Module 2 - 02-1 Flashcards
More about frameworks and controls
Define Security frameworks
Guidelines used for building plans to help mitigate risks and threats to data and privacy
What is the biggest threat to security?
People
Define Security Controls
Safeguards designed to reduce specific security risks
What are three common types of controls?
1) Encryption
2) Authentication
3) Authorization
Define Encryption
The process of converting data from a readable format to an encoded format
Encryption involves converting data from plaintext to ____
ciphertext
Define Ciphertext
The raw, encoded message that’s unreadable to humans and computers
Ciphertext data cannot be read until it’s been decrypted into its original plaintext form.
Encryption is used to ensure _____ of sensitive data
confidentiality
Define Authentication
The process of verifying who someone or something is
What is an example of an advanced method of authentication?
Multi-Factor Authentication (MFA)
What does MFA stand for?
Multi-Factor Authentication
What is an example of an MFA?
A security code or biometrics, such as a fingerprint, voice, or face scan
Define Biometrics
Unique physical characteristics that can be used to verify a person’s identity
What are examples of biometrics (3)?
A fingerprint, an eye scan, or a palm scan.
What is one example of a social engineering attack that can exploit biometrics?
Vishing
Define Vishing
The exploitation of electronic voice communication to obtain sensitive information or to impersonate a known source
Define Authorization
The concept of granting access to specific resources within a system.
Essentially, authorization is used to verify that a person has permission to access a resource.
What does CTF stand for?
Cyber Threat Framework (CTF)
What organization developed the Cyber Threat Framework (CTF)?
The U.S. government
Why was the Cyber Threat Framework (CTF) developed?
To provide “a common language for describing and communicating information about cyber threat activity.”
How does the Cyber Threat Framework (CTF) help cybersecurity professionals and organizations (2)?
1) Analyze and share information more efficiently
2) Improve their response to the constantly evolving cybersecurity landscape and threat actors’ many tactics and techniques
What does ISO/IEC stand for?
International Organization for Standardization/International Electrotechnical Commission (ISO/IEC)
Define ISO 27000
The ISO 27000 family of standards enables organizations of all sectors and sizes to manage the security of assets, such as financial information, intellectual property, employee data, and information entrusted to third parties.
This framework outlines requirements for an information security management system, best practices, and controls that support an organization’s ability to manage risks.
How are Controls used alongside frameworks?
Controls are used alongside frameworks to reduce the possibility and impact of a security threat, risk, or vulnerability.
In what forms can Controls come in (3)?
- Physical
- Technical
- Administrative
How are these forms of Control typically used?
To:
- Prevent
- Detect
- Correct security issues
What are examples of physical controls (4)?
- Gates, fences, and locks
- Security guards
- Closed-circuit television (CCTV), surveillance cameras, and motion detectors
- Access cards or badges to enter office spaces
What are examples of technical controls (3)?
- Firewalls
- MFA
- Antivirus software
What are examples of administrative controls (3)?
- Separation of duties
- Authorization
- Asset classification
Cybersecurity frameworks and controls are used together to establish an organization’s ______.
security posture
How do security frameworks enable security professionals to help mitigate risk?
- They are used to establish guidelines for building security plans.
- They are used to establish laws that reduce a specific security risk.
- They are used to create unique physical characteristics to verify a person’s identity.
- They are used to refine elements of a core security model known as the CIA triad.
They are used to establish guidelines for building security plans.
Security frameworks are used to establish guidelines for building security plans that enable security professionals to help mitigate risk.
True or False?
Competitor organizations are the biggest threat to a company’s security.
False
People are the biggest threat to a company’s security. This is why educating employees about security challenges is essential for minimizing the possibility of a breach.
Security controls are safeguards designed to reduce _____ security risks.
- public
- broadscale
- specific
- general
specific
A security analyst works on a project designed to reduce the risk of vishing. They develop a plan to protect their organization from attackers who could exploit biometrics. Which type of security control does this scenario describe?
- Ciphertext
- Classification
- Authentication
- Encryption
Authentication
This describes authentication, which is the process of implementing controls to verify who someone or something is before granting access to specific resources within a system.