Domain Five: Risk Management COPY Flashcards

1
Q

Define the Business Impact document ?

A

The business impact analysis is often seen as being a document but it is also a set of processes comprising of several different functions and roles within the organisation identifying key business functions or processes that will be impacted during a disruption.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the two key metrics used in the BIA ?

A

Mean Time Between Failure
Mean Time to Repair

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the first stage in the BIA process or document ?

A

We need to firstly identify critical functions and then associate the systems that aid those functions. We need to be able to answer the following questions

Do we know what services our customers always expect to be available ?
Do we know what service our employees need available at all times ?

This stage needs SMEs from all the functional areas to help identify this.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the five impct areas a BIA document or process should consider ?

A

Life
Property
Safety
Financial
Reputation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is a privacy threshold assement ?

A

A privacy threshold assessment is conducted to determine what levels of information a system is collecting to determine a privacy impact assessment is required.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is a privacy impact assessment ?

A

A privacy impact assessment determines the impact on PII contained within that system if it is compromised.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the RPO ?

A

RPO is the maximum allowable time between backups

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the RTo ?

A

RTO is the maximum time allowed to restore backups. It designates the amount of real time that can pass before the disruption begins to seriously and unacceptable impede the flow of normal business operations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Describe the four common data sensitivity types ?

A

Public - Free to all
Proprietary - This is information peculiar to that organisation and can include such things as trade secrets
Confidential Information - Requires restrictive access through such mechanisms as NDA
Private Information - This information sensitivity includes PII and PHI and should be protected extensively

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Describe the role of the privacy officer ?

A

Is responsible for the organisations data privacy. They implement policies and procedures to help carry out privacy controls.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Describe the role of the data steward ?

A

Manages the day to day control and protection of data for the organisation responsible for compliancy and regulatory understanding

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Describe the role of the data owner ?

A

Responsible for specific data sets but delegates the day to day procedures around data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are the three reasons for having a data retention policy ?

A

Version Control - Returning to a last know state
Recovery from Cyber attacks - Especially as attacks are not always discovered immediately
Legal/Regulatory compliance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Name some of the techniques for data sanitisation ?

A

Burning
Shredding
Pulping
Pulverising
Degaussing
Purging
Wiping

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What in digital forensics is the order of volatility ?

A

Data for investigations should be collected in an order to make sure that most volatile sources prone to destruction as harvested first.

CPU Cache and Registers
Remaining data stored in RAM
Temporary File Systems
Files Written to Disk
Remote monitoring data for the system
Archived Data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is chain of custody ?

A

As evidence is collected, we need to ensure that we maintain the integrity of the evidence collected. Everyone that comes into contact with the evidence must be documented and the chain of custody document should show how the evidence was stored.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Name some of the sources we can use for evidence ?

A

There are several sources of information. We should also capture hashes of the system to be able to prove that it has remained unaltered during the investigation.

Capturing System Images
Network Traffic and Logs
Capturing Video
Screenshots
Witness Interviews

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is legal hold ?

A

Legal hold refers to special procedures put in place to aid any court proceedings.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What does the term preservation mean ?

A

Preservation procedures should be put in place to maintain the integrity of the evidence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What are the three areas to consider with recovery ?

A

Active Logging, Strategic Intelligence, Counterintelligence gathering

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What are the different types of backup ?

A

Full - Backup of whole drive irrespective of whats changed
Incremental/Differential - Backup of whats changed between full backups
Snapshots - VM backups used to spin up new backups

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Define continuity of operations ?

A

Usually attributed to the US Federal Government helps to ensure operations through unanticipated events. The US Government mandates that agencies need to continue to provide services even during times of crisis.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What is continuity planning ?

A

Usually attributed to the US Federal Government helps to ensure operations through unanticipated events. The US Government mandates that agencies need to continue to provide services even during times of crisis.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What are the five control of disaster recovery controls ?

A

Deterrant - Those controls that deter but do not prevent, Preventative - Those controls that prevent something from occurring.
Compensatory - Are those mechanisms that are put in place to satisfy requirements for a security measure when management has deemed it to impractical to implement the actual fix.
Corrective - Remediate a risk after being discovered
Detective - Detects events after they have been discovered
Directive controls - Direct on how to achieve security compliancy such as policies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

What are the three disaster recovery control types ?

