Domain Five: Risk Management Flashcards
Define the Business Impact document ?
The business impact analysis is often seen as being a document but it is also a set of processes comprising of several different functions and roles within the organisation identifying key business functions or processes that will be impacted during a disruption.
What are the two key metrics used in the BIA ?
Mean Time Between Failure
Mean Time to Repair
What is the first stage in the BIA process or document ?
We need to firstly identify critical functions and then associate the systems that aid those functions. We need to be able to answer the following questions
Do we know what services our customers always expect to be available ?
Do we know what service our employees need available at all times ?
This stage needs SMEs from all the functional areas to help identify this.
What are the five impct areas a BIA document or process should consider ?
Life
Property
Safety
Financial
Reputation
What is a privacy threshold assement ?
A privacy threshold assessment is conducted to determine what levels of information a system is collecting to determine a privacy impact assessment is required.
What is a privacy impact assessment ?
A privacy impact assessment determines the impact on PII contained within that system if it is compromised.
What is the RPO ?
RPO is the maximum allowable time between backups
What is the RTo ?
RTO is the maximum time allowed to restore backups. It designates the amount of real time that can pass before the disruption begins to seriously and unacceptable impede the flow of normal business operations
Describe the four common data sensitivity types ?
Public - Free to all
Proprietary - This is information peculiar to that organisation and can include such things as trade secrets
Confidential Information - Requires restrictive access through such mechanisms as NDA
Private Information - This information sensitivity includes PII and PHI and should be protected extensively
Describe the role of the privacy officer ?
Is responsible for the organisations data privacy. They implement policies and procedures to help carry out privacy controls.
Describe the role of the data steward ?
Manages the day to day control and protection of data for the organisation responsible for compliancy and regulatory understanding
Describe the role of the data owner ?
Responsible for specific data sets but delegates the day to day procedures around data
What are the three reasons for having a data retention policy ?
Version Control - Returning to a last know state
Recovery from Cyber attacks - Especially as attacks are not always discovered immediately
Legal/Regulatory compliance
Name some of the techniques for data sanitisation ?
Burning
Shredding
Pulping
Pulverising
Degaussing
Purging
Wiping
What in digital forensics is the order of volatility ?
Data for investigations should be collected in an order to make sure that most volatile sources prone to destruction as harvested first.
CPU Cache and Registers
Remaining data stored in RAM
Temporary File Systems
Files Written to Disk
Remote monitoring data for the system
Archived Data
What is chain of custody ?
As evidence is collected, we need to ensure that we maintain the integrity of the evidence collected. Everyone that comes into contact with the evidence must be documented and the chain of custody document should show how the evidence was stored.
Name some of the sources we can use for evidence ?
There are several sources of information. We should also capture hashes of the system to be able to prove that it has remained unaltered during the investigation.
Capturing System Images
Network Traffic and Logs
Capturing Video
Screenshots
Witness Interviews
What is legal hold ?
Legal hold refers to special procedures put in place to aid any court proceedings.
What does the term preservation mean ?
Preservation procedures should be put in place to maintain the integrity of the evidence
What are the three areas to consider with recovery ?
Active Logging, Strategic Intelligence, Counterintelligence gathering
What are the different types of backup ?
Full - Backup of whole drive irrespective of whats changed
Incremental/Differential - Backup of whats changed between full backups
Snapshots - VM backups used to spin up new backups
Define continuity of operations ?
Usually attributed to the US Federal Government helps to ensure operations through unanticipated events. The US Government mandates that agencies need to continue to provide services even during times of crisis.
What is continuity planning ?
Usually attributed to the US Federal Government helps to ensure operations through unanticipated events. The US Government mandates that agencies need to continue to provide services even during times of crisis.
What are the five control of disaster recovery controls ?
Deterrant - Those controls that deter but do not prevent, Preventative - Those controls that prevent something from occurring.
Compensatory - Are those mechanisms that are put in place to satisfy requirements for a security measure when management has deemed it to impractical to implement the actual fix.
Corrective - Remediate a risk after being discovered
Detective - Detects events after they have been discovered
Directive controls - Direct on how to achieve security compliancy such as policies
What are the three disaster recovery control types ?
Administrative, Technical, Physical, Operational
Give an example of a administrative technical control type ?
