S3-m4/5 Flashcards

1
Q

Privacy

A

Protects the rights of an individual and gives the individual control over what information they are willing to share with others
-dictates the types of authorization granted to information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Confidentiality

A

-Protects unauthorized access to information gathered by the company
-protecting personal privacy and proprietary information
-is required is that the information is only accessed by system or individuals with the appropriate authority

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Creating Policies and Procedures

Data Collection

A

Organizations should develop comprehensive policies and procedures for protecting the confidentiality of PII and proprietary information by defining:
-specific confidential data collected
-how data is collected, accessed, and retained
-incident response
-privacy in the development cycle
-sharing rules
-consequences of violation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Conducting Training

Data Collection

A

Organizations should reduce the possibility that PII will be accessed, used, or disclosed inappropriately by requiring that all individuals receive appropriate training to understand the relevant guidelines and the repercussions of violating these guidelines

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Personal Identifiable Information (PII)

A

All data that can be used to identify an individual:
-full name/ alias
-identification numbers
-addresses

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

De-identifying Personal Information

Data Processing

A

Organizations should de-identify records by removing enough personal information such that the remaining information does not identify and individual

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Using Access Enforcement

Data Storage

A

Organizations should control access to personal info through access control policies and access enforcement mechanisms

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Implementing Access Control for Mobile Devices

Data Collection

A

Organizations should prohibit or strictly limit access to personal information from portable and mobile devices, such as laptops, and phones

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Auditing Events

Data Collection

A

Organizations can monitor events that affect confidentiality of personal information, such as inappropriate access to PII

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Data Transmission

A

Organizations should protect the confidentiality of information transmitted. This is commonly accomplished through encrypting the communication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Data Deletion/Purging

A

Organizations should set up the policies to determine the data sets subject to be archived or purged

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Obfuscation

A

the process of replacing production data or sensitive information with data that is less valuable to unauthorized users

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Encryption

Obfuscation

A

Scrambles unencrypted data using cryptography so that it can generally only be deciphered with a key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Tokenization

Obfuscation

A

Removes production data and replaces it with a surrogate value or token.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Masking

Obfuscation

A

Swaps data with other like data so that the original identifying characteristics are disguised, or masked, while maintaining a similar structure to the unmodified data set

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Symmetric Encyption

A

Involves a single shared or private key for encryption and decryption of data within a group.
-drawback: does not facilitate a non repudiation bc any person with the shared key can encrypt and decrypt messages

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Asymmetric Encryption

A

Uses two keys, a public and private key. The public key is used to encrypt the message and the private key to decrypt it, or vice versa. Only the two opposite keys can be used in tandem.
-weakness is speed or operation: long keys/ complex

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Hashing

A

Converts a message with variable lengths to a fixed length message or code called a message digest or hash value

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Hashing vs Encryption

A

Difference is their intended use. Encryption is used fo secure data transfer to maintain confidentiality, whereas, hashing is used to maintain the integrity of the data, validating that the message is sent from the true sender

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Cipher

A

The result of applying encryption algorithms that encode encrypted messages into an encrypted form. Results in a combo of numbers and letters that are meaningless and illegible to those without a key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Substitution Ciphers

A

Are algorithms that replace each character of a plaintext message with another character. Very basic ciphers imply replace one letter or number with another using a key, while more complex ciphers involve math to substitute.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Transposing Ciphers

A

Are encryption techniques that rearrange the letter of a message to form unreadable ciphertext, often by using a matrix to perform columnar transposition

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Data Loss Prevention Systems (DLP)

A

Enables organizations to detect and prevent attempts by employees or unauthorized users to transfer sensitive information out of the organization electronically across multiple protocols, ports, and communication methods.
-pattern matching
-word recognition

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Objectives of a DLP

A

-implement a centralized DLP program, with collaboration from various departments, which oversee data for the entire organization
-define and create enterprise data usage policies
-evaluate the different forms of data, define levels of sensitivity
-monitor the use of sensitive data
-enforce security policies
-implement employee education programs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Network Based DLP

A

Scan outgoing data that meet specific criteria and are transmitted using means such email, file transfer protocols, and direct messaging
-cloud based DLP apply same protection but to a cloud

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Endpoint based DLP

A

Scan files stored or sent to devices that might be outside of a network, such as a printer, USB drive, or any other device to which data can be transferred