A

Administrative, Technical, Physical, Operational

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Give an example of a administrative technical control type ?

A

Acceptable Use Policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Give an example of a physical control type ?

A

Crash Barrier

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Give an example of a technical control type ?

A

IPS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

What are the Geographic consideration for disaster recovery and planning

A

Locations Selection
Legal Considerations
Off Site storage
Distance
Data Sovereignty

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

What are the three categories for recovery sites ?

A

Hot - Like for like replacement always on including software and data
Warm - Infrastructure in place but software and backups may need to be restored
Cold - Site is available but infrastructure and everything else needs to be put in place

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

What is incident response ?

A

This is how we recover minimising downtime and reducing damage when an incident occurs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

What are the six stages of incident response ?

A

Preparation
Identification
Containment
Eradication
Recovery
Lessons Learned

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

What are the main categories of incident response ?

A

External/Removable Media
Attrition
Web
Email
Improper Usage
Loss or Theft of Equipment
Other

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

What is the role of security management in incident response ?

A

Responsible for leading the response team during planning and carrying out IR procedures. They also offer corporate support for the IR team.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

What is the role of the compliance officer in incident response ?

A

They help to advise what steps need to be taken to maintain compliance with various rules and procedures.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

What is the role of the incident response team ?

A

This team is a specialised group, they train and are tested for incident response. These individuals walk through exercises to determine when, why and who to engage during particular incidents.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

What is the role of supplementary technical staff in incident response ?

A

Used to provide technical help over and above that in the IR team.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

What is the role of the Cyber Incident Response team ?

A

Responsible for providing detailed Cybersecurity knowledge.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

What are the personnel functions in Organisational Security?

A

Policies, Background checks,and JMl

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

What is the purpose of the exit interview ?

A

Determines the morale and culture of the team as well as a chance to gain an understanding of where things have gone wrong and can be improved.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

What is a acceptable use policy ?

A

Also known as Rules of Behaviour - May include security policies such as the restriction of social media or personal email.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

What are adverse actions ?

A

Describes the steps taken when abuse has taken place

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

Name the six agreement types ?

A

SLA, Memorandum of Understanding, Standard Operating Procedures, Business Partner Agreement, Interconnection security agreement, Memorandum of agreement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

What is a clean desk policy

A

Removal each day of documents and printouts that could compromise security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

How often do we embark on a continuous education program ?

A

Annually

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

Why should we have mandatory job holidays and rotation ?

A

Besides cross training and other issues it also helps prevent users being involved in malicious actions as well as highlighting improvements required in processes and job functions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

What is the thinking behind separation of duties ?

A

Also for security purposes as it avoids a single person being compromised due to have complete access and knowledge of a system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

What is single loss expectance (SLE) ?

A

This is the monetary cost of an event to an organisation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

What is the annual rate of occurrence (ARO) ?

A

This is the number of times a year an event occurs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

What is annual loss expectancy (ALE) ?

A

SLE * ARO

This represents the actual cost to the company and can be used to determine if a compensating control is worth it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

What are the four main risk response techniques ?

A

Risk Acceptance, Risk Avoidance, Risk Transferrance, Risk Mitigation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

What are the two main sources of threats ?

A

Environmental and Man Made

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

Describe the relationships betwee control categories and types

A

Categories contain types.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

Describe the detective control category ?

A

Controls that detect activity after the event has taken place

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

What type of control is a threat assessment ?

A

Managerial

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

What type of control is a sign warning you of a guard dog ?

A

Deterrent - Its tempting to say physical but the sign does not physically prevent someone from doing something.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q

What is the most common way to ensure that companies destroy data ?

A

Signing of a contract that mandates this and that the third party has certification standards around this area.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
58
Q

Describe the role of the CEO in an organisation ?

A

The chief executive officer manages the companies operations. The CEO is hired by the board and is dismissed by the board and has their performance reviews and compensations determined by the board.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
59
Q

What are the three areas covered by a GRC program ?

A

Governance, Risk and Compliance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
60
Q

What are the two types of governance models ?

A

Centralised and Decentralised

61
Q

What is a centralised governance model ?

A

Top Down - Central Authority creates policies and standards

62
Q

What is a decentralised governance model ?

