Lesson 1: Summarize Fundamental Security Concepts Flashcards
What are the 3 components of the CIA Triad?
- Confidentiality
- Integrity
- Availability
Define ‘Confidentiality’ in the CIA Triad
Keeping data and communications private and protecting them from unauthorized access; data can only be read by people who have explicit authorized access.
Define ‘Integrity’ in the CIA (AIC) Triad
Keeping organizational data accurate, free of errors, and without unauthorized modifications.
Define ‘Availability’ in the CIA Triad
Ensuring computer systems operate continuously and that authorized persons can access data that they need.
Define ‘Non-repudiation’
Goal of ensuring that the party that sent a transmission/created data remains associated with that data and cannot deny sending or creating that data.
Define ‘NIST’ (National Institute of Standards and Technology)?
Develops computer security standards; Publishes cybersecurity best practice and research.
What are the 5 functions of information/cyber security classified by NIST?
- Identify
- Protect
- Detect
- Respond
- Recover
Define the ‘Identify’ function defined by NIST
Evaluating assets, risks, business function, policies, threats/vulnerabilities and recommending security controls/policies to manage them securely.
Define the ‘Protect’ function defined by NIST
Ensures delivery of critical infrastructure services; Supports the ability to limit/contain a potential cybersecurity event.
What are examples of the ‘Protect’ function defined by NIST?
Securing IAM; Security Awareness training; Data protection controls and documentation; Maintenance of assets; Managing protective technology.
Define the ‘Detect’ function defined by NIST
Perform ongoing monitoring ensuring controls are effective and capable of protecting against new types of threats; Enables timely discovery of cybersecurity events.
What are examples of the ‘Detect’ function defined by NIST?
Ensuring Anomalies and Events are detected; Implementing Continuous Monitoring; Maintaining Detection Processes
Define the ‘Respond’ function defined by NIST
Identify, analyze, contain, and eradicate threats to systems and data security.
What are examples of the ‘Respond’ function defined by NIST?
Managing communications with stakeholders and law enforcement; Analysis of incidents; Mitigation to prevent expansion and for resolution;
Define the ‘Recover’ function defined by NIST
Implementing resilience to restore systems/services/data if other functions are unable to prevent attacks; Supports timely recovery to normal operations.
What are examples of the ‘Recover’ function defined by NIST?
Implementing recovery processes to restore systems; Implement improvements based on lessons learned and review of strategy.
How are NIST or other framework functions achieved?
By implementing security controls.
Define a ‘Security Control’
A technology or procedure put in place to mitigate vulnerabilities and risk and to ensure the confidentiality, integrity, and availability (CIA/AIC)
What is the purpose of a cybersecurity framework?
Guides selection and configuration of security controls; Gives structure to risk management and provides externally verifiable statement of regulatory compliance.
What are the outcomes of an organization following a cybersecurity framework?
Allows an organization to asses current cybersecurity capabilities, identify a target level of capability, and prioritize investments to achieve targets.
Define ‘Gap Analysis’
Measures the difference between the current and desired system state(s) to help assess the scope of work included in a project.
What is the purpose of access controls?
Ensure that information system meets the goals of the CIA triad by governing how subjects interacts with objects.
Define a ‘Subject’
Something that can request and be granted access to a resource; Person, Service/Process.
Define an ‘Object’
The resources that access is granted to; Network, server, database, app, or file.
Define IAM (Identity and Access Management)
Process providing identification, authentication, and authorization for users, computers, and services/process to access a network/host/application
What are the 4 main processes of IAM?
- Identification
- Authentication
- Authorization
- Accounting
Define the ‘Identification’ process of IAM
Aka enrollment; Creating an account and credentials to uniquely represent a user/host/process in the organization.
Define the ‘Authentication’ process of IAM
Determines the method used to validate an entity or individuals credentials.
Define the ‘Authorization’ process of IAM
Determining the rights/abilities subjects should have on each resource, and enforcing those rights.
Define the ‘Accounting’ process of IAM
Tracking authorized usage of a resource or use of rights by a subject and alerting when unauthorized use is detected or attempted.
What is another form of IAM?
AAA (Authentication, Authorization, and Accounting)
What are the properties of a secure information processing system?
Confidentiality, integrity, and availability (and non-repudiation)
What is the CMD to show the version of windows running on the machine?
winver
What are the 4 categories of security controls?
- Managerial
- Operational
- Technical
- Physical
Define a ‘Managerial’ security control
Focuses on the management of risk and the management of information system security.
Define an ‘Operational’ security control
Controls implemented by people; Security Guards, Training programs, SOPs
Define a ‘Technical’ security control
Implemented as a system (hardware, software, or firmware); Aka. ‘logical controls’; Firewalls, AV, IDS
Define a ‘Physical’ security control
Controls such as alarms, gateways, locks, lighting, and security cameras that deter and detect access to premises and hardware.
What is another way to define a security control?
.
Define a ‘Preventive’ security control
Operates before an attack takes place to eliminate/reduce the likelihood that the attack will succeed.
What are examples of a preventive security control?
ACLs, Anti-Virus/Malware, encryption
Define a ‘Detective’ security control
Operates during an attack to identify and record an attempted or successful intrusion.
What are examples of a detective security control?
Logs review, IDS
Define a ‘Corrective’ security control
Eliminates/reduces the impact of a security policy violation.
What are examples of a corrective security control?
Backup system to restore data damaged during an intrusion; A patch management system that eliminates a vulnerability before/during/after an attack; Lessons learned.
Define a ‘Directive’ security control
Control that enforces a rule, best practice, SOP, or SLA through a policy or contract.
What is an example of a directive security control?
A contract/policy; Training/awareness programs.
Define a ‘Deterrent’ security control?
Control that discourages intrusion attempts; signs/warnings
Define a ‘Compensating’ security control
A substitute for a principal control recommended by a security standard to mitigate risk and affords similar level of protection.
Define a security policy
A formalized statement defining how security will be implemented within an organization.
What is the role of a CIO (Chief Information Officer)?
Company officer responsible for management of information technology assets and procedures.
What is the role of a Chief Technology Officer (CTO)
Company officer with the primary role of making effective use of new and emerging computing platforms and innovations.
What is the role of a Chief (Information) Security Officer (CSO)/(CISO)
Person with overall responsibility for information assurance and systems security.
Define a security operations center (SOC)
A location where security professionals monitor and protect critical information assets across other business functions.
Define DevOps
A combination of software development and system/network operations.
What is the purpose of DevOps?
IT personnel and developers can build, test, and release software faster and more reliably.
Define DevSecOps
A combination of software development, security operations, and systems/network operations.
What is the purpose of DevSecOps?
To embed security expertise into any development project.
Define a computer incident response team (CIRT)
A single point of contact for notification of security incidents; Function might be handled by SOC or established as an independent business unit.
