GCGA Ch. 9 Implementing Controls to Protect Assets Flashcards
Physical security controls
controls you can physically touch. They often control entry and exit points and include various types of locks. Controlled areas such as data centers and server rooms should only have a single entrance and exit point.
Cable locks
secure mobile computers such as laptop computers in a training lab. Small devices can be stored in safes or locking office cabinets to prevent the theft of unused resources.
Access badges
can electronically unlock a door and help prevent unauthorized personnel from entering a secure area. By themselves, proximity cards do not identify and authenticate users. Some systems combine proximity cards with PINs for identification and authentication.
Security guards
a preventive physical security control, and they can prevent unauthorized personnel from entering a secure area. A benefit of guards is that they can recognize people and compare an individual’s picture ID for people they don’t recognize.
Cameras and closed-circuit television (CCTV) systems
provide video surveillance and can give reliable proof of a person’s identity and activity. Many cameras include motion detection and object detection capabilities. It’s also possible to use CCTV systems as a compensating control.
Sensors
can detect changes in the environment, such as motion, noise, and temperature changes. Sensors can also be used to detect changes in pressure, such as when someone is walking on a floor. Motion detection may be accomplished using microwave technology or ultrasonic waves.
Fencing, lighting, and alarms, motion detection systems
commonly implemented for physical security. Infrared motion detection systems detect human activity based on temperatures.
Barricades
provide stronger physical security than fences and attempt to deter attackers. Bollards are effective barricades that allow people through but block vehicles. Access control vestibules consist of two sets of interlocking doors, designed to create a secure compartment that allows only one person to enter at a time.
Asset management processes
track an organization’s hardware, software, and data assets. They should include acquisition/procurement processes, assignment/accounting processes, and monitoring/asset tracking processes.
Layered security
Organizations use a diversity of methods to provide layered security. Vendor diversity is the practice of implementing security controls from different vendors to increase security. Technology diversity uses different technologies to protect an environment, and control diversity uses different security control types, such as technical controls, managerial controls, operational controls, and physical controls. Physical security controls may be subjected to brute force attacks where someone simply crashes through the control. Facilities may also be subject to environmental attacks where the attacker alters the temperature, humidity, or other conditions to disable equipment.
Single point of failure
any component that can cause the entire system to fail if it fails. It normally refers to hardware but can be a person. If one person is the only person who can perform a task, that person can be a single point of failure.
RAID disk subsystems
provide fault tolerance and increase availability. RAID-1 (mirroring) uses two disks. RAID-5 uses three or more disks and can survive the failure of one disk. RAID-6 and RAID-10 use four or more disks and can survive the failure of two disks.
Load balancers
spread the processing load over multiple servers. In an active/active configuration, all servers are actively processing requests. In an active/passive configuration, at least one server is not active but is instead monitoring activity ready to take over for a failed server. Software-based load balancers use a virtual IP.
Affinity scheduling
sends client requests to the same server based on the client’s IP address. This is useful when clients need to access the same server for an entire online session. Round-robin scheduling sends requests to servers using a predefined order.
NIC teaming
groups two or more physical network adapters into a single software-based network adapter. It provides load balancing for outgoing traffic and fault tolerance if one of the NICs fails.
Power redundancies
include a UPS, a dual power supply, and generators. Managed PDUs monitor the quality of power delivered to devices within a server rack.
Offline backups
use traditional backup media such as tapes, local disks, drives in a NAS, and even backup targets within a SAN. Online backups are stored in the cloud.
Traditional backup methods
include full, full/differential, full/incremental, snapshot, and image strategies. A full backup strategy alone allows the quickest recovery time. Full/incremental backup strategies minimize the amount of time needed to perform daily backups. Full/ differential backup strategies minimize the amount of time required to restore backups.
Backup best practices
A copy of backups should be kept off-site and should be kept far enough away so that a disaster impacting the primary site doesn’t impact the backups. It’s important to consider the distance between the main site and the off-site location.
Backup location
The location of the data backups affects data sovereignty. If backups are stored in a different country, the backups’ data is now subject to the laws and regulations of that country. Backups should be encrypted to protect the sensitive data they contain from compromise should the backup media be lost or stolen.
BIA
A business impact analysis (BIA) is part of a business continuity plan (BCP), and it identifies mission- essential functions, critical systems, and vulnerable business processes that are essential to the organization’s success. The BIA identifies maximum downtimes for these systems and components. It considers various scenarios that can affect these systems and components, and the impact to life, property, safety, finance, and reputation from an incident.
RTO
A recovery time objective (RTO) identifies the maximum amount of time it should take to restore a system after an outage.
RPO
The recovery point objective (RPO) refers to the amount of data you can afford to lose.
MTBF
The mean time between failures (MTBF) identifies the average (the arithmetic mean) time between failures.
