Domain 2: Compliance and Operational Security Flashcards
Managing Risk
Acceptance, Transference, Avoidance, Deterrence, Mitigation
Security Controls
Technical, Management, Operational
Security Measures
Detective, Preventative, Compensating, Corrective
Confidentiality
Threats: Eavesdropping, system compromise and access
Defense: cryptosystems, access controls
Integrity
Threats: spoofing, system compromise and access
Defense: digital signatures and hashing
Availability
Threats: denial of service
Defense: redundancy, fault tolerance, and patching
CIA triad +1
confidentiality, integrity, availability, safety
Incident Response Steps
PICERL: prepare, identify, contain, eradicate, recover,
lessons learned and follow up
OOV
order of volatility
SPF
single point of failure
BIA
business impact analysis
DRP
disaster recovery plan
MTTR
mean time to recovery - average time to recover asset - key in DRP and COO
MTBF
mean time between failures - average time between critical failures
RTO
recovery time objective - minimum recovery time