SYO-701 Security Terminology and Standards

Question 1

Confidentiality (CIA)

Answer 1

Only authorized persons can gain access to information and are able to read the information. A number of technologies, such as permissions (ACL) and encryption (at rest and in transit) , can be used to keep information confidential

Question 2

Integrity (CIA)

Answer 2

Ensure that when data is sent from a source to a destination, the information received at the destination has not been altered in transit. Data integrity also means that if you store a file on the drive open it later, you can be certain that the data has not been altered while in storage

Question 3

Integrity (CIA) concepts

Answer 3

Hashing:
Ensure data integrity when communicating over a network, the sending system runs the data through a mathematical algorithm, known as a hashing algorithm, which then generates an answer (known as the hash value). This
hash value is then sent with the data. On the receiving end of the
transmission, the destination system runs the data through the same mathematical algorithm to generate an answer (hash value).

Digital Signature:
created on a message in order to prove the integrity of the sender of the message.

Digital Certificate:
A digital certificate is an electronic file used to transport keys for encrypting or digitally signing messages

Nonrepudiation:
the concept of ensuring that someone cannot dispute that they sent a message or made a change.

Question 4

Availability (CIA)

Answer 4

The concept of ensuring that the information is available when the
user wants it

Permissions - limits who can delete data and ensures availability to those who need it

Backups
Fault Tolerance:
Implement data redundancy solutions to ensure that if one of the hard drives fails, the other drives have a copy of the information. Having multiple drives work together this way is known as RAID, or Redundant Array of Independent Disk Clustering

Clustering:
Allows you to have multiple servers acting as one unit so that if one server fails, another server takes over the workload

Question 5

Accountability (CIAA)

Answer 5

Accountability is ensuring that users are accountable for their
actions—if someone inappropriately deletes a file, for example, a record of that action exists to hold them accountable.

Log files
Audit files
Firewalls and proxy servers

Question 6

Identification and Authentication

Answer 6

Identification happens before authentication and is the process of having users identify themselves to the system. The most popular method companies use to identify individual users is to give each user a unique username. The users type their username into the system in order to identify themselves. After the user inputs the identifying information (the username), the user inputs the password for that account for purposes of authentication

Question 7

Authorisation

Answer 7

Once authenticated, users are given access to different resources.

Permissions
Router ACLs
Proxy servers:
Can control what web sites can be visited or even what types of Internet applications can
be used by the internal users

Question 8

Security principles (Least Privilege, Separation of Duties, and Rotation of Duties)

Answer 8

Least privilege means that you give a user only the minimum level of permissions needed to perform their tasks or duties

Separation of Duties means you ensure that all critical tasks are
broken down into different processes and that each process is performed by a different employee

Rotation of Duties s is the principle of rotating multiple employees through different job roles. Ensures accountability and redundancy

Question 9

Diversity of Defence

Answer 9

Concept that you should use different products to increase the level of security in your environment. Although all products have vulnerabilities, the vulnerabilities are different for each of the different products, and the
hacker will have to work extra hard to get through each different product.

Question 10

Vulnerability and Exploit

Answer 10

Vulnerability is a weakness in a piece of software or hardware that was created by the manufacturer by accident. Once a vulnerability is found, hackers work on a way to exploit the weakness and compromise the system security

Question 11

Types of vulnerabilities

Answer 11

Use of open-source intelligence
Improper input handling
Misconfiguration/weak configuration
Default configuration

Question 12

Authorised, Unauthorised, and Semi-authorised Hackers

Answer 12

Authorised hackers
Also known as a white-hat hacker, an authorized hacker learns how to compromise system security for
defensive purposes, meaning they are doing it to better learn how to
protect the system or network

Unauthorized hacker:
Also known as a black-hat hacker, an unauthorized hacker compromises systems or networks for malicious reasons

Semi-authorized hacker:
Also known as a gray-hat hacker, a semi-authorized hacker is a person who hacks into systems for
non-malicious reasons

Question 13

Advanced persistent threat (APT)

Answer 13

Advanced persistent threat (APT) Advanced persistent threats
(APTs) are individuals or groups that perform highly comprehensive, well-planned attacks that give them long-term access to the target systems. Long-term access to a system is needed so that the attacker can collect sensitive information over a long
period of time

