Security+ 2 Flashcards
ISA : includes details on how 2 org.’s will interconnect their networks, systems, and/or data. Provides details on security standards like encryption standards and transfer protocols that will be used.
SPOF Analysis : identifies and removes single point of failure (SPOF).
IT Contingency Scenario Ex’s : sudden bankruptcy of key vendor, insufficient storage or compute capacity, failure of utility service.
Succession planning : replacing former employees with skilled people that will fill the roles of departed employees.
info …
HA : use multiple systems to protect against service failure / FT : makes a single system resilient against technical failures. Common POFs : power supply and storage media.
RAID 1 (disk mirroring) : stores same data on 2 disks, when system writes data to one disk it automatically makes same change to other disk, if primary disk fails, it switches to backup 2nd disk and continues to operate normally.
RAID 5 (Disk Striping w/Parity) : uses 3 or more disks to store data and parity info. Writes data across all disks w/parity blocks spread across all disks. If 1 disk fails the system can regenerate that disks contents by using that parity info.
info …
Disaster Recovery : Initial Response = contain damage caused by disaster, recover whatever capabilities may be immediately restored, include variety of activities depending on nature of disaster. Disaster Communications = initial activation of disaster recovery team, regular status updates, tactical communications. Assessment Mode : to see damage to org. and develop plan to bring business back to normal operations sometimes have intermediate steps like -> Order of Restoration : should prioritize systems by criticality.
info …
RTO : max time that should take to recover a service after disaster.
RPO : max time period from which data may be lost in the state of disaster.
Differential Backups : includes all data modified since last full backup.
Incremental Backups : include all data modified since last full or incremental backup.
Media Rotation : allows reuse of backup media over time.
info …
DR Testing Goals : validate the plan functions correctly, identify necessary plan updates. Read-Throughs : ask each team member to review their role in DR process and provide feedback, Walk-Throughs : gather team for formal review of DR plan, Simulations : use practice scenario to test DR plan, Parallel Tests : active the DR facility but dont switch operations there, Full Interruption Tests : switch primary operations to alternate facility can be very disruptive to business.
info …
After Action Report : creates formal record of incident documenting circumstances surrounding event and identifies opportunities for future improvement. Begins with brief executive summary for casual readers to understand, background info of incident, detailed summary of facts of situation, include lessons learned during response, conclude by outlining next steps org. should take based on lessons learned.
info …
Network QoS : provides critical services w/protected network capacity reducing likelihood of SPOF if DoS or other extreme burden on network.
Redundant facilities should be placed geographically apart from each other so that a disaster will not affect both if they are in the same general location. ex : cloud does this.
Data Sovereignty : data is subject to law of the jurisdiction where its stored.
Incident Response Policy : provides foundational authority person(s) for the program, defines incidents that fall under the policy, includes an incident prioritization scheme.
info …
GAPP Developers : AICPA, CICA, ISACA, IIA; GAPP Principles for Data Privacy : (1) Management : org,’s handling private info should have policies, procedures, and governance structures in place to protect privacy. (2) Notice : data subjects receive notice that their info is being collected and used, as well as access to privacy policies and procedures followed by org. (3) Choice and Consent : org. should inform data subjects of their options regarding data they own and get consent from them for collection, storage, use and sharing of that info. (4) Collection : org. should only collect personal info for purpose disclosed in their privacy notices. (5) Use, Retention, and Disposal : org.’s should only collect/use personal info for disclosed purposed and should dispose data securely soon as its not needed for the disclosed purpose. (6) Access : Org.’s should provide data subjects w/ability to review/update their personal info. (7) Disclosure to 3rd parties : org.’s should only share info w/3rd parties if sharing is consistent w/purposes disclosed in privacy notices and have consent of person to share that info. (8) Security : org. must secure private info against unauthorized access, both physically or logically. (9) Quality : org. should take steps to ensure private info that maintain is accurate, complete and relevant. (10) Monitoring and Enforcement : org. should have program to monitor compliance w/it’s privacy policies and provide a dispute resolution mechanism.
GAPP …
Data Owners : business leaders w/overall responsibility for data, they set policies and guidelines for their data sets.
Data Steward : day-to-day data governance activities, they are delegated responsibility by data owners.
Data Custodian : actually store and process info and are often IT staff members.
Privacy Officers : are responsible for ensuring org. meets its privacy obligations.
info …
Software forensics techniques : intellectual property -> software forensics may be used to resolve intellectual property dispute between 2 parties.
Malware Origins : software forensics may be used to identify the author of malicious software found on system.
Embedded Device Forensics : like a car w/embedded systems can tell if person was using car or not to rule them in or out as a suspect etc …
Evidence Log events (Chain of Custody) : initial collection, transfer, storage, opening and resealing the container. Log Details : Investigator name, date and time, purpose of action, nature of action being taken w/the evidence.
Litigation holds require preservation of relevant electronics and paper records. Sources of Electronic Records : file servers, endpoint systems, email messages, enterprise systems and cloud services. electronic discovery may move to production phase and attorneys must review documents for relevance and turn them over to other side.
info …