A

Bottom Up - Individual teams responsible for governance

63
Q

What is a definition of a policy ?

A

High level statement of management intent.

64
Q

What are some typical points covered in a policy ?

A

A statement of the importance of cybersecurity to the organisation
A requirement that staff and contractors maintain CIA principles and guidelines
A statement on the ownership and creation of information created or processed by the organisation
Designation of the CISO or other individual as the executive responsible for Cybersecurity issues
Delegation of authority to CISO the ability to create standards, procedures and guidelines and to implement them

65
Q

What is a business continuity policy document ?

A

Describes steps to protect and recover critical business systems in response to unforseen outage and that the data assets are recovered and protected.

66
Q

What is a change management policy ?

A

Describe how the organisation will review, approve and implement proposed changes to information systems

67
Q

What is an incident response policy ?

A

Describes how an organisation will respond to security incidents

68
Q

Describe an acceptable use policy ?

A

Also known as Rules of Behaviour - May include security policies such as the restriction of social media or personal email.

69
Q

Describe and information security policy ?

A

Provides high level authority and guidance for security program

70
Q

What is a standard ?

A

Provide mandatory requirements describing how an organisation will carry out its information security policies. These may include specific configuration settings used for common operating systems, the controls that have to be in place for sensitive information. Standards are approved at a lower level than policies and therefore can change more frequently.

71
Q

What is a guideline ?

A

Guidelines provide best practices and recommendations. Compliance is not mandatory and guidelines are offered in the spirit or providing helpful advice.

72
Q

What two ways can policy effectiveness be measured ?

A

This can be a combination of tool based (SIEM) and human based (Feedback, Exit Interviews)

73
Q

What is the primary goal of change management ?

A

The primary goal of change management is to ensure that changes do not cause outages. Change management processes ensure that appropriate personnel review and approval of changes takes place before implementation and also ensure testing and documentation have taken place.

74
Q

What are the six steps in a typical change request proces ?

A

Request, Review, Accept or Request, Test, Schedule, Document

75
Q

What is a NDA ?

A

Non Disclosure Agreements often require that employees protect any confidential information that they gain access to in the course of their employment. Usually signed on hire and reminded about on exit.

76
Q

What are the two main consideration during the vendor selection process ?

A

There are two aspects of vendor selection that should be considered

Due Diligence and Conflict of Interests

77
Q

What three ways can we use to assess a vendor ?

A

Penetration Testing
Questionnaire
Supply Chain Analysis

78
Q

What is a master service agreement ?

A

Provide an umbrella contract for the work that a vendor does with an organisation over an extended period of time. Typically cover privacy and security agreements and then can be referenced in statement of work and work orders.

79
Q

What are the three consideration around vendor monitoring ?

A

The rules of engagement agreement should specify monitoring requirements.
KPI metrics should also be established
Compliance Monitoring is also fundamental

80
Q

What is HIPPA ?

A

Includes security and privacy rules that affect health care providers, health insurers, and health information clearing houses in the United States.

81
Q

What is PCIDSS ?

A

Provides detailed rules about the storage, processing, and transmission of credit card and debit card information. PCIDSS is not law but rather a contractual obligation that applies to credit card merchants and service providers worldwide.

82
Q

What is the Gramm Leach Bliley act ?

A

Covers US Financial services. Requires that there is a distinct security program with an individual responsible for it.

83
Q

What is the Sarbanes Oxley Act ?

A

Act applies to the financial records of US publicly traded companies and requires that those companies have a strong degree of assurance for the IT systems that store and process those records.

84
Q

What is the Family and Educational Rights Privacy Act (FERPA)

A

Covers student records and requires US educational institutions implement security and privacy controls for student educational records.

85
Q

Whats involved with internal compliance reporting ?

A

Internal Reporting typically involves regular reports to management or the board highlighting the state of compliance, identifying the gaps and what is required to improve.

86
Q

What is external compliance reporting ?

A

This is mandated by external regulatory bodies or as part of contractual obligations. It involves providing the necessary documentation and evidence to external entities to demonstrate that the organisation is in compliance with the relevant laws and regulations.

87
Q

What does the term due care mean in compliance monitoring ?

