Foundations of cybersecurity_C1 Flashcards
What are the benefits of organisational security teams?
- Threat protection- Protects against external and internal threats.
- Compliance Regulation- org meets security standards required by laws and guidelines.
- Productivity- Maintain and improve business productivity.
- Expense Reduction- during data loss recovery, operation downtime and prevent fines.
- Brand Trust- data compromises lower trust and impact business.
What does CISSP stand for?
Certified Information Systems Security Professional
What are the 8 Eight CISSP Security Domains?
- Security and Risk Management
- Asset Security
- Security Architecture and Engineering
- Communications and Network Security
- Identity and Access Management (IAM)
- Security Assessment and Testing
- Security Operations
- Software Development Security
Which of the following is NOT a security domain covered in the CISSP?
a) Security and risk management
b) Asset security
c) Software development security
d) Cloud security
d) Cloud security
What is the principle of least privilege?
a) Granting users the highest level of access possible
b) Granting users only the minimum level of access necessary to perform their tasks
c) Allowing users to access any data they want d) Restricting users from accessing any data
b) Granting users only the minimum level of access necessary to perform their tasks
What is ‘Security Posture’?
An organisation’s ability to manage it’s defence of critical assets and data, and react to change
What is Risk Mitigation?
The process of having the right procedures and rules in place to quickly reduce the impact of a risk like breach
Business Continuity
An organisation’s ability to maintain their everyday productivity by establishing risk disaster recovery plans
CISSP Domain 1
Security and Risk Management involves:
-Defines security goals and objectives: reduce risks to critical assets and data like PII
-Mitigates risks processes: right procedures/rules in place to quickly reduce the impact of a risk. i.e. a breach
-Ensures compliance: used to develop an organization’s internal security policies, regulatory requirements, and independent standards.
-Establishes business continuity:
organization’s ability to maintain everyday productivity by establishing risk disaster recovery plans.
-Adheres to legal regulations: Different worldwide laws, but overall goals are similar (related to security and risk management).
-Professional and organisational ethics:
This means following rules and expectations for ethical behaviour to minimize negligence, abuse, or fraud.
Information security, or InfoSec
related CISSP domain 1 and refers to a set of processes established to secure information.
An organization may use playbooks and implement training as a part of their security and risk management program, based on their needs and perceived risk.
There are many InfoSec design processes, i.e:
Incident response
Vulnerability management
Application security
Cloud security
Infrastructure security
CISSP Domain 2:
Asset Security involves:
managing the cybersecurity processes of organizational assets
-Secures digital and physical assets:
-Stores, maintains, retains, and destroys physical and virtual data securely
-Protects PII and SPII
-Ensures data is securely handled and protected
CISSP Domain 3:
Security Architecture and Engineering involves:
managing date security-Security Architects and engineers create processes
Optimizes data security
Implements effective tools, systems, and processes
Promotes shared responsibility:
Encourages user involvement in security
What is meant by ‘Shared responsibility’ ?
all individuals within an organization take an active role in lowering risk and maintaining both physical and virtual security.
By having policies that encourage users to recognize and report security concerns, many issues can be handled quickly and effectively.
What are some of the Security Architecture and Engineering design principles:
Threat modeling
Least privilege
Defense in depth
Fail securely
Separation of duties
Keep it simple
Zero trust
Trust but verify
CISSP Domain 4
Communication and Network Security involves:
-Manages and secures physical networks and wireless communications.
-Protects data and communications on-site, in the cloud, and remotely
-Prevents vulnerabilities from insecure connections
-Discourages insecure behaviour that could be exploited by threat actors
CISSP Domain 5
Identity and Access Management (IAM) involves
Keeping data secure
by controlling access to physical and logical assets
Components of IAM:
* Identification
* Authentication
* Authorisation
* Accountability
What is meant by Identification in (IAM)?
user verifies who they are by providing a user name, an access card, or biometric data such as a fingerprint
What is meant by Authentication in (IAM)?
verification process to prove a person’s identity, such as entering a password or PIN.
What is meant by Authorisation in (IAM)?
Once user’s identity has been confirmed and relates to their level of access, which depends on the role in the organization
What is meant by Accountability in (IAM)?
monitoring and recording user actions, like login attempts, to prove systems and data are used properly.
CISSP Domain 6
Security Assessment and Testing involves
identifying and mitigating risks, threats, and vulnerabilities
* Conducting security control testing:
Assists an organization in identifying new and better ways to mitigate threats, risks, and vulnerabilities.
Involves examining organizational goals and objectives, and evaluating if the controls being used actually achieve those goals
*Data collection and analysis:
Conducted regularly also helps prevent threats and risks to the organization.
*Conducting audits to monitor for risks, threats, and vulnerabilities.
To reduce the probability of a data breach.
Security analysts may conduct regular audits of auditing user permissions to validate that users have the correct levels of access to internal systems.
CISSP Domain 7
Security Operations involves:
Conducting investigations
Implementing preventative measures
CISSP Domain 8
Software Development Security involves
Using secure coding practices and guidelines to create secure applications and services.
Software development lifecycle
Performing application security tests
What is a Software Development Lifecycle?
an efficient process used by teams to quickly build software products and features.
In this process, security is an additional step. By ensuring that each phase of the software development lifecycle undergoes security reviews, security can be fully integrated into the software product.
A security analyst may work with software development teams to ensure security practices are incorporated into the software development life-cycle.
performing a secure design review during the design phase
secure code reviews during the development and testing phases
penetration testing during the deployment and implementation phase
Which of the following is a tool used for monitoring security events?
a) SIEM
b) IDS-Intrusion detection system (IDS)
c) IPS - Intrusion Prevention system (IPS)
d) All of the above
d) All of the above
What is an IDS?
-Intrusion detection system (IDS)
An intrusion detection system or IDS is a monitoring device or software. It detects vulnerabilities, policy violations, and malicious activity in a system. An expanded IDS blocks threats in addition to identifying them.
What is an IPS?
- Intrusion Prevention system (IPS)
An application that monitors system activity for intrusive activity and takes action to stop the activity
Why do Security teams use CISSP Security Domains?
to organize daily tasks and identify gaps in security that could cause negative consequences for an organization, and to establish the organisation’s security posture.