Acceptable Use Policy
Give an example of a physical control type ?
Crash Barrier
Give an example of a technical control type ?
IPS
What are the Geographic consideration for disaster recovery and planning
Locations Selection
Legal Considerations
Off Site storage
Distance
Data Sovereignty
What are the three categories for recovery sites ?
Hot - Like for like replacement always on including software and data
Warm - Infrastructure in place but software and backups may need to be restored
Cold - Site is available but infrastructure and everything else needs to be put in place
What is incident response ?
This is how we recover minimising downtime and reducing damage when an incident occurs.
What are the six stages of incident response ?
Preparation
Identification
Containment
Eradication
Recovery
Lessons Learned
What are the main categories of incident response ?
External/Removable Media
Attrition
Web
Email
Improper Usage
Loss or Theft of Equipment
Other
What is the role of security management in incident response ?
Responsible for leading the response team during planning and carrying out IR procedures. They also offer corporate support for the IR team.
What is the role of the compliance officer in incident response ?
They help to advise what steps need to be taken to maintain compliance with various rules and procedures.
What is the role of the incident response team ?
This team is a specialised group, they train and are tested for incident response. These individuals walk through exercises to determine when, why and who to engage during particular incidents.
What is the role of supplementary technical staff in incident response ?
Used to provide technical help over and above that in the IR team.
What is the role of the Cyber Incident Response team ?
Responsible for providing detailed Cybersecurity knowledge.
What are the personnel functions in Organisational Security?
Policies, Background checks,and JMl
What is the purpose of the exit interview ?
Determines the morale and culture of the team as well as a chance to gain an understanding of where things have gone wrong and can be improved.
What is a acceptable use policy ?
Also known as Rules of Behaviour - May include security policies such as the restriction of social media or personal email.
What are adverse actions ?
Describes the steps taken when abuse has taken place
Name the six agreement types ?
SLA, Memorandum of Understanding, Standard Operating Procedures, Business Partner Agreement, Interconnection security agreement, Memorandum of agreement
What is a clean desk policy
Removal each day of documents and printouts that could compromise security.
How often do we embark on a continuous education program ?
Annually
Why should we have mandatory job holidays and rotation ?
Besides cross training and other issues it also helps prevent users being involved in malicious actions as well as highlighting improvements required in processes and job functions.
What is the thinking behind separation of duties ?
Also for security purposes as it avoids a single person being compromised due to have complete access and knowledge of a system.
What is single loss expectance (SLE) ?
This is the monetary cost of an event to an organisation
What is the annual rate of occurrence (ARO) ?
This is the number of times a year an event occurs
What is annual loss expectancy (ALE) ?
SLE * ARO
This represents the actual cost to the company and can be used to determine if a compensating control is worth it.
What are the four main risk response techniques ?
Risk Acceptance, Risk Avoidance, Risk Transferrance, Risk Mitigation
What are the two main sources of threats ?
Environmental and Man Made
Describe the relationships betwee control categories and types
Categories contain types.
Describe the detective control category ?
Controls that detect activity after the event has taken place
What type of control is a threat assessment ?
Managerial
What type of control is a sign warning you of a guard dog ?
Deterrent - Its tempting to say physical but the sign does not physically prevent someone from doing something.
What is the most common way to ensure that companies destroy data ?
Signing of a contract that mandates this and that the third party has certification standards around this area.
Describe the role of the CEO in an organisation ?
The chief executive officer manages the companies operations. The CEO is hired by the board and is dismissed by the board and has their performance reviews and compensations determined by the board.
What are the three areas covered by a GRC program ?
Governance, Risk and Compliance
What are the two types of governance models ?
Centralised and Decentralised
What is a centralised governance model ?
Top Down - Central Authority creates policies and standards
What is a decentralised governance model ?
Bottom Up - Individual teams responsible for governance
What is a definition of a policy ?
High level statement of management intent.
What are some typical points covered in a policy ?
A statement of the importance of cybersecurity to the organisation
A requirement that staff and contractors maintain CIA principles and guidelines
A statement on the ownership and creation of information created or processed by the organisation
Designation of the CISO or other individual as the executive responsible for Cybersecurity issues
Delegation of authority to CISO the ability to create standards, procedures and guidelines and to implement them