Security Operations Flashcards

1
Q

What are the two areas of people management within a cyber security context?

A

People management can be divided into two key areas:

  • Human Resource Security: This encompasses the entire employment lifecycle, including the relationship between the employee and the organisation before, during, and after employment.
  • Security Awareness and Education: This area focuses on promoting general security awareness and ensuring the proper use of systems and assets by employees and other individuals.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the risks of each stage of the employment lifecycle and their associated mitigations?

A

Recruitment
- Risks:
- Threat actors may pose as applicants and send malicious attachments disguised as resumes.
- Without pre-employment screening, there’s a greater chance of hiring individuals with malicious intent, potentially exposing the organisation to liability for negligence.

  • Mitigations:
    • Use email filtering and antivirus tools to defend against malicious attachments.
    • Conduct thorough background checks to verify candidates’ identity, employment history, and criminal record.
    • Ensure clear employment agreements and job descriptions outline the candidate’s roles and responsibilities, reducing ambiguity and risk.
    • Educate employees involved in the recruitment process about potential risks of phishing or social engineering during recruitment.

Onboarding
- Risks:
- If credentials are not provided promptly, senior employees may share their credentials with new hires, inadvertently weakening security.
- New employees are more vulnerable to phishing attacks due to limited cybersecurity knowledge.
- Access to sensitive systems may be granted before proper background checks are completed.

  • Mitigations:
    • Provide new employees with credentials during onboarding and enforce role-based access control (RBAC) to restrict access to only necessary data and systems.
    • Implement cybersecurity awareness training early in the onboarding process to equip new employees with the knowledge to identify and respond to phishing and other cyber threats.
    • Limit access to sensitive systems until background checks and clearances are fully completed.
    • Regularly review and audit access permissions to avoid excessive privileges being granted during onboarding.

Career Development
- Risks:
- Experienced employees may become complacent, potentially exposing previously secured attack vectors.
- Employees may not be aware of new and emerging threats, leaving the organisation vulnerable.
- As employees advance in their careers, they may gain new access rights while retaining old ones, creating security risks from accumulated permissions.

  • Mitigations:
    • Conduct periodic security training, including role-specific risks and updates on emerging threats.
    • Regularly monitor adherence to security policies, and use disciplinary measures to re-educate employees on security lapses, reducing the risk of future incidents.
    • Ensure that as employees move through different roles, timely de-provisioning of old access rights is enforced, leaving only the permissions relevant to their current role.
    • Foster a security-first culture that keeps employees engaged in best practices for their specific roles and responsibilities.

Employee Recognition
- Risks:
- Recognition programs that store data like names, job titles, and other sensitive information could be targeted by threat actors. This data may be used to craft convincing social engineering attacks.
- Disengaged or disgruntled employees could intentionally compromise security, especially if they feel unappreciated or undervalued.

  • Mitigations:
    • Use encryption to protect sensitive data both during transmission and storage.
    • Implement strong authentication mechanisms, such as multi-factor authentication (MFA) and RBAC, to ensure that only authorised personnel have access to sensitive information.
    • Monitor employee engagement and address dissatisfaction early to prevent potential risks from disgruntled employees.
    • Integrate security compliance into performance reviews and employee recognition programs, rewarding adherence to security best practices.

Offboarding
- Risks:
- Former employees retaining access after termination pose a serious risk, especially if the separation was not amicable.
- Ex-employees may have sensitive data stored on personal devices, which could compromise confidentiality.
- If access isn’t revoked immediately upon termination, former employees could misuse their privileges to access or steal company data.

  • Mitigations:
    • Use a comprehensive offboarding process that includes revoking all access, conducting exit interviews to reinforce non-disclosure agreements, and retrieving company devices and data.
    • Ensure access to all systems is terminated immediately after an employee’s departure to prevent any unauthorised access.
    • Conduct post-exit monitoring of systems for any suspicious activity related to former employees’ accounts.
    • Enforce strict non-disclosure agreements and intellectual property protections to prevent ex-employees from leaking or using company data inappropriately.
    • In cases where employees leave under strained circumstances, increase monitoring of sensitive systems and data leading up to the exit to ensure there is no unusual activity.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the four phases of the cyber security learning continuum?

A

Awareness
All employees, regardless of their role, require basic security awareness. This phase educates employees on fundamental security concepts such as the appropriate use of door entry systems, staff ID badges, and workplace mobile phone usage. In high-security environments, additional training may be provided on recognising and responding to being followed or other physical security threats. This general awareness is essential for fostering a culture of security across the organisation.

Cyber Security Essentials
This phase covers foundational practices for employees involved with IT systems in any capacity. It provides an introduction to key IT security concepts such as encryption, securing devices (e.g., locking terminals when not in use), and recognising common attack vectors, like phishing emails. Regardless of an employee’s role, understanding these cybersecurity basics is critical for maintaining the overall security of an organisation.

Role-Based Training
Role-specific training focuses on the security needs of different positions within the organisation. For example, an IT support technician requires in-depth knowledge of network security, while a mobile sales manager may need training on securely accessing systems remotely or handling client data offsite. This phase ensures that each employee receives the security training that is most relevant to their role, tailored to their access needs and responsibilities within the organisation.

Education/Experience
This phase focuses on deeper education and practical experience in cybersecurity. It often involves certifications, advanced training, or formal education programs that help employees gain specialised knowledge. This two-way learning process allows employees to bring back new insights and practices that can enhance organisational security. Continuous learning through education and experience is critical to staying ahead of emerging threats and evolving security needs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What does the NIST SP-800-50 and SP-800-16 provide guidance for in the context of cybersecurity awareness?

A

The National Institute for Standards and Technology (NIST) offers guidance on security awareness and training through two complementary special publications:

  • SP-800-50: Building an Information Technology Security Awareness and Training Program
    This publication provides strategic-level guidance on establishing and managing a security awareness and training program for employees. It is primarily aimed at senior management and executive boards, helping them to set policies and develop training programs that ensure the workforce is well-prepared to handle security challenges.
  • SP-800-16: A Role-Based Model for Federal Information Technology/Cybersecurity Training
    This document offers tactical-level advice on implementing security awareness, training, and education. It is directed at those responsible for developing and delivering course content and role-specific training, ensuring that training is tailored to employees’ job functions.

Together, these documents form the foundation of a cybersecurity learning continuum, outlining the progression from awareness to training and eventually to deeper education, fostering the development of cybersecurity skills across the workforce.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are the four areas of information management?

A
  • Information classification and handling
  • privacy
  • document and record management
  • sensitive physical information
How well did you know this?
1
Not at all
2
3
4
5
Perfectly