General Security Concepts 1.1 Flashcards
A statement of desired results or purpose to be achieved by implementing a control or set of controls
Control Objective
The design and implementation of multiple overlapping layers of diverse controls
Defense-in-depth (layered security)
Eliminating unnecessary baseline recommendations that are not applicable
Scoping
Customizing baseline recommendation to align with organizational requirements
Tailoring
Substituting a recommended baseline control with a similar control
Compensating
Augmenting(adding to) the baseline recommendation
Supplementing
Control baseline should be proportionate to the criticality and sensitivity classifications of the asset being protected
Principle of Proportionality
Process of comparing the estimated cost and benefits to determine whether it makes sense to proceed from a business perspective
Cost-Benefit
When the cost and benefit are about the same, a return on investment(ROI) analysis is needed to determine whether the cost is justified
Analysis
Tactics,mechanisms, or strategies that proactively minimize risk in one or more of the following ways.
-reduces or eliminates a vulnerability
-reduces or eliminates the likelihood that a threat actor will be able to exploit a vulnerability.
reduces or eliminates the impact of an exploit.
Controls
A measure of confidence that intended security controls are effective in their application
Assurance
How well a control works.
Reflects the controls consistent, complete, reliable, and timely operation.
Effectiveness
What a control does
Functionality
Controls implemented to address a specific threat
Countermeasure
Serves as a starting point and should be strategically aligned with the needs of the organization
Control Baseline