A

Refers to the ongoing efforts to ensure that the implemented policies and controls are effectively and continuously maintained throw a process of regular review, updates to policies and proactive steps.

88
Q

What is meant by acknowledgement in the due care process of compliance monitoring ?

A

Part of the due care process it means ensuring that employees and business partners state that they are aware of the compliance requirements.

89
Q

What does attestation mean in the compliance monitoring process ?

A

Is the step where employees and business partners state they are aware of these compliance requirements and have also confirmed that they have adhered to these standards.

90
Q

Whats the difference between an incremental and a differential backup ?

A

An incremental back up just backsup changes since the last backup. Differential backsup all the changes since last fullbackup so it gets progressively large until reset at next full backup.

91
Q

What is the NIST Core detailing ?

A

Covers the five functions of

Identify
Protect
Detect
Recover
Respond

Which is then further subdivided into further sub categories

92
Q

What is a framework tier in NIST CF ?

A

Assessment of ready your organisation is to implement cybersecurity objectives. It is an example of a maturity model.

93
Q

What is a profile in NIST CF ?

A

Describes how an organisation might use the framework to describe its current state and then a separate profile to describe its future state.

94
Q

Is Risk Acceptance the same as doing nothing ?

A

This occurs when it is not financially viable to tackle the risk - This is usually when the control is more expensive than the actual risk. It is not to be viewed as deliberately not taking action.

Often their are exceptions where the risk is acknowledged and is accepted as an exception. An exemption is like an exception but will need a more formal sign off.

95
Q

What is inherent risk ?

A

The inherent risk facing an organisation is the original level of risk that exists before implementing any controls.

96
Q

What is residual risk ?

A

Is the risk left after controls have been implemented

97
Q

What is risk appetite ?

A

Is the level of risk that is willing to be accepted as the cost of doing business

98
Q

What is risk threshold ?

A

It is the level at which a risk becomes unacceptable

99
Q

What is risk tolerance ?

A

The ability to withstand risk and maintain operations.

100
Q

What are key risk indicators ?

A

Metrics to measure and provide early warning for increasing levels of risk.

101
Q

What three stances come under risk appetite ?

A

Expansionary, Conservative, Neutral

102
Q

Name three common items on a risk register ?

A

Risk Owner
Risk Threshold Information
Key Risk Indicators

103
Q

What are the four ways of risk reporting ?

A

Adhoc reports, Regular Updates, Dashboard, Risk Trend Analysis

104
Q

What is the Mean Time Between Failure (MTBF) ?

A

BIA metric about the reliability of a system. It is the expected amount of time between failures.

105
Q

What is the Mean Time To Repair (MTTR) ?

A

BIA metric is the average amount of time to restore the system to its normal operating state after failure

106
Q

In a data inventory should only human readable files be included ?

A

No - It is important that the data inventory should contain all types of information that may contain sensitive information even non human readable binary files should be included if they contain sensitive information.

107
Q

What items are typically part of a data inventory ?

A

PII, Legal, Financial, Regulatory, Intellectual Property, PHI

108
Q

What is a data subject ?

A

Individuals whose data is being processed

109
Q

What should be the response when a data breach occurs ?

A

Implement Response plan. Some regulations such as GDPR mandate that the breech is publically notified.

110
Q

I want to encrypt data at rest on my disk what options do I have ?

A

FDE, File, Volume, Partition

111
Q

I want to encrypt a large amount of data on disk but I dont want to encrypt the whole drive what is my next best option ?

A

Volume

112
Q

What three options do I have to encrypt data at rest in a database ?

A

Transparent Level Encryption (Whole database), Record, Column

113
Q

What is certificate verification ?

A

When you receive the certificate you should verify it by

Checking it is not on the Certificate Revocation List (CRL) or Online Certificate Status Protocol (OCSP)
Digital Signature is Authentic
Certificate contains data you are trusting

114
Q

What is certificate pinning ?

A

Certificate pinning is where we specify the exact certificate we trust so for example only accept the certificates from one particular CA.

115
Q

What is OCSP ?

A

This eliminates the latency of CRL it is a process where the browser in real time can determine the status of a certificate by issuing a OCSP request to CA OCSP server and it will receive a status of Good, Revoked or Unknown

116
Q

What are CRL and the issues with them ?

