Risks Management Flashcards
1
Q
Security Policy Framework Levels
A
Policies
Standards
Guidelines
Procedures
2
Q
Risk Factors
A
Likelihood/probability
Impact
3
Q
Risk Assessment Methods
A
Qualitative
Quantitative
4
Q
Define an AV
A
Asset Value
5
Q
AV Assessment Methods
A
Original
Depreciated
Replacement
6
Q
Define the EF
A
Exposure Factor; percent of asset effected
7
Q
Define SLE
A
Single Loss Expectancy; AV * EF
8
Q
Define ARO
A
Annualized Rate of Occurrence; likely number of occurrences per a year
9
Q
Define ALE
A
Annualized Loss Expectancy; ALE = SLE * ARO
10
Q
Define MTTF
A
Mean Time to Failure, for non replaceable components
11
Q
Define MTBF
A
Mean Time Between Failures, for replaceable components
12
Q
Define MTTR
A
Mean Time To Repair, average restoration time
13
Q
Risks Response Types
A
Avoidance
Transference
Mitigation/Deterrence
Acceptance
14
Q
Risk Register Components
A
Description Categorization Probability Impact Mitigation
15
Q
Risk Assessment Sources
A
Vulnerability Scans Penetration Test Audits OS Threat Intelligence Consulting/Vendor
16
Q
Types of Vendor Agreements
A
SLR/SLA
MOU/MOA
BPA/BPO
ISA
17
Q
Define SLR
A
Service-Level Agreement; outlines service providers commitment to client
18
Q
Define MOU/MOA
A
Memorandum of Understanding/Agreement
19
Q
Define BPA
A
Business Partnership Agreement
20
Q
Define ISA
A
Interconnection Service Agreement; joins networks outlining technical and security requirements
21
Q
Personnel Risk Management Key Principles
A
Need to Know
Least Privilege
Separation of Duties
22
Q
Define a BCP
A
Business Continuity Planning; focus on maintaining availability
23
Q
Define a BIA
A
Business Impact Assessment
24
Q
BIA Risk Concerns
A
Safety
Financial
Reputation
25
Define High Availability
Multiple-systems for same purpose
26
Fault Tolerance Methods
Power Supply
| Memory Storage
27
Describe RAID O
Striping
Performance, no Redundancy
1 or more disks
28
Describe RAID 1
Mirroring
Redundancy, low performance
2 or more disks
29
Describe RAID 5
Striping with Parity
Performance and Redundancy
3 or more disks
30
Describe RAID 6
Striping with Double Parity
| 4 or more disks
31
Describe RAID 10 (also called RAID 1 + 0/0 + 1)
Striping and Mirroring
| 4 or more disks
32
Define RTO
Recover Time Objective, goal recovery time
33
Define RPO
Recovery Point Objective, restoration point to return to after an incident
34
Backup Types
Full
Differential
Incremental
Snapshot
35
Describe Full Backups
Backup everything;
Slow backup speed
Fast restoration speed
36
Describe Differential Backups
Backup changes since last full;
Medium backup speed
Medium restoration speed
37
Describe Incremental Backups
Backup changes since last full or incremental;
Fast backup speed
Slowest restoration speed
38
Define a system Snapshot
Capture disk image at a moment in time
Less storage space requirements
Quick backups
39
Grandfather-Father-Son Backup Media Rotation Method
4 devices backup daily, 1 per a day Monday-Thursday
4 devices backup weekly, 1 per a week for 4 weeks
4 devices backup monthly, 1 per a month for 4 months
40
Define 3-2-1 Backup Rule
2 Backups on site
| 1 Backup off-site
41
Alternate Processing Facility Types
Hot
Cold
Warm
42
Describe a Hot Site
Fully operational
Quickest restoration (hrs)
Expensive
43
Describe a Cold Site
Empty facility
Slowest restoration (weeks)
Least expensive
44
Describe a Warm Site
Hardware and Software ready
Medium restoration speed (days)
Medium expenses
45
Define Alternate Business Processes
Utilizing alternative methods to accomplish same business purpose
46
Backup Site Location Considerations
Close enough for relocation of employees
Far enough to not be impacted by same disaster
Ease of access
Away from other industrial facilities
Data sovereignty (only applies to location of storage)
47
Disaster Response Plan Testing Methods
```
Read through
Walk through
Simulation
Parallel Test
Full Interruption
```
48
Define CIRT
Cyber Incident Response Team
49
CIRT Members
```
Management
Information Security
Subject Matter Experts
Legal
Public Affairs
HR
Finance
```
50
Evidence Types
Real/Physical
Documentary
Testimonial
51
Types of Testimonial Evidence
Direct, by first degree observation
| Expert Opinion
52
Define Hearsay
Testimonial evidence not given from the first person degree (i.e. "I heard someone else say")
53
Documentary Evidence Considerations
Authenticated
Best available
Parole Evidence
54
Define Best Available Evidence
Original or closest to the original evidence
55
Define Parole Evidence Rule
Assumes documentary evidence is entire and final
56
Digital Forensic Order of Volatility
Cache, registers
ARP Cache, routing table, memory, kernel statistics, process table
Temporary files
Disks
Monitoring data and remote logs
Physical configuration and network topology
Archived media
57
Purpose of Write Blockers
Intercept/prevent request to alter evidence
58
Purpose of Hashing Collected Evidence
Compare later hashes with initial for data integrity
59
Storage Bag Labeling Criteria
Name
Date and Time
Contents
Tamper Seal
60
Data Owner's Role
administrative control and has been officially designated as accountable for a specific information asset dataset
61
Data Steward's Role
Handle data governance and policy on behalf of the Data Owner
62
Data Custodian's Role
technical control over an information asset dataset
63
Define PTA
Privacy Threshold Analysis, determine necessity for privacy controls
64
Define PIA
Privacy Impact Analysis, evaluate sufficiency of privacy controls
65
Adverse Background Check Notification PRocess
Investigation
Pre-adverse notification
Employee Response
66
Incident Response Phases
```
Preparation
Identification
Containment
Investigation
Eradication
Recovery
Follow Up
```
67
Uses of Captive Portals
Monitor/limit Network Activity
User agreements
Branding
68
Insider Protection Methods
Content and email filter
| Strong security policies
69
Government Information Classification Standards
Top Secret- "exceptionally grave damage"
Secret- "serious damage"
Confidential- "damage"
Unclassified- available for general use
70
Define Private Information
Information relating to an individual (i.e. PII, PHI)
71
ISO 27001 Information Classification Standards
Confidential (top confidentiality level)
Restricted (medium confidentiality level)
Internal use (lowest level of confidentiality)
Public (everyone can see the information)
72
Least Effective Means of Purging Media
Degaussing
73
Define Security Policy
High-level, general statement about role of security
74
Define Standard
Legal, industry, or best business practices
75
Use of Code Escrow
Protect against vendor lack of support in the event they go out of business
76
Network Protection Steps
```
ID and document user access permissions
ID high-value assets
Document trust boundaries
ID choke points on the network
Segregate and isolate the network
Isolate server functions
Physically secure high-value systems
```
77
Memory Dump Methods
Save and extract the page file
| Save contents of physical RAM
78
Forensic Cloning Method
bit-level cloning
79
Instant Messaging Vulnerability
Lack of encryption
80
Define the Delphi Method
anonymous survey to determine value of an asset
81
Define Two-Man Control
Tasks which require dual custody due to sensitivity
82
Backup Data Loss Protection Method
Test restoration procedures
83
Purpose of an Archive Bit
Indicates whether a file has been modified (set if modified)
