S3 Flashcards
Bring your own device (BYOD) Policies
- monitoring and enforcement of actions on personal devices
- ownership of data on the device
- Personal liability and indemnification
- restricted activities and application downloads
Networking access control list (ACL)
- A filesystem ACL deny privileges in an OS by restricting access to certain files, folders and directories.
- Networking ACL are used to regulate the type of network traffic that is allowed to flow across a network by configuring routers, switches, and other network devices with an array of lists to enforce.
- ACLs are a set of rules that outline which users have permission. Administers account restrictions.
First- Party risks:
- refers to the direct losses suffered by the insured party (The company) Ex: business interruption, cost of data recovery, theft or loss of assets, etc.
Third party risks:
- involves compensating parties other than the insured (The company).
Discretionary Access control
– owners can grant access to others based on their own judgement or delegate tasks to other custodians as the owner sees fit.
Privacy vs. Confidentiality
- Privacy: protects the rights of an individual and gives control over that info they are willing to share.
Confidentiality: Protects unauthorized access to information gathered by the company.
Allowlisting ( whitelisintg)
- identifying list of applications that are authorized to run on an organizations’ systems and only allowing those programs to execute.
Denylisitng (blacklisting): list of applications that are not authorized on a network and preventing those from running.
Symmetric encryption
- a single shared or private key for encryption of data within a group. The private key is used by all members of the group to both encryption and decrypt data. Employed to protect the data exchanged between a user’s device and the VPN server.
Layered security:
- protecting an org through the use of a diversified set of cybersecurity protection tactics. Accomplished by implementing redundancy, diversification practices, or a defense-in-depth approach that provides multiple layers of protection.
Digital signature:
- means of ensuring that the sender is authentic
- does not keep a message from being intercepted in route.
Cybersecurity event vs. Incident
- Event: a cybersecurity change that may or may not have an impact on organizational operations (Benign or adverse
- Incident: cybersecurity event that has been determined to have an impact on organization, prompting the need for response and recovery.
Backup and recover controls
- protect data so it is not lost and can be restored in the event of a disaster or accidental deletion or modification.
Preventive control
- Encryption
- Network access control restrict unauthorized users from gaining access to the private network.
- Managing user accounts
Data Obfuscation
- process of replacing production data with data that is less valuable to unauthorized users.
Mobile Code Cyberattack:
- Mobile code: any software designed to move from computer to computer to “infect” other applications by altering them in some way to include a version of the code. - often know as a virus and a polymorphic virus where the code mutates by changing its structure to avoid detection. Executed on the target system.
Control Environment (COSO component)
- the tone management sets and ethical values for an org by creating top-down approach to push forward the COSO Framework throughout the org.
Spear Phishing
- extensive efforts by IT personnel to address security breaches and restore system functionality
Threat Modeling
- the identification, analysis, and mitigation if cybersecurity threats to an org’s, IT infrastructure, systems and applications.
Five phases:
- identifying assets
- identifying threats (recognizing threat types, their characteristics, and potential methods of attack)
- performing reduction analysis (decomposing assets that are being protected with the intent to obtain a greater understanding of how those assets interact with potential cybersecurity threats. Helps to understand existing security clearances, policies around trust and security changes and how data flows through the org.)
- analyzing the impact of an attack (quantification of the impact of the attack)
- developing countermeasures and controls
- reviewing and evaluating the threat model
Hashing, asymmetric , and data masking
- Hashing is a cryptographic process used to ensure data integrity, securely store passwords, and authenticate digital messages.
- Data masking involves breaking the linkage between data and the individual to whom data is associated through the removal of personal identifiers.
- Symmetric (the sender and the recipient use the same shared key)
Asymmetric (two keys, one public and the other private, are used) More secure. more appropriate for securing data transfer. Hashing provides a level of assurance for the enforceability of digitally signed transactions.
figures related to loss:
- Annualized rate of occurrence (ARO) expected frequency of occurrences in a year
- Exposure factor (EF) The damage expressed as a percentage of an asset’s value
- Single Loss expectancy (SLE) cost of an individual loss
- ## Annualized loss expectancy (ALE) cost of a specific loss in a year
Governance system (REVIEW)
- Processes
- Organizational structures
- principles, policies and frameworks
- Information
- culture, ethics, and behavior
-people, skills and competencies - - services, infrastructure and applications
ERP vs. AIS
- ERP: uses a centralized database and cross functional.
- stores and provides access to data across a company’s different departments. stores shipping data, planning, etc. Data input is less intensive and because a central repository is used, meaning data only has to be entered once.
AIS:
- Not control oriented. not used by financial people. used by nonfinancial managers to evaluate business performance and make decisions. stores financial data
Review Controls
database schemas
- snowflake schema: more complex than the star schema since it requires more foreign keys to link the tables. more flexible.
- Star schema (most common for dimensional modeling) the simplest schema used for dimensional modeling. Requires fewer foreign keys to link tables together.
- Flat model (considered the simplest where data is held in an individual table)
NIST cybersecurity framework
- Respond (use to react to discovered vulnerabilities. Launching responsive measures to modify code to prevent cyberattack.)
- Recover (help orgs transition from a state of vulnerability to a state where it doesn’t exist)
- Protect (preventative function used to create safeguards by establishing security measures, such as controls around access, change management and redundancy)
- Identify (supports the location and identification of vulnerabilities.)
