IS 414 CH. 8

Question 1

Trust Services Framework organizes IT-related controls into five principles

Answer 1

1. Security
2. confidentiality
3. privacy
4. processing integrity
5. availability

Question 2

1. Security

Answer 2

access (both physical and logical) to the system and its data is controlled and restricted to legitimate users

Question 3

2. confidentiality

Answer 3

sensitive organizational information (marketing plans, trade secrets) is protected from unauthorized disclosure

Question 4

3. privacy

Answer 4

personal info about customers, employees, suppliers, or business partners is collected, used, disclosed, and maintained only in compliance with internal policies and external regulatory requirements and is protected from unauthorized disclosure

Question 5

4. processing integrity

Answer 5

data are processed accurately, completely, in a timely matter, and only with proper authorization

Question 6

5. availability

Answer 6

the system and its information are available to meet operational and contractual obligations

Question 7

info security

Answer 7

foundation of systems reliability

Question 8

Security management issue too, not only technology

Answer 8

step 1. assess the information security-related threats that the organization faces and select an appropriate response
step 2. developing info security policies and communicating them to all employees
step 3. acquisition or building of specific technology tools

Question 9

defense-in-depth

Answer 9

employing multiple layers of controls to avoid a single point-of-failure
involves the use of a combination of preventive, detective, and corrective controls

P = time it takes attacker to break throught
D = time it takes to detect
C = time it takes to respond
if P > D + C = effective

Question 10

time based model of security

Answer 10

implementing a combo of preventive, detective, and corrective controls that protect info assets long enough to enable an organization to recognize the attack is occurring and take steps to thwart it before any information is lost or compromised

Question 11

Understanding targeted attacks

Answer 11

1. conduct reconnaissance (research) - learn as much as possible about the target to identify vulnerabilities
2. Attempt social engineering
3. Scan and map target - if the attacker cannot successfully via social engineering, will identify points of remote entry
4. Research - find version of software, research vulnerabilities for those programs
5. execute the attack
6. cover tracks

Question 12

Preventive control

Answer 12

people - creation of a “security aware” culture, training
processes - under access controls (authentication and authorization)
IT solutions - antimalware, network access controls (Firewalls, intrusion prevention systems, etc), device and software hardening (config. controls), encryption
physical security - access controls (locks, guards)
change controls and change management

Question 13

Detective

Answer 13

log analysis
intrusion detection systems
penetration testing
continuous monitoring

Question 14

corrective

Answer 14

computer incident response teams
chief info security officer
patch management

Question 15

authentication

Answer 15

verifying the identity of the person or device attempting to access the system

1. something they know (password, pin)
2. something they have (smart cards, ID badges)
3. something physical or behavioral characteristic aka biometric identifier (fingerprints, typing patterns)

Question 16

biometric identifier

Answer 16

physical or behavioral characteristic that is used as an authentication credential

Question 17

multifactor authentication

Answer 17

2+ types of authentication

Question 18

multimodal authentication

Answer 18

use of multiple authenticaiton creds of the SAME type

Question 19

authorization

Answer 19

process of restricting access of authenticated users to specific portions of the system and limiting what actions they are permitted to perform

Question 20

access control matrixx

Answer 20

table used to implement authorization

Question 21

compatibility test

Answer 21

matching the user’s authentication creds against the access control matrix to determine whether that employee should be allowed to access that resource and perform the requested action

Question 22

IT solutions: Anti-malware controls

Answer 22

1. Malicious software awareness education
2. Installation of anti-malware protection tools on all devices
3. Centralized management of patches and updates to anti-malware software
4. Regular review of new malware threats
5. filtering of incoming traffic to block potential sources of malware
6. training employees not to install shared or unapproved software

Question 23

border router

Answer 23

device that connects an organizations information system to the internet

Question 24

firewall

Answer 24

special-purpose hardware device or software running a general-purpose computer that controls both inbound and outbound communication between the system and behind the firewall and other networks

Question 25

demilitarized zone

Answer 25

separate network located outside the organizations internal info systems that permits controlled access from the internet

Question 26

router

Answer 26

special purpose devices that are designed to read the source and destination address fields in IP packet headers to decide where to send (route) the packet next

Question 27

how info flows on networks

Answer 27

Transmission protocol TCP header: contains fields that specify the sequential position of that packet in relation to the entire file and the port numbers (addresses) on the sending and receiving devices from which the file originates and where it is to be reassembled

Internet protocol (IP) header - specify the network address (IP address) of the sending and receiving devices

Ethernet header - contains the MAC addresses of the sending and receiving device, which is used to control the flow of traffic on the local area network (LAN)

Question 28

access control list (ACL)

Answer 28

a set of IF THEn rules used to detemine what to do with arriving packets

Question 29

packet filtering

Answer 29

a process that uses various fields in a packet’s IP and TCP headers to decide what to do with the packet

Question 30

deep packet inspection

Answer 30

a process that examines the data in the body of a TCP pack to control traffic, rather than looking only at the information in the IP and TCP headers

Question 31

intrusion prevention system

Answer 31

software or hardware that monitors patterns in the traffic flow to identify and automatically block attacks

Question 32

endpoints

Answer 32

collective term for the workstations, servers, printers, and other devices that comprise an organization’s network

endpoint configuration, user account management, software design

Question 33

vulnerability scanners

Answer 33

tools designed to identify whether a given system possesses any unused and unnecessary programs that represent potential treats

Question 34

change controls and change management

Answer 34

formal process used to ensure that modifications to hardware, software, or processes do not reduce systems reliability

Question 35

log anaylsis

Answer 35

process of examining logs to identify evidence of possible attacks

Question 36

intrusion detection system

Answer 36

system that creates logs of all network traffic that was permitted to pass the firewall and then analyzes those logs for signs of attempted or successful intrusions

Question 37

Comp incident response team (CIRT)

Answer 37

team that is responsible for dealing with major security threats

1. Recognition that a problem exists
2. Cotainment of the prob
3. Recovry
4. Follow up

Question 38

exploit

Answer 38

program take advantage of a known vulnerability