Fundamentals Of Security

Question 1

Information Security

Answer 1

Protecting data and information from unauthorized access, modification, disruption, disclosure, and destruction

Question 2

Information Systems Security

Answer 2

Protecting the systems (e.g., computers, servers, network devices) that hold and
process critical data

Question 3

CIA Triad

Answer 3

• Confidentiality (authorized personnel only)
• Integrity - accurate and unaltered
• Availability - info and resources available as needed

Question 4

CIANA Pentagon

Answer 4

Extension of CIA triad with addition of non-repudiation and authentication

Question 5

Triple A’s of Security

Answer 5

1. Authentication - verifying ID of a user or system
2. Authorization- determine actions/ resources a user has access to
3. Accounting - track user activities and resource usage for audit/billing

Question 6

6 Security Control Types

Answer 6

• preventative - proactive measures
• deterrent - discourage attackers by making effort seem less appealing/more challenging
• detective - monitor and alert organizations to malicious activity as they occur or shortly after
• corrective - mitigate any potential damage and restore systems to their normal state
• compensating - alternative measures that are implemented when primary security controls, not feasible or effective
• directive - guide, inform, or mandate actions; often routed in policy or documentation; set the standards for behavior within an organization

Question 7

Zero Trust Model

Answer 7

Principle that no one should be trusted by default; to achieve we use the control plane and the data plane

Question 8

Control plane

Answer 8

The overarching framework and set of components, responsible for defining, managing and reinforcing the policies related to user and system access within an organization

Adaptive identity - relies on real time validation that takes into account the user behavior, device location and more

Threat scope reduction - limits the users access to only what they need for their work task, because this reduces network potential attack surface
- focused on minimizing the “blast radius” that could occur in the event of a breach

Policy-driven access control - developing managing and enforcing user access policies based on their roles and responsibilities

Secured zones - isolated environments within a network that are designed to house sensitive data

Question 9

Data plane

Answer 9

Ensures the policies are properly executed

Subject/system - the individual entity attempting to gain access
Policy engine - cross references the access request with its predefined policies
Policy administrator - used to establish and manage the access policies
Policy enforcement points - where the decision to grant or deny access is actually executed

Question 10

Threat

Answer 10

Anything that could cause harm, loss, damage, or compromise to our information technology systems
Examples:
- Natural disasters
-Cyber attacks
- Data integrity breaches
- Disclosure of confidential information

Question 11

Vulnerability

Answer 11

Any weakness in the system design or implementation
Examples:
- software bugs
- misconfigured software
- improperly protected network devices
- missing security patches
-lack of physical security

Question 12

Risk management

Answer 12

Finding different ways to minimize the likelihood of an outcome and achieve the desireed outcome

Question 13

Confidentiality - Encryption

Answer 13

Refers to the protection of information from unauthorized access and disclosure

Important for three reasons:
1. Protect personal privacy
2. Maintain a business advantage
3. Achieve regulatory compliance

Question 14

Five methods to ensure confidentiality

Answer 14

1. Encryption - convert data to code
2. Access controls - strong user permissions
3. Data masking - obscuring data within a database
4. Physical security
5. Training and awareness - conduct training on security awareness/best practices to protect an organization’s sensitive data

Question 15

Integrity - hashing

Answer 15

Helps ensure that information and data remain accurate and unchanged from its original state unless intentionally modified by an authorized individual

Important for 3 reasons:
1. Ensure data accuracy
2. Maintain trust
3. Ensure system operability

Question 16

Five methods to maintain integrity

Answer 16

1. Hashing - converting data into a fixed-size value
2. Digital signatures - ensure both integrity and authenticity
3. Checksums - Method to verify the integrity of data during transmission
4. Access codes - ensure only authorized individuals can modify data, reduces risk of unintended or malicious alterations
5. Regular audits - systematically review logs and operations to ensure that only authorized changes have been made/ discrepancies addressed

Question 17

Availability - redundancy

Answer 17

Ensure that information, systems, and resources are accessible and operational when needed by authorized users

Importance:
1. Ensuring business continuity
2. Maintaining customer trust
3. Upholding an organization’s reputation

Question 18

Redundancy (spare tire)

Answer 18

Duplication of critical components or functions of a system with the intention of enhancing its reliability

