L03 Flashcards
Vulnerability Management Life Cycle
Risk Management
Does not mean removing all risk, but implementing the following:
- identify the risk
- measure the risk (how likely is it?, how serious would it be?
- monitor and report the risk
- control the risk
- audit and adjust the risk management process
Patch Deployment
Software code is written to solve a software issues
Manual Protection of Vulnerabilites
Network managers/technicians take steps to remove or reduce the vulnerability.
Automated Tools used for Protection of Vulnerabilites
Tools can identify and repair vulnerabilities without human intervention.
Hardware Resources
servers, computers, tablets, printers, scanners, plotters, cameras
Software Resources
word processors, databases, spreadsheets, utilities, bespoke software, financial packages etc.
Communication Equipment
hubs, routers, bridges, gateways, modems, cabling, telephone systems
Information and Data
customer data, employee records, contract data, financial reports, production figures, production costs, sales figures, marketing information
Vulnerability assessment
Tools to discover which vulnerabilities are present, but they do not differentiate between flaws that can be exploited to cause damage and those that cannot.
Vulnerability scanners alert companies to the pre-existing flaws in their code and where they are located.
Penetration test
is an authorised simulated attack on a computer system that looks for security weaknesses, potentially gaining access to the system’s features and data.
Honeypot
A honeypot is a computer or computer system intended to mimic likely targets of cyberattacks. It can be used to detect attacks or deflect them from a legitimate target.
It can also be used to gain information about how cybercriminals operate.
Fuzz testing
software testing technique used to discover coding errors and security loopholes in software, operating systems or networks by inputting massive amounts of random data, called fuzz, to the system in an attempt to make it crash.
Sandboxing
is an isolated computing environment in which a program or file can be executed without affecting the application in which it runs. Sandboxes are used by software developers to test new programming code.
Asset
anything of value owned by an individual or organisation