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Physical Security

A

locked cabinet and closets, security cameras and badge entry

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Digital Security Controls

A

Encrypted hard drives, encrypted USB drives, or secure file systems that are encypted

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Authorization and User Access Controls

A

Control mechanisms, such as role based access controls, rule based access controls, discretionary access controls
-multifactor authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Change Management Controls

A

require there to be processes in place for requesting changes to a system or data, review and approval, implementation, reversion, and documentation

31
Q

Backup and Recovery Mechanisms

A

these redundancy defenses protect data so it is not lost and can be restored in the event of a disaster, cyberattack, or accidental deletion or modification

32
Q

A read through

A

Involves distributing security, confidentiality, and privacy procedures to member of both the IT departments and no-IT departments supporting the walk-through for review
-inform personnel of tactical and strategic procedures

33
Q

Walk Throughs

A

occur in phases starting with a planning and preparation phase, followed by obtaining an understanding of the process being evaluated, performing the walk-through, creating documentation, performing tests, and finally evaluating the procedures
1. Plan and Prep
2. Obtain an Understanding
3. Perform Walk-through
4. Create Documentation
5. Test
6. Evaluate and report

34
Q

Finance and Accounting

Walk Through

A

-for confidentiality and privacy, focus on ensuring confidentiality and privacy policies are followed such that minimal PIIs are collected and each user has minimal level of PII and proprietary data to execute job function
-for security, focus on ensuring security policies are in place to only allow authorized employees access to systems that control any accounting functions that involve withdrawing or transferring cash

35
Q

Corporate Training and Education

Walk Through

A

-viewing security, confidentiality, and privacy content being delivered to employees
-employee acknowledgement of policies and procedures
-attending courses delivered by trainers
-reviewing materials an assessments given to trainees

36
Q

Human Resources

Walk Through

A

-for confidentiality and privacy, focus on how human resources follow the policies and procedures to identify an collect PII
-for security, focus on practices regarding background checks, defining security roles

37
Q

IT Risk Management

Walk Through

A

-for confidentiality and privacy, focus on identifying ways the department monitors the controls, identifying and communicating potential violations
-for security, focus on identifying ways the department tracks assets and systems that should be protected,

38
Q

Walk through procedures to be performed by SOC 2 engagement service auditor

A

-Following a transaction, event, or activity from origination until final disposition through the service organizations system using the same documents used by service organization personnel
-Inquiry, observation, inspection of relevant documentation, and flowcharts, questionnaires, or decision tables to facilitate understanding the design of the controls
-inquiry about instances during the period in which controls did not operate as described or designed
-questioning variations in the process for different types of events or transactions

39
Q

Factors when determining whether identified deviations may have a pervasive effect on other controls

A

-effect that entity level controls have on the operation of other controls
-the extent of the use of segmentation, a technique that enhances security by dividing networks or systems into multiple segments, across the service organization

40
Q

For potential fraud involving senior mangement

How should the service auditor respond?

A

communicating to those charged with governance and discussing with them the nature, extent, and timing of procedures necessary to complete the examination

41
Q

Incident response plan (IRP)

A

the documentation of a set of procedures, people, and information to detect, respond to, and limit the consequences of a cyberattack against an organization

42
Q

Key elements of a IRP outlined by NIST

A

-mission, strategies and goals, senior management approval and statement of commitment, organizational approach to incident response, purpose and objectives of the policy, scope of the policy, metrics for measuring the incident, roadmap, definition of computer security incidents and related terms

43
Q

Incident Response Timeline

A

Recovery timeline to be charted when an incident occurs, clearly delineating the point at which the incident starts, when its detected, contained, and eradicated and when normal operations are stored

44
Q

Method of detection

A

-vulnerability scanning software
-anomaly detection
-endpoint detection and response solutions
-file integrity monitoring
-log analysis
-intrusion detection
-intrusion prevention

45
Q

Centralized Incident Reponse Team

A

A single incident response team is tasked with managing incidents across the organization. This approach is effective for smaller organizations and those with computing environments that aren’t distributed geographically

46
Q

Distribute Incident Reponse Teams

A

Organizations in this model have multiple incident response teams that are responsible for specific logical or physical segments of a company’s network. Effective for orgs that have geographically widespread computing resources

47
Q

Coordinating Team

A

A secondary function of either a distributed or centralized incident response team is coordinating with other departments without having authority over those teams

