Secruity Operations Flashcards

1
Q

Security Benefits of Separation of Duties & Responsibilities ?

A
  • Reduction in opportunities to commit abuse or fraud.
  • Reduces Mistakes
  • Reduces dependence on certain individuals
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Security Benefits of Job Rotation ?

A
  • Reduces opportunities for fraud and abuse.
  • Eliminates single points of failure.
  • Promotes professional growth.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the concept of Least Privilege ?

A

The principle of least privilege is that persons should have the capability to perform only the tasks (or have access to only the data) that are required to perform their primary jobs, and no more.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is a single point of failure ?

A

A single point of failure is any part of a system, process, or network whose failure can cause the whole system to become unavailable.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Handling Sensitive Information

A
  • Marking: How an organization identifies sensitive information, whether electronic or hard copy.
  • Handling: The organization should have established procedures for handling sensitive information.
  • Storage and Backup: Similar to handling, the organization must have procedures and requirements specifying how sensitive information must be stored and backed up.
  • Destruction: The organization must have procedures detailing how to destroy sensitive information that has been previously retained.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is Record Retention ?

A

Most organizations are bound by various laws to collect and store certain information, as well as to keep it for specified periods of time.

Organisations should not retain data any longer than required by law.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is a fail-back condition ?

A

fail-back condition results when a previously failed primary control is restored.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is a fail safe / fail closed condition ?

A

When an outage results in a device / service line permitting no access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is a fail open condition ?

A

When an outage results in a device / service line to permit all access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are Errors and Omissions ?

A

Errors and Omissions (E&O) is an insurance term that describes strategic and tactical errors that an organization can face,

whether by commission (performing an action) or omission (failure to perform an action). In addition to general liability coverage, insurance companies also sell Errors and Omissions insurance.

Errors and Omissions liability is also known as professional liability.

Organizations can prevent some Errors and Omissions through product reviews and quality control processes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is Fraud ?

A

Fraud is defined as any deceptive or misrepresented activity that results in illicit personal gain.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is Industrial Espionage ?

A

Industrial espionage is the act of obtaining proprietary or confidential information in order to pass it to a competitor. Espionage is difficult to prevent,
but you can deter such activity with visible audit trails and access controls.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is Sabotage ?

A

Sabotage is the deliberate destruction of property, which could include physical or information assets. This is best deterred and detected with highly visible audit trails, and it is best prevented with strict physical and logical
access controls.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is Theft ?

face palm

A

Theft involves taking property from its owner without the owner’s consent.

A wide variety of controls can deter and prevent theft, including locks, alarm systems, cameras, audit trails (in the case of information theft), and identifying marks on equipment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are the major Security Control Types ?

A
  • Preventive controls
  • Detective controls
  • Corrective controls
  • Automatic controls
  • Manual controls
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are the major Operational Control Types ?

A
Resource protection
Privileged entity controls
Change controls
Media controls
Administrative controls
Trusted recovery
17
Q

What is Resource Protection ? (Operational Control)

A

A broad category of controls that cover the following:

Communications hardware and software
Computers and their storage systems
Business data:
System data
Backup media
Software
18
Q

What is Privileged Entity Control ?

A

Privileged entity controls are the mechanisms, generally built into computer operating systems, which give privileged access to hardware, software, and
data.

19
Q

What are Change Controls ?

A

Change controls are the people-operated processes that govern architectural and configuration changes in a production environment.

  • Change Management
  • Control Management
20
Q

What are Media Controls ?

A

A broad category of controls that are used to manage information classification and physical media.

Information classification refers to the tasks of marking information according to its sensitivity, as well as the subsequent handling, storage, transmission, and disposal procedures that accompany each classification level.

21
Q

What are Administrative Controls ?

A

Administrative controls are the family of controls that include:

  • least privilege
  • separation of duties
  • rotation of duties.
22
Q

What is Trusted Recovery ?

A

the processes and procedures that support the hardware or software recovery of a system. Specifically, the confidentiality and integrity of the information stored on and the functions served by a system being recovered must be preserved at all times.

23
Q

What is Security Auditing ?

A

Auditing is the process of examining systems and/or business processes to ensure that they’ve been properly designed and are being properly used.

24
Q

What is Due Care ?

A

Due care requires that an organization operate using good business practices, usually a set of standards formally or informally stated by industry trade groups.

25
Q

What is an Audit Trail ?

A

Audit trails are the auxiliary records that are created which record transactions and other events.

  • enforce accountability
  • aid in investigation
  • aid in event reconstruction for analysts
  • Help identify the root cause of a problem
  • lack consistency in format due to many sources of data.
26
Q

Components of an Audit Record ?

A

Date and time: When the event occurred
Who: The person who performed the event
Where: The location at which the event happened.
Details: Information about the event

27
Q

Monitoring ?

A

What comprises monitoring ?

  • Penetration testing
  • Intrusion detection
  • Violation processing
  • Keystroke monitoring
  • Traffic and trend analysis
  • Facilities monitoring
28
Q

Pentesting Techniques ? (Monitoring, Sec.Ops)

A
  • Port Scanning
  • Vuln Scanning
  • Packet Sniffing
  • War Dialing
  • Radiation Monitoring
  • Dumpster Diving
  • Eaves Dropping
  • Social Engineering
29
Q

What is an IDS ?

A

Intrusion detection is the technique used to detect unauthorized activity on a network. An intrusion detection system is frequently called an IDS.

  • HIDS - Host IDS
  • NIDS - Network IDS
  • Signature Based
  • Anomaly Based.
30
Q

What is a Signature Based IDS ?

A
  • Compares network traffic to a list of patterns in a file.
  • File must be updated constantly to keep abreast of latest attacks.
  • Also detects attacks based on signature.
31
Q

What is an Anomaly Based IDS ?

A
  • profile driven - builds a profile for networks.
  • reports deviations on the profile
  • lots of false positives.
  • heuristics based IDS learn & recognise attack patterns.
32
Q

What is Violation Analysis ?

A

Violation analysis is the science of examining activity and audit logs to discover inappropriate activities. Violation analysis uses clipping levels, which are the thresholds that differentiate violations from non-events.

33
Q

What is Key Stroke Monitoring ?

A

Keystroke monitoring records all input activities on a terminal or workstation. Keystroke monitoring writes large volumes of data to log files.

  • difficult to hide
  • ethical concerns
  • uses a keylogger
34
Q

What is Traffic and Trend Analysis ?

A

Traffic analysis and trend analysis are the techniques used to make inferences about the activities of an individual or an organization, based on the type and
volume of traffic on a network.

35
Q

Facilities Monitoring Methods ?

A
  • Watching the logs of buildings with card-key access control to see whether doors are being propped open or if people are attempting to enter restricted areas
  • Monitoring unmanned entrances and other locations with closed-circuit television (CCTV) monitoring systems
  • Staffing key locations with security guards
  • Installing and monitoring security alarm sensors on doors and windows, and motion sensors in areas not normally manned
36
Q

What is Incident Management ?

A

The process of detecting, responding, and fixing a problem is known as problem management or incident management.