Risk Management Flashcards
Risk Acceptance
• cost of other risk management options like “risk avoidance” may outweigh the cost of the risk itself.
Risk Avoidance
- Avoids any exposure to risk.
* Most expensive Risk mitigation option.
Risk Limitation
• Used to balance a bit of risk acceptance along with a bit of risk avoidance.
Risk Transfer
- Transfer of Risk to a willing third party.
* eg: Insurance company.
Mandatory Access Control
• MAC
• Strictest Control
• Primarily used by the Government and military
• Enforces System administer-defined Access Controls to all controlled resources.
• secures information by assigning sensitivity (security level) labels on information.
Eg: Classification - top-Secret, Secret, confidential.
Discretionary Access Control
- DAC allows each user to control access to their own data. Eg: file permissions
- Uses an ACL to decide which users or group of users have access to information.
- The owner of information is able to change the ACL permissions at his discretion.
Non-Discretionary Access Control
• also known as RBAC - role based access control
• Access is based on users job function within an organization.
• Rules are set by Admin
• Rule-based, Role-based, or both
• Object owner is the organization, not the user.
Eg of RBAC - is allowing an analyst to read logs, but not change configuration.
Principle of least Privilege
- The principle of least Privilege states that all users should be granted only the level of privilege they need to do their jobs.
- As needed approach to authorizing access.
- Time based Access
- Authorizes the lowest Privilege required to perform duties.
Separation of duties
- An administrative control that dictates that a single individual should not perform all critical or privilege level duties.
- Prevents fraud and error.
SIEM
- Security Information And Event Management
- Used by Security analysts to monitor the Enterprise
- It aggregates and correlates various data feeds such as discovery and vulnerability assessment systems, risk and compliance, log management systems, penetration testing tools, Firewalls, IPS, Netflow, threat intelligence feeds, etc in a single pane for analysts.
SOC
- Security Operation Center
- Provides detection, containment, and remediation via People, Processes, technology.
- facilities where an organization asset’s, including applications, databases,servers, networks, desktops, and other endpoints are monitored.
Threat Centric SOC
- proactively hunts for threats on the network.
* 24/7 hunting via Security data
Compliance-Based SOC
• Focuses on the company’s Security as it relates to Compliance
Operational-based SOC
• Focuses on maintaining the operational integrity and functionality of the security controls.
IT Asset Management
• collecting inventory, financial, and contractual data to manage the IT asset throughout its life cycle.
