Security Architecture Flashcards
RISO/IEC 27001
Global enterprises/companies. Information security management system (ISMS)
NIST (CSF)
National Institute of Standards and Technology. Cybersecurity Framework. For U.S government. Best rick managment guidlines
CIS Controls
Netowork, OS. Business. IT security teams (what rules they have in security)
PCI-DSS
Payment Card Industry Data Security System. Protecting credit card transactions. Banks
HIPAA
Health Insurance Portability & Accountability Act. Healthcare data security. Hospitals
MITRE & CK
Rules for SOC teams, cyber threats analysts.
5 Core functions of NIST
- Identify
- Protect.
- Detect.
- Respond
- Recover
Bell - LAPadula Model
enforces confidentiality (no read up, no write down). Military and goverment.
Biba Model
Enforces integrity. no write up no read dow. Preventing low trust users
Clark- Wilson Model
Ensures well-formed transactions & seperation of duties. Financial transactions
Brewer-Nash Model (CHinese Wall)
Prevents conflicts of interests in data access (Financial and legal companies)
MAC
Mandatory Access Control - restricts access based on security labels. Goverment/military
DAC
Discretionary AC. User based permission control. WIndows file sharing
RBAC
Role Based AC - access based on job positions. Companies.
ABAC
Attribute-Based AC - location, device, risk level. Cloud security, dynamic access policies.
CIA
Confidentiality - protects from unauthorized access
Integrity - data remains accurate and unaltered
Availability - data and system as accessible when needed
Data Classification Levels
- Public - no restrictions (marketings sites)
- Internal Use Only - low risk (company polices
- Confidential - restriced to specific groups in company
- Highly Confidential - govermnet secrets, financial data
Symetric encryption
Uses SINGLE (public) key. (AES-256 for file encrypting) (fast, less secure)
Asymetric encryption
Uses a public and private key pair. RSA for email encryption.
public encrypts. private decrypts
Transport Encryption
encrypts data in transit (TLS, SSL for web browsing)
Disk encryption
encrypts data at rest (BitLocker, FileVault)
DLP
Data Loss Prevention
Endpoint DLP
protects data on DEVICES (blocks usb driverse, screnshots)
Network DLP
monitoring data leaving the network
Cloud DLP
no cloud leaks
BDR
Backup and Disaster Recovery
3-2-1 Rule
3 copies of data. 2 on different storage types (one cloud, second on sdd disk). third one is offsite.
DRP (Disaster Recovery Plan)
Plan to recover from data loss events.
Full Backup
Copies entire system (once a week)
Incremental Backup
Saves only the changes from the last backup.
Differential Backup
Saves all the changes since the last full backup
Tokenization
replaces real data with tokens. (used in credit cards)
Masking
hides parts of data. (only show last 4 digits of social security number)
GDPR
General Data Protection Regulation - protects EU citizens data privacy.
CCPA
California Consumer Privacy Act - granst california residents contorl over personal data.
SOX
integrity of financial records for public comapnies
RPO
Recovery Point Objective. Maximum data loss allowed.
(how much data is allowed to be lost. Measure in time “we can only lose 30 min of data”)
RTO
Recovery Time Objective.
Maximum downtime allowed.
HA
High Availability.
Ensures continious system availability through failover mechanisms.
Redundancy
Having Backups systems in place (multiple data centers)
IRP
Incident Response Planning.
Documented procedues for responding to security procedures.
Security awarness training
Train your employees to recognize threats
ZTA
Zero Trust Architecture.
Every access if verified.
Disaster Recovery Plan Steps (DRP)
- Risk Assessment - identify threats
- Business Impact Analysis (BIA) - Evaluate impact of a disasters
- Recovery Strategies - backup sollutions, failover systems,
- Testing&Training - ensure rediness
- Plan Maintenance - update the plan regularly based on learned lessons.
Failover systems
automatically switch to a standby system in case of failure.
Clustering
Many servers work together as a single system
RAID
Redundant Array of Independent Disks.
protects against disk failures
Need to Know
Restricts access within a role if unnecessary