A

A list of revoked certificates and when they are revoked. They are maintained by multiple CAs.
The main issue is that the list has to be downloaded to be used by browser so there can be a lag from when the certifcate was revoked and when the browser notices.

117
Q

What is certificate stapling ?

A

It is costly having the browser send OCSP request every time on the CAs servers so instead of having individual clients contact the OCSP server it is usual for the web server to do this every twenty four hours and staple the response to the certificate. The browser then verifies both the certificate and the OCSP response.

118
Q

When is a certificate revoked ?

A

Certificate has been compromised
Certificate has been erroneously issued
Details have changed
Security Association has changed

119
Q

What are the binary formats for certificates ?

A

PFX and DER

120
Q

What formats are PEM and PB7

A

Text

121
Q

The .crt extension covers which formats ?

A

PEM and DER

122
Q

What typically takes place in the preparation phase in the incident response process ?

A

Defining roles and responsibilities and conducting regular training drills

123
Q

Whats the difference between TCO and ROI ?

A

TCO covers the whole lifetime of the asset whereas ROI doesnt.

124
Q

Who determines the means of processing data, the Data Owner or the Data Controller ?

A

Data Controller

125
Q

What is more secure cellular, wifi or bluetooth ?

A

Cellular

126
Q

What is a horizontal password attack ?

A

Using the same user password combo to attack multiple accounts

127
Q

Does a shadow IT actor have malicious intent ?

A

No

128
Q

What is a feature of SCAP ?

A

All data is encrypted before it is stored

129
Q

Why is deguassing not as effective as pulverising ?

A

Doesnt work on all types of disks

130
Q

What is a conservative approach to risk ?

A

Avoiding risk as much as possible

131
Q

What is a exapansionary approach to risk ?

A

Willing to take on higher levels of risk for greater rewards

132
Q

What is a neutral approach to risk ?

A

Balanced approach

133
Q

What is a tabletop exercise ?

A

Used to talk through processes. Team members are given scenarios and are asked questions on how they would respond, what issues may arise and what they would need to do to accomplish tasks and then document improvements to IR plane. Can resemble a brainstorming session.

134
Q

What is a simulation ?

A

Can be a wide variety of events and simulate individual functions or elements of a plan. They can also be done at full scale or organisation wide.

135
Q

What is the major differences between DKIM, SPA and DMARC ?

A

DKIM - Tags in DKIM Signature Header SPA - List of authentic Email servers as DNS Recors and DMARC uses both to determine whether you should accept a email as being from sender by rejecting or quarantining

136
Q

What is the CVSS category 0

A

None

137
Q

What is the CVSS category 0.1 - 3.9

A

Low

138
Q

What is the CVSS category 4.0 - 6.9

A

Medium

139
Q

What is the CVSS category 7.0 - 8.9

A

Hiigh

140
Q

What is the CVSS category 9.0 - 10.00

A

Critical

141
Q

What other data sources should be taken into account alongside CVE scores ?

A

Log Reviews
SIEM
Configuration Management System

142
Q

What are the four categories of pen test

A

Physical, Offensive, Defensive and Integrated

143
Q

What should a behaviours section in a pentest rules of engagement cover ?

A

Determines which behaviours are in scope. Common behaviours are shunning, deny listing or other active testing which may be usefull if a full simulation but need to be removed if we are looking at for examples a response to a breach.

144
Q

Which legislation mandates the implementation of risk assessments, internal controls, and audit procedures for ensuring transparency and accountability in financial reporting in the US?

A

SOX

145
Q

What is FISMA ?

A

FISMA (Federal Information Security Management Act) aims to govern the security of data processed by federal government agencies, but it doesn’t specifically focus on financial transparency and accountability.

146
Q

What is operational security ?

A

Operational security is a risk management process that encourages managers to view information protection from an adversary’s perspective. Data loss prevention is a set of tools and processes designed to detect a potential data breach and prevent them by monitoring and controlling data transfers.

147
Q

What is a strong indicator of compromise pertaining to logs ?

A

A missing log is a strong sign of an attacker’s presence since they often remove or alter logs to hide their actions.

148
Q
A
149
Q

What is the process of tracking user activity for cost, billing and audit purposes ?

A

Accounting