Risk Management Flashcards
Risk Acceptance
• cost of other risk management options like “risk avoidance” may outweigh the cost of the risk itself.
Risk Avoidance
- Avoids any exposure to risk.
* Most expensive Risk mitigation option.
Risk Limitation
• Used to balance a bit of risk acceptance along with a bit of risk avoidance.
Risk Transfer
- Transfer of Risk to a willing third party.
* eg: Insurance company.
Mandatory Access Control
• MAC
• Strictest Control
• Primarily used by the Government and military
• Enforces System administer-defined Access Controls to all controlled resources.
• secures information by assigning sensitivity (security level) labels on information.
Eg: Classification - top-Secret, Secret, confidential.
Discretionary Access Control
- DAC allows each user to control access to their own data. Eg: file permissions
- Uses an ACL to decide which users or group of users have access to information.
- The owner of information is able to change the ACL permissions at his discretion.
Non-Discretionary Access Control
• also known as RBAC - role based access control
• Access is based on users job function within an organization.
• Rules are set by Admin
• Rule-based, Role-based, or both
• Object owner is the organization, not the user.
Eg of RBAC - is allowing an analyst to read logs, but not change configuration.
Principle of least Privilege
- The principle of least Privilege states that all users should be granted only the level of privilege they need to do their jobs.
- As needed approach to authorizing access.
- Time based Access
- Authorizes the lowest Privilege required to perform duties.
Separation of duties
- An administrative control that dictates that a single individual should not perform all critical or privilege level duties.
- Prevents fraud and error.
SIEM
- Security Information And Event Management
- Used by Security analysts to monitor the Enterprise
- It aggregates and correlates various data feeds such as discovery and vulnerability assessment systems, risk and compliance, log management systems, penetration testing tools, Firewalls, IPS, Netflow, threat intelligence feeds, etc in a single pane for analysts.
SOC
- Security Operation Center
- Provides detection, containment, and remediation via People, Processes, technology.
- facilities where an organization asset’s, including applications, databases,servers, networks, desktops, and other endpoints are monitored.
Threat Centric SOC
- proactively hunts for threats on the network.
* 24/7 hunting via Security data
Compliance-Based SOC
• Focuses on the company’s Security as it relates to Compliance
Operational-based SOC
• Focuses on maintaining the operational integrity and functionality of the security controls.
IT Asset Management
• collecting inventory, financial, and contractual data to manage the IT asset throughout its life cycle.
Configuration management
Establishing and maintaining consistency of a products performance, functional requirements, and design throughout the products life cycle.
Patch management
Acquiring, testing, and installing of patches or code changes to the IT systems.
Vulnerability Management
Identifying, classifying, remediating, and mitigating Vulnerabilities in Software, firmware, and hardware.
MDM
Mobile Device Management
• monitors, manage, and secure employees mobile devices.
COBIT
- Good practice framework
- COBIT Provides controls over information technology and organizes them around a logical framework of IT-related processes.
ISO/IEC 27002:2013
Provide general guidance on the commonly accepted goals of information security management.
• Requirements are identified by a risk assessment
• Combined with COBIT to: Manage IT related Risk, Enforce Network Security Compliance, Fulfill audit Requirements, Satisfy needs for corporate governance and Internal Control.