48
Q

Employee Morale

A

Segregating roles may be one option to combat this fatigue and be a morale booster

49
Q

Event

A

An observable occurrence in a system or network. Examples include a user connecting to a shared file server, a server receiving a request for a web page, a user sending an email, and a firewall blocking a connection attempt

50
Q

Adverse Event

A

Any event with a negative consequence is defined as an adverse event, such as system crashes, packet floods, unauthorized use of system privilege’s, unauthorized access to sensitive data, and the execution of malware that destroys data

51
Q

Computer System Incident

A

A type of adverse event that is computer security related and caused by malicious human intent, not by environmental or indirect human factors such as power failures or natural disasters
-any violation or imminent threat of computer security policies

52
Q

Preparation

A

Initial phase of incident response planning involves assembling key personnel, tools, and processes so the organization will be prepared to handle many scenarios

53
Q

Detection and Analysis/Identification

A

The second phase concentrates on recognizing deviation from normal operations, evaluating deviations, and correctly classifying them as either an acceptable event or a problematic CS incident

54
Q

Containment

A

Once threat is correctly identified, the org must contain it so that further damage is not incurred.
-isolating a segment of network, removing infected servers
-nontechnical measures like informing employees so that certain routine operations might stop
step 3

55
Q

Eradication

A

Targets the extraction of the threat and restoration of affected systems, which may be as simple as restoring infected files with clean backup copies or as complex as using specialized software and forensic analysis to help decrypt or remove infected file.
step 4

56
Q

Reporting

A

Emphasizes communicating of the incident to management, IT personnel, and affected employees

57
Q

Recovery

A

Prioritizes returning an organizations normal IT operations to full functional state
-phased approach with early days focused on increasing overall security and implementing immediate high impact changes

58
Q

Post Incident Activity/Lessons Learned

A

Last step. Senior management and directly affected employees examine the incident, understand how it occurred, and develop ways to improve the response.

59
Q

SysAdmin, Audit, Network, and Security (SANS) institute

Incident response phases

A
  1. Preparation
  2. Identification
  3. Containment
  4. Eradication
  5. Recovery
  6. Lessons Learned
60
Q

NIST IRP

Incident response stages

A
  1. Preparation
  2. Detection
  3. Containment, eradication, recovery
  4. post incident activity
61
Q

International Organization for Standardization (ISO) IRP

Security Incident Management Activities

A
  • evaluating event criteria and defining incident
  • monitoring and detecting events
  • managing incidents to the end of their lifecycle
  • coordinating with authorities and handling evidence properly
  • performing a root cause analysis
  • reporting on all incident managment activities
62
Q

Mean Time to Detect

A

amount of minutes or hours that it takes an organization to detect a prior incident or one in progress

63
Q

Mean time to acknowledge

A

used to determine the amount of time an organization takes to acknowledge an incident once it has occurred
difference between the point in time when incident is reported and when it is recognized as an actual threat

64
Q

Mean time Between Failures

A

mean time between consecutive failures

65
Q

System Availability or Downtime

A

amount of time that a production system is completely or partially unusabel

66
Q

Service level agreement compliance

A

Involves evaluating whether qualitative or quantitively specified performance levels in a series level agreement with a IT provider were met

67
Q

Business Interruption Losses

Insurable Loss

A

Lost Revenue from operating delays that are due to the inability to access records, systems, or financial resources may be part of a cyber insurance policy

68
Q

Cyber Extortion Losses

Insurable Loss

A

Coverage may include funds for ransom payments and fees to attorneys or IT experts for the cost of negotiating with attackers

69
Q

Incident Reponse Costs

Insurable Loss

A

costs associated with recovery of lost or stolen data by external IT experts or managed services providers

70
Q

Replacement Costs for information systems

Insurable Loss

A

if an attack results in corrupted software or physically damaged hardware, insurance may cover a partial or complete replacement of IT assets

71
Q

Cyber Insurance Requirements for Applicants

A
  • backround checks
  • compliacne with regulations
  • disaster recovery
  • employee training
  • company policies
  • independent risk assessment
  • incident response plans
  • IT controls
  • Mandatory PEN testing
  • Loss history
72
Q

User Behavior Analytics Tools

A

UBA tools monitor, analyze, and interpret user activities to detect patterns and anomalies. Listed in an IRP

73
Q

Tabletop Excecises

A

also know as simulations