Question 14

Structure of a policy

Answer 14

Overview
Scope
Policy
Enforcement
Definitions
Revision History

Question 15

Types of Policies

Answer 15

Standard:
A standard policy is a policy that needs to be followed and typically covers a specific area of security

Guidelines:
Recommendations on how to follow
security best practices

Procedure:
also known as a standard operating procedure (SOP). The SOP documents step-by-step procedures
showing how to configure a system or device, or step-by-step instructions on how to implement a specific security solution

Question 16

Security control

Answer 16

are used to identify any mechanism used to protect an asset within the organization. Examples of security
controls are firewalls, antivirus software, and access control list

Question 17

Acceptable Use Policy (AUP)

Answer 17

AUP lets the users know what the company considers acceptable use of many topics, including:
Internet
e-mail
laptops
mobile devices
social media

Question 18

Password Policy

Answer 18

points to consider:

minimum password length
password history
maximum password age
minimum password age
password complexity

Question 19

Adverse Actions

Answer 19

each policy should specify adverse actions for anyone who does not follow the security policies.

Question 20

Change control/management policy

Answer 20

Specifies the process to follow when
implementing a change to the network. Specifies procedures to follow should reduce mistakes in configuration because a process can ensure that the change will be properly tested

Question 21

Security clearance and data labels

Answer 21

Classification labels (such as secret, top secret, or even unclassified) are assigned to the information, or assets. Once all of the assets have their classification labels assigned, you can then assign employees their security clearance levels that determine which assets they can access.

Question 22

Mandatory vacations

Answer 22

The importance of taking vacation time is that it helps detect fraudulent or suspicious activities within the organization because another employee will need to take over the job role while someone is on vacation. This will help keep employees honest in their job functions because they know they will be held accountable for irregular activities discovered during their absence

Question 23

Memorandum of Understanding

Answer 23

An MOU is a document that establishes an agreement between the two parties and specifies
their relationship to one another.

Question 24

Statement of Work

Answer 24

An SOW outlines the type of work a
company is being hired for, the timeline for that work, the cost of
the work performed, the payment schedule, and any conditions
related to the work.

Question 25

Measurement systems analysis

Answer 25

The MSA h is a mathematical operation used to determine variants within a measurement process.

Question 26

ISO/IEC 17799

Answer 26

The International Standards Organization (ISO) and the International Electrotechnical Commission (IEC) created the ISO/IEC 17799 standard, which specifies best practices for information security management.
ISO/IEC 17799 breaks the management of information security into different categories (typically known as domains).

Question 27

PHI and HIPAA

Answer 27

Protected health information (PHI)
is health information about a patient, their care, health status, and payment history that is protected by rules in the Health Insurance Portability and
Accountability Act (HIPAA). Organizations will typically anonymize this information from the patient to maintain their privacy.

Question 28

Personally Identifiable Information

Answer 28

PII is any information that can
uniquely identify a person. It should be protected at all times (examples include national identification number and driver’s licence number)

Question 29

General Data Protection Regulation (GDPR)

Answer 29

GDPR is a European regulation that is designed to protect private data of individuals. Organizations that process or handle personal data must have security controls in place to ensure unauthorized access to the private data does not occur

Question 30

Center for Internet Security (CIS)

Answer 30

CIS is a nonprofit organization formed in 2000 that creates and promotes cybersecurity
defense best practices to help safeguard systems

Question 31

National Institute of Standards and Technology (NIST) Risk Management Framework (RMF)
Cybersecurity Framework (CSF)

Answer 31

The NIST Risk Management Framework (RMF) is a document that outlines the steps to integrate security risk management into the system development lifecycle. The framework is broken into seven phases to perform risk management.

The NIST Cybersecurity Framework is a resource from NIST
that is a set of strategies to help companies manage cybersecurity
risk

Question 32

NIST SP 800-171

Answer 32

NIST Special Publication 800-171 is a recommended standard for federal organizations to secure
information while it is being processed, stored, and used on
nonfederal systems. This framework defines a number of technical controls that can be used to safeguard the information