ISC Deck 2 - multi-unit Flashcards
What is the principle that a security architecture is designed so that each entity is granted the minimum system resources and authorizations that the entity requires to perform its function?
Least privilege
What is the principle that a user has a legitimate reason to access a resource or system?
Need to know
What is the principle that is designed to minimize uncertainty in enforcing access decisions in information systems and services?
Zero trust
Which mitigation concept approach uses several layers of defense to secure the IT environment?
Layered security
From the attacker’s perspective, what are the stages of a cyberattack?
- Reconnaissance
- Scanning
- Gaining access
- Escalation of privileges
- Maintaining access
- Network exploitation
- Covering tracks
What are not testing procedures consistent with an auditor’s assessment of IT security procedures?
1) Interviews with customers
2) Examining logs for evidence of mgmt analysis & review
What are some testing procedures consistent with an auditor’s assessment of IT security procedures? (HINT: Inquiry and observation)
1) Surveys & questionnnaires
2) Review incident reports
3) Interviews with mgmt & staff
What does identification and authentication include?
1) Identifying a user for an application
2) Proving a user’s identity
3) Proving an application’s identity
What are the 4 authorization models?
1) Mandatory access control (MAC) - used in high security environments with strigent access control requirements
2) Role-based access control (RBAC) - suited for larger organizations with clearly defines roles and permissions
3) Attribute-based access control (ABAC)- grants permissions based on attributes of user, resource, and environment. Suitable for complex environments
4) Discretionary access control (DAC) - suited for smaller or less security intensive environments.
What is a critical consideration independent of backup type when determining a backup strategy?
Data retention policies.
Which of COSO’s Internal control component best defines how it selects, develops, and performs evaluations to assess the design and operating effectiveness of internal controls that address cyber risk?
Monitoring activities
In database design, what is the primary purpose of normalization?
Avoiding data anomalies.
At what stage of a cyberattack is the perpetrator capable of preparing and delivering the attack?
Network exploitation.
Version 8 of the Center for Internet Security (CIS) Critical Security Controls (CIS Controls) is comprised of 18 individual controls. Which of the following is not included as one of these 18 controls?
Intruder defenses is NOT included.
NOTE: Data protection, malware defenses, and network monitoring and defense are all controls under the CIS Controls.
What is the main role of servers in an IT system?
Providing a service to other computers or programs called clients.
What is a characteristic of a data warehouse?
It supports a centralized data management system.
What is the purpose of the SQL command ORDER BY?
The command sorts the result set based on one or more columns. (ex. in ascending or descending order)
Under Review & Revision component of the COSO enterprise risk management framework applied to cloud computing governance, what description is associated with the key activity that includes evaluating cloud service providers (CSPs)?
Reviewing entity performance and considering risk.
What is the four phase process for incident response handling?
1) Preparation
2) Detection and analysis
3) Containment, eradication & recovery
4)Post incident activity
What are an auditor’s procedures for evaluating an organization’s response to incidents?
1) Review the incident response plan
2) Examine the incident documentation
3) Interview key personnel
4) Assess incident ID and reporting
5) Assess incident classification and prioritization
6) Evaluate response procedures
7) Evaluate communication
7) Assess post incident review
8) Review incident response testing procedures
Name a detective control which produces reports to a management station when detecting malicious network activities.
Intrusion Detection System (IDS)
Within the layered security approach, each layer where data communications within and across networks are protected can best be defined as
Transmission level security
Name a data management control that encrypts data in transit?
Transport Layer Security
What should an effective data management process be based on?
Data sensitivity
What is the primary purpose of testing change control policies for IT resources?
The primary purpose of testing change control policies is to identify any deviations from expected outcomes and investigate the causes to ensure effectiveness.
What is attack-centric modeling
A threat modeling framework that focuses on identifying threats with the greatest chance of success and the security controls for mitigating those threats.
