Secruity Operations Flashcards
Security Benefits of Separation of Duties & Responsibilities ?
- Reduction in opportunities to commit abuse or fraud.
- Reduces Mistakes
- Reduces dependence on certain individuals
Security Benefits of Job Rotation ?
- Reduces opportunities for fraud and abuse.
- Eliminates single points of failure.
- Promotes professional growth.
What is the concept of Least Privilege ?
The principle of least privilege is that persons should have the capability to perform only the tasks (or have access to only the data) that are required to perform their primary jobs, and no more.
What is a single point of failure ?
A single point of failure is any part of a system, process, or network whose failure can cause the whole system to become unavailable.
Handling Sensitive Information
- Marking: How an organization identifies sensitive information, whether electronic or hard copy.
- Handling: The organization should have established procedures for handling sensitive information.
- Storage and Backup: Similar to handling, the organization must have procedures and requirements specifying how sensitive information must be stored and backed up.
- Destruction: The organization must have procedures detailing how to destroy sensitive information that has been previously retained.
What is Record Retention ?
Most organizations are bound by various laws to collect and store certain information, as well as to keep it for specified periods of time.
Organisations should not retain data any longer than required by law.
What is a fail-back condition ?
fail-back condition results when a previously failed primary control is restored.
What is a fail safe / fail closed condition ?
When an outage results in a device / service line permitting no access.
What is a fail open condition ?
When an outage results in a device / service line to permit all access.
What are Errors and Omissions ?
Errors and Omissions (E&O) is an insurance term that describes strategic and tactical errors that an organization can face,
whether by commission (performing an action) or omission (failure to perform an action). In addition to general liability coverage, insurance companies also sell Errors and Omissions insurance.
Errors and Omissions liability is also known as professional liability.
Organizations can prevent some Errors and Omissions through product reviews and quality control processes.
What is Fraud ?
Fraud is defined as any deceptive or misrepresented activity that results in illicit personal gain.
What is Industrial Espionage ?
Industrial espionage is the act of obtaining proprietary or confidential information in order to pass it to a competitor. Espionage is difficult to prevent,
but you can deter such activity with visible audit trails and access controls.
What is Sabotage ?
Sabotage is the deliberate destruction of property, which could include physical or information assets. This is best deterred and detected with highly visible audit trails, and it is best prevented with strict physical and logical
access controls.
What is Theft ?
face palm
Theft involves taking property from its owner without the owner’s consent.
A wide variety of controls can deter and prevent theft, including locks, alarm systems, cameras, audit trails (in the case of information theft), and identifying marks on equipment.
What are the major Security Control Types ?
- Preventive controls
- Detective controls
- Corrective controls
- Automatic controls
- Manual controls