Test 1 Flashcards
Technical Security Controls aka Logical Security Controls
(give examples)
Controls handled by computer systems, like software, hardware or firmware, made to automate security functions and enforce security policies:
Examples:
Encryption,
firewalls,
IDSs(intrusion Detection Systems,
Managerial security controls aka Administrative Security Controls
Policies, procedures, and guidelines set by management focussed on reducing the risk of security incidents.
Examples:
Organizational security policy ,
Risk assessments,
Security awareness training,
Operational Security Controls
(give examples)
Focused on day-to-day procedures, primarily handled by people. Used to ensure that the equipment continues to work and operations continue as normal
Examples:
Configuration Management,
Patch Management,
System backups
Physical security controls
Controls designed to deter, detect, and prevent unauthorized access, theft, damage, or destruction of material assets.
Examples:
Security guards,
Access control vestibules,
Lighting,
Fencing/Barricades
Preventive Security Controls
Proactively prevent security incidents from occurring or reduce the likelihood of security threats before they cause harm.
Examples:
AV software ,
Firewalls,
Encryption
Deterrent security controls
Designed to discourage potential attackers by increasing the perceived difficulty, risk, or consequences of their actions.
Examples:
Lights,
Fences,
Warning Signs
Detective security controls
measures implemented to detect and identify security incidents or unauthorized activities that have already occurred within an organization’s systems, networks, or facilities.
Examples:
IDS,
Log monitoring,
Security audits,
CCTV,
Vulnerability scanning
Corrective security controls
Designed to mitigate the impact of security incidents after they occur.
2 Goals:
1) restore affected systems
2) implementing measures to prevent it from happening again
Examples:
IRPs (Incident Response Plan),
Backups and System Recovery,
Forensic Analysis and Investigation,
Compensating security controls
Alternative ways to address security requirements when primary controls cannot be used. These controls aim to achieve equivalent or comparable levels of security by mitigating risks in alternative ways. Here are some
Examples:
Temporary service disablement,
MFA,
Backup power systems,
Sandboxing,
Temporary port blocking
Directive security controls
Security controls that are implemented through policies and procedures.
Examples:
IRP,
AUP “acceptable use policy”,
CIA Triad
Basic principles of information security.
It stands for Confidentiality, Integrity, and Availability, representing the three core objectives for protecting information systems and data.
Non-Repudiation
Refers to the ability to prove that a specific action or communication originated from a particular party and cannot be denied by them later.
Ensures:
proof of origin - digital signatures or message authentication codes (MACs), which verify the identity of the sender and ensure that the message has not been altered in transit.
proof of delivery - such as acknowledgment receipts or timestamps, provide evidence that the message was successfully delivered to the intended recipient
proof of integrity - accomplished through cryptographic techniques such as hashing or digital signatures, which generate unique identifiers (hashes) that can be used to verify the integrity of the data.
Which type of user account violates the concept of non-repudiation?
A shared user account violates the concept of non-repudiation. Shared user accounts are accounts that multiple individuals use to access systems, applications, or resources. Because multiple users have access to the same account credentials (such as username and password), it becomes difficult to attribute specific actions or transactions to a particular individual.
The AAA security architecture/ AAA security framework/AAA model
stands for Authentication, Authorization, and Accounting. It is a comprehensive framework used in network and information security to control access to resources, verify the identity of users, and track their activities. Let’s break down each component
Authentication: the process of verifying the identity of users or entities attempting to access systems, applications, or resources. (people auth: usernames/passwords, MFA, biometrics).
Authorization: what actions or operations authenticated users are allowed to perform after they have been successfully authenticated. It specifies the access rights, privileges, and permissions granted to users based on their identity, roles, or attributes. (Role-based access control (RBAC), Attribute-based access control (ABAC), Mandatory access control (MAC))
Accounting: Accounting involves tracking and logging users’ activities, actions, and resource usage for auditing, monitoring, and billing purposes. (logging, reporting, auditing)
examples of solutions that provide AAA functionality:
1) RADIUS (Remote Authentication Dial-In User Service)
2) TACACS+ (Terminal Access Controller Access-Control System Plus)