Play It Safe: Manage Security Risks Flashcards
Security Posture
An organizations ability to manage its defense of critical assets and data, and react to change
Security And Risk Management
Focused on defining security goals and objectives, risk mitigation, compliance, business continuity, and legal regulations
Risk Mitigation
The process of having the right procedures and rules in place to quickly reduce the impact of a risk like a breach
Compliance
The primary method used to develop an organizations internal security policies, regulatory requirements, and independent standards
Business Continuity
An organizations ability to maintain their everyday productivity by establishing risk disaster recovery plans
Asset Security
Focused on securing digital and physical assets. Related to the storage, maintenance, retention and destruction of data
Security Architecture And Engineering
Focused on optimizing data security by ensuring effective tools, systems, and processes are in place to protect an organizations assets and data
Shared Responsibility
All individuals within an organization take an active role in lowering risk and maintaining both physical and virtual security. Associated with Security Architecture and Engineering
Communication And Network Security
Focused on managing and securing physical networks
Identity And Access Management (IAM)
Focused on access and authorization to keep data secure, by making sure users follow established policies to control and manage assets
Components Of IAM
Identification, authentication, authorization, accountability
Identification
User verifies who they are by providing username, access card, or biometric data
Authentication
Verification process to prove a person’s identity by password or PIN
Authorization
Takes place after a user’s identity has been confirmed
Accountability
Monitoring or recording users actions like log-in attempts
Security Assessment And Testing
Focused on conducting security control testing, collecting and analyzing data, and conducting security audits to monitor for risks, threats and vulnerabilities
Security Operations
Focused on conducting investigations and implementing preventative measures
Software Development Security
Focused on using secure coding practices
Secure Coding Practices
Recommended guidelines that are used to create secure applications and services
Software Development Lifecycle
An efficient process used by teams to quickly build software products and features
Information Security (InfoSec)
A set of processes established to secure information
InfoSec Design Processes
Indecent response, vulnerability management, application security, cloud security, and infrastructure security
Security Architecture And Engineering Design Principles
Threat modeling, least privilege, defense in depth, fail securely, separation of duties, keep it simple, zero trust and trust but verify
Threat
Any circumstance or event that can negatively impact assets
Risk
Anything that can impact the CIA of an asset
Low- Risk Asset
Information that would not harm the organizations reputation or ongoing operations, and would not cause financial damage if compromised. Ex- website content or published research data
Medium- Risk Asset
Information that’s not available to the public and may cause some damage to the organizations finances, reputation, or ongoing operations. Ex- early release of company’s quarterly earnings
High- Risk Asset
Information protected by regulations or laws, which if compromised, would have a severe negative impact on an organizations finances, ongoing operations, or reputation. Ex- leaked assets with SPII, PII or intellectual property
Vulnerability
A weakness that can be exploited by a threat
Layers Of The Web
Surface Web, Deep Web, and Dark Web
Surface Web
Generally used for browsing and shopping
Deep Web
Requires authorization to access. Ex- workplace intranet
Dark Web
Only accessed by certain software, generally used by criminals
NIST Risk Management Framework (RMF)
Prepare, categorize, select, implement, assess, authorize, and monitor
RMF Step 1: Prepare
Activities that are necessary to manage security and privacy risks before a breach occurs
RMF Step 2: Categorize
Used to develop risk management processes and tasks
RMF Step 3: Select
Choose, customize, and capture documentation of the controls that protect an organization
RMF Step 4: Implement
Implement security and privacy plans for the organization
RMF Step 5: Assess
Determine if established controls are implemented correctly
RMF Step 6: Authorize
Being accountable for the security and privacy risks that may exist in an organization
RMF Step 7: Monitor
Be aware of how systems are operating
Common Strategies To Manage Risks
Acceptance, avoidance, transference, and mitigation
Multiparty Risk
Outsourcing work to third-party vendors can give them access to intellectual property such as trade secrets, software design and inventions
Ciphertext
Raw encoded message that is unreadable to humans and computers
Cyber Threat Framework (CSF)
Developed by the US Government to provide “a common language for describing and communicating information about cyber threat activity”
Physical Controls
Gates, fences and locks, security guards, CCTV, surveillance cameras, motion detectors, access cards or badges
Technical Controls
Firewalls, MFA, Anti-virus Software
Administrative Controls
Separation of duties, authorization, asset classification
CSF Core Functions
Identify, protect, detect, respond, recover
NIST S.P. 800-53
A unified framework for protecting the security of information systems within the federal government
Identify
The management of cybersecurity risk and its effect on an organizations people and assets.
Protect
The strategy used to protect an organization through the implementation of policies, procedures, training, and tools that help mitigate cybersecurity threats
Detect
Identifying potential security incidents and improving monitoring capabilities to increase the speed and efficiency of detections
Respond
Making sure that the proper procedures are used to contain, neutralize, and analyze security incidents and implement improvements to the security process
Recover
The process of returning affected systems back to normal operation
OWASP
Open web applications security project / open worldwide application security project
OWASP Security Principles
Minimize attack surface area, principle of least privilege, defense in depth, separation of duties, keep it simple, fix security issues correctly
Attack Vectors
Pathways attackers use to penetrate security defenses. Ex- phishing emails, weak passwords
Fix Security Issues Correctly
Identify the root cause, contain the impact, identify vulnerabilities, and conduct tests to ensure that remediation is successful
Additional OWASP Security Principles
Establish secure defaults, fail securely, don’t trust services, avoid security by obscurity
Purposes Of Internal Security Audits
Identify organizational risk, assess controls, correct compliance issues
Common Elements Of Internal Audits
Establishing the scope and goals, conducting a risk assessment, completing a controls assessment, assessing compliance, communicating results
Audit Questions
What is the audit meant to achieve, which assets are most at risk, are current controls sufficient to protect those assets, what controls and compliance regulations need to be implemented
Common Log Sources
Firewall log, network log, server log
Firewall Log
A record of attempted or established connections for incoming traffic from the internet
Network Log
A record of all computers and devices that enter and leave the network
Server Log
A record of events related to services, such as websites, emails, or file shares
Metrics
Key technical attributes, such as response time, availability, and failure rate, which are used to assess the performance of a software application
Security Orchestration, Automation, and Response (SOAR)
A collection of applications, tools, and workflows that uses automation to respond to security events
Different Types Of SIEM Tools
Self hosted, cloud hosted, hybrid
Self Hosted SIEM Tools
Require organizations to install, operate, and maintain the tool using their own physical infrastructure such as server capacity.
Cloud Hosted SIEM Tools
Are maintained and managed by the SIEM providers, making them accessible through the internet
Hybrid SIEM Tools
A combination of self hosted and cloud hosted SIEM Tools
Splunk
A data analysis platform
Splunk Enterprise
A self hosted tool used to retain, analyze, and search an organizations log data to provide security information and alerts in real time
Splunk Cloud
A cloud hosted tool used to collect, search, and monitor log data
Chronicle
A cloud native tool designed to retain, analyze, and search data (Google)
Open Source Tools
Often free to use and can be user friendly. Provides users with software that is built by the public in a collaborative way, which can result in software being more secure
Proprietary Tools
Developed and owned by a person or company, and users typically pay a fee for usage and training
Linux
An open source operating system
Suricata
An open source network analysis and threat detection software
Incident Response Playbook Phases
Preparation, detection and analysis, containment, eradication and recovery, post incident activity, coordination
