Maintian a sec infra Flashcards
Governance
Strategic planning - provides organizational oversight setting policies and establishing practices to enforcement
Compliance
Requirement that all parties follow the same rules
Audit
Independent review and examination to assess the adequacy of controls to ensure compliance with policies and procedures
Policies
Written direction everyone should follow
Specify correct/expected behaviour
-Enforcement and prove compliance to auditor
- Written and accessible
Security Controls
Safeguards or countermeasures to avoid, detect, counteract, or minimize risks to assets
ISO 27001:2013
Information Sec Management System Spec
Establishing security programs
ISO 27002:2013
14 sec control groups
35 control objectives
>110 ind controls
ISO 27005:2011
ISMS Risk Management
NIST Computer Security Resources Center
Resources on computer, cyber.
Publication 800 series
Industry-Sepecific Regulations
HIPAA Sec and Privacy - Protected Health Information
PCI DSS - Processing, storing and transmitting cardholder data
GDPR - Data protection from European Union
NIST CSF
Cybersecurity Framework
-Identify, manage and assess cyberrisk
-Components:
1.Core. set of goals
2. Implementation Tiers. how to manage and operates
3. Profiles. List of requirements and resources
4 tiers
CSF Core
- Set of cybersec activities
-Translation layer among multi-disciplinary teams - Functions
1. Identify
2. Protect
3. Detect
4. Respond
5. Recover
Forms the current Profile
Current vs Target Profile provides roadmap to improvement
NIST Functions
Identify. valuable assets
Protect. valuable assets from threats
Detect. when an event occurs
Respond. quickly and efficiently to a cyber incident
Recover. from an incident and get back to business
NIST Functions - Identify
Assists in developing an organizational understanding in managing cybersecurity risk to systems, people, assets, data and capabilities.
NIST Functions - Protect
outlines appropriate safeguards to ensure delivery of critical infrastructure services.
NIST Functions - Detect
describes suitable actions to recognize the existence of a cybersecurity event. Identification of events.
NIST Functions - Respond
includes appropriate activities to take action regarding a detected incident. ability to contain the impact of a potential incident.
CIS Controls
top 20 activities for organizational security in order of priority
- Defense in depth
- Implementation groups (3)
a. Basic Controls
b. Foundational Controls
c. Organizational Controls
CIS Benchmarks
guidelines to secure or lockdown OS, SW apps and networks
CIS Basic Controls
Inventory and Control of HW
Inventory and Control of SW
Continuous Vulnerability Management
Controlled use of Administrative Privileges
Secure config for HW and SW on mobiles, laptops, workstations and servers
Maintenance, Monitoring and Analysis of Audit Logs
CIS Foundational Controls
Email and Web Browser Protections
Malware Defenses / Endpoint
Firewall
Data Recovery Capabilities
Secure config for network devices
Boundary Defense
Data Protection
Controlled Access on the Need to Know
Wireless Access Control
Account Monitoring and Control
CIS Organizational Controls
Security Awareness and Training
Application Software Security
Incident Response and Management
Penetration Tests and Red Team Exercises
Vulnerability
Weakness in an finormation syste, system security procedures, internal controls or implementation that could be exploited or triggered by a threat. NIST
Vulnerabiilty Management
Identification. Find a problem
> Where are vulnerabilities?
-Microsoft’s patch tuesday
-Vulnerability lists and databases (NIST NVD, MITRE CVE)
-Bug bounty programs
-Security assessments
Analysis. What to do?
Taking action. Implementing the decision
> Apply updates
- Zero-day vulnerabilities