Question 19

Types of redundancy

Answer 19

1. Sever - involves using multiple servers in a load balanced or fall-over configuration so that if one is overloaded or fails, the others will take over
2. Data - store data in multiple places (RAIDs or cloud storage)
3. Network - ensures that if one network path fails, the data can travel through another route (cable, network, cellular)
4. Power - involves using backup power sources like generators and UPS systems

Question 20

Non-repudiation - Digital signatures

Answer 20

• Focused on providing undeniable proof in the world of digital transactions
• security measure that ensures individuals or entities involved in a communication or transaction cannot deny their participation or the authenticity

Importance:
1. To confirm the authenticity of digital transactions
2. To ensure the integrity of critical communications
3. To provide accountability in digital processes

Question 21

Digital signatures

Answer 21

• unique to each user who is operating within the digital domain
• created by first hashing a particular message or communication that you want to digitally sign , then encrypts that hash digest with the users private key using asymmetric encryption

Question 22

Authentication

Answer 22

Security measure that ensures individuals or entities are who they claim to be during a communication or transaction

Importance:
- to prevent unauthorized access
- to protect user data and privacy
- to ensure that resources are accessed by valid users only

Question 23

5 common authentication methods

Answer 23

1. Knowledge factor - info a user can recall
2. Possession factor - user presents a physical item
3. Inheritance factor - user provides a unique physical or behavioral characteristic of the person to validate that they are who they claim to be
4. Action factor - Relies on the user conducting a unique action to prove who they are
5. Location factor - relies on the user being in a certain geographic location before access is granted

Question 24

Authorization

Answer 24

The permissions and privileges granted to users or entities after they have been authenticated

Importance:
- to protect sensitive data
- to maintain the system integrity in our organization
- to create a more streamlined user experience

Question 25

Accounting

Answer 25

Security measure that ensures all user activities during a communication or transaction are properly tracked and recorded

Question 26

Purpose of a robust accounting system

Answer 26

1.Create an audit trail - provides a chronological record of all user activity, trace changes, unauthorized changes, and anomalies to a source or point in time
2. Maintain regulatory compliance
3. Conduct forensic analysis - use detailed accounting and event logs to understand what happened, how, and how to prevent similar incidents
4. Perform resources optimization - optimize system performance and minimize costs by tracking resource utilization and allocation decisions
5. Achieve user accountability - ensures users’ actions are monitored and logged, deterring misuse, promotes adherence to

Question 27

Technologies used for accounting

Answer 27

Syslog servers - used to aggregate logs from various network devices and systems so the system administrators can analyze them to detect patterns or anomalies in the orgs system

Network analysis tool - used to capture and analyze network traffic so that network admin can gain detailed insight into the data moving within a network

System Information and Event Management (SIEMS) Systems - provides real time analysis of security alerts generated by various hardware and software infrastructure in an organization

Question 28

Security Control Categories

Answer 28

• Technical = technologies, hardware, and software mechanisms that are implemented to manage and reduce risk
• Managerial controls (administrative controls) -
• Operational controls = procedures, and measures that are designed to protect data on a day-to-day basis; mainly governed by internal processes in human actions
• physical controls = tangible real world measures taken to protect the assets

Question 29

Gap Analysis

Answer 29

Process of evaluating the differences between an organizations, current performance, and its desired performance

• valuable tool for organizations looking to improve their operations, processes, performance, or overall security posture

Question 30

Steps of Gap Analysis

Answer 30

1. Define the scope of the analysis.
2. Gather the data on the current state of the organization.
3. Analyze the data to identify any areas where the current performance fall short of the desired performance.
4. Develop a plan to bridge the gap.

Question 31

Technical Gap Analysis

Answer 31

Involves evaluating an organizations current technical infrastructure

• Identifying any areas where it falls short of the technical capabilities required to fully utilize their securities solutions

Question 32

Business Gap Analysis

Answer 32

Involves evaluating an organizations current business processes

• Identifying any areas where they fall through the cavities required to fully utilize cloud base solutions

Question 33

Plan of Action and Milestones (PO&M)

Answer 33

• outlines the specific measures to address each vulnerability
• Allocate resources
• Set up timelines for each remediation task that is needed