Security concepts in enterprise environment Flashcards
Configuration management
Diagrams
Baseline configuration
Standard naming conventions
Internet protocol (IP) schema
The process through which an organization’s information systems components are kept in a controlled state that meets the organization’s requirements, including those for security and compliance.
Diagrams
Diagrams are the best way to capture the complex relationships between network elements. Diagrams can be used to show how CIs are involved in business workflows, logical (IP) and physical network topologies, and network rack layouts. Remember, it is not sufficient simply to create the diagram, you must also keep the diagram up to date.
Baseline configuration
A collection of security and configuration settings that are to be applied to a particular system or network in the organization.
A baseline configuration is the template of settings that a device, VM instance, or other CI was configured to, and that it should continue to match. You might also record performance baselines, such as the throughput achieved by a server, for comparison with monitored levels.
Standard naming conventions
A Configuration Item (CI) is an asset that requires specific management procedures for it to be used to deliver the service. Each CI must be identified by some sort of label, ideally using a standard naming convention. CIs are defined by their attributes and relationships, which are stored in a configuration management database (CMDB).
Internet protocol (IP) schema
The Internet addressing scheme consists of Internet Protocol (IP) addresses and two special cases of IP addresses: broadcast addresses and loopback addresses.
Data sovereignty
In data protection, the principle that countries and states may impose individual requirements on data collected or stored within their jurisdiction.
Refers to a jurisdiction preventing or restricting processing and storage from taking place on systems do not physically reside within that jurisdiction. Data sovereignty may demand certain concessions on your part, such as using location-specific storage facilities in a cloud service.
Data protection
Data loss prevention (DLP) Masking Encryption At rest In transit/motion In processing Tokenization Rights management
Data loss prevention (DLP)
A software solution that detects and prevents sensitive information from being stored on unauthorized systems or transmitted over unauthorized networks.
Automate the discovery and classification of data types and enforce rules so that data is not viewed or transferred without a proper authorization.
Data Masking
A deidentification method where generic or placeholder labels are substituted for real data while preserving the structure or format of the original data.
Can mean that all or part of the contents of a field are redacted, by substituting all character strings with “x” for example. A field might be partially redacted to preserve metadata for analysis purposes. For example, in a telephone number, the dialing prefix might be retained, but the subscriber number redacted. Data masking can also use techniques to preserve the original format of the field. Data masking is an irreversible deidentification technique.
Data Encryption
Applying encryption at the table, field, or record level via a database management system rather than via the filesystem.
At rest
Information that is primarily stored on specific media, rather than moving from one medium to another.
In transit/motion
Information that is being transmitted between two hosts, such as over a private network or the Internet.
In processing
Information that is present in the volatile memory of a host, such as system memory or cache.
Tokenization
A deidentification method where a unique token is substituted for real data.
Means that all or part of data in a field is replaced with a randomly generated token. The token is stored with the original value on a token server or token vault, separate to the production database. An authorized query or app can retrieve the original value from the vault, if necessary, so tokenization is a reversible technique.
Rights management
Information Rights Management (IRM) feature in their Office productivity suite, SharePoint document collaboration services, and Exchange messaging server. IRM works with the Active Directory Rights Management Services (RMS) or the cloud-based Azure Information Protection. These technologies provide administrators with the following functionality:
Assign file permissions for different document roles, such as author, editor, or reviewer.
Restrict printing and forwarding of documents, even when sent as file attachments.
Restrict printing and forwarding of email messages.