw ith the integrity of access rights in the system.
What part of the CIA triad does the Clark-Wilson model focus on?
Integrity
Describe the key points of the Clark Wilson Model?
Uses Subjects, Programs, and Objects.
Programs are between subjects and objects.
What is the Brewer Nash Model?
Designed to mitigate conflict of interest in commercial organizations
Describe how the Brewer Nash model works?
No information can flow between the subjects and objects in a way that would create a conflict of interest.
What is the non-interference model and how does it work?
It ensures that any actions that take place at a higher security level do no affect or interfere with actions at a lower level.
What is the take grant protection model and how does it work?
It uses rules that govern the interactions between subjects and objects.
What is the Zachman Framework and how does it work?
This is used for enterprise architecture and has six frameworks. The what, how, where, who, when, and why. The frameworks get mapped to rules for planners, owners, designers, builders, programmers, and users.
What access control can be used for security modes?
Mandatory Access Control and Discretionary access control.
How is the mode determined?
By the types of users, data, and the levels of users.
What are the requirements for dedicated security mode?
Signed NDA for all data
Proper Clearance for all data
Formal Access Approval for all data
Valid Need to know for all data
All users can access ALL data.
What are the requirements for system high security mode?
Signed NDA for all data
Proper Clearance for all data
Formal Access Approval for all data
A valid need to know for some of the data
All users can access SOME data based on their need to know.
What are the requirements for compartmented security mode?
Signed NDA for all data
Proper Clearance for all data
Formal Access Approval for some data
A valid need to know for some of the data
All users can access SOME data based on their need to know.
What are the requirements for multilevel security mode?
Signed NDA for all data
Proper Clearance for some data
Formal Access Approval for some data
A valid need to know for some of the data
All users can access SOME data based on their need to know.
What is the orange book in the rainbow series?
Earliest book which most security models are based on today. It is called the Trusted Computer System Evaluation Criteria (TCSEC).
What is the red book in the rainbow series?
It addresses network systems and described The Trusted Network Interpretation (TNI).
What is ITSEC?
It is the European information technology security evaluation Criteria model
What is the international common criteria (ISO/IEC 15408)?
Still in use for evaluage.
What is the target of evaluation?
It is the product or system that is the subject of evaluation.
What is the protection profile?
It is a document which identifies security requirements for a group of devices.W
What is a security target?
A document that identifies the security properties of the target of evaluation.
What are evaluation assurance levels?
They score compliance against a benchmark of 7 levels. Higher level means higher compliance.
What is the PASTA Threat Model?
It is attacker focused.
Gives a dynamic threat identification, enumeration, and scoring process
Stages are:
Definition of objective
definition of the technical scope
Application decomposition and Analysis (ADA)
Threat Analysis
Weakness and vulnerability analysis
Attack modeling and Simulation
Risk analysis and Management
What is the STRIDE threat model?
It is developer focused and has six categories
spoofing
Tampering
Repudiation
Information Disclosure
Denial of Service
Elevation of Privilege
What is the TRIKE threat model?
Acceptable Risk Focus
What is the DREAD threat model?
categorizes the impact by a score
What are the security domains?
A list of objects a subject is allowed to access, groups of objects and subjects with similar requirements.
What is kernal mode?
It allows a low-level unrestricted access to memory, cpu, disk, etc.
What is user mode?
No direct access to hardware. Access is directed through an API.
What are open systems?
They use open standards and can use standard components.
What are closed systems?
They use proprietary hardware and software
What is the ring model?
It separates trusted from untrusted.
Ring 3 User applications
Ring 2 Device Drivers
Ring 1 Other device drivers
What ring does a hypervisor sit on in the ring model?
It sits at -1