Total Comp TIA - Online class Flashcards
What is risk management
risk is the likelihood of a threat actor taking advantage of a vulnerability by using a threat against an IT asset
What is an asset
any part of an IT infrasture that has value
what is likelihood
the probability of an asset being damaged over time
what are threat actors
anyeone or anything with with the motive and resourcees to attach anothers IT infrastructure
what are nine the different threat actor groups
- Hacker - ppl trying to crack into IT inf.
- Hacktivist- someone with an activist attitude- ex. greenpeace
- script kitties- someone who uses known scrips and trying stuff ( premade attacks)
- insiders - somebody that has access to internal structure
- Competitors
- shadow IT - any form of IT inf that is being put in in an unofficial or illegal way
- criminal syndicates - denial of service attacks
- state actors - ex. - state sponser, long term type of actors
- advanced persistent threat(APT) - long term hacking of something to get information over time
what is a vulnerability
a weakness inherit in the protection of an asset . ex. firewalls that have holes in them
what is a threat
an action (attack or exploit) by a malicious threat actor that they can use against an vulnerability to preform harm to an asset
how can you get rid of threats
you go through remediation - lets look at all threat actors, threats , infrustructure, at their vulnerability and based on likelyhood elts make decision on hat we are going to do to remediate these threats
what does the CIA triad stand for
C- CONFIDENTIALITY
I-INTEGRITY
A- AVAILABILITY
what is an example of a script kitty
Kali linux
what are attack vectors
pathways to gain access to infrastructure
-example- open firewall ports
-weak configurations
-lack of security awareness
-missing patches
-infected USB thumb drive
-supply chain attacks
threat intelligence sources
-facilitate risk management
hardening can reduce incident response time
-provide cyber security insight - ex.threat maps
what are the threat intelligent sources
- closed/ proprietary- pay
-OSINT- Open source intelligent ex. goverment reports ex. NSA
-CVE- Common vulnerability and exposures
-dark web- anonymous connections ( TOR Network)
-AIS- Automated indicator sharing- exchange of cyber security intelligence between entities ( ex. STIX)
what is STIX
Structred threat information Expression - special format to package information that is understood between similar systems
what is TAXII
trusted automates exchange of intelligence iformation : ex- real time threat indicator feeds
describe OSINT
open sourced intelligence
-rferes to publis cybersecurity intelligence resources
* ex: CVE- Common vulenabilities and exposures database
what is the dark web
an encypted and anonymized inter access mechanism allowing access to unindexed contect
what could be some attack vectors
ex- mISSION CRITICAL it SYSTEMS - PAYMENT PROCESSING
-Third party access- software components
what are physical risk vector
ex- access control vestibules - mantraps
-Server room access
how can you manage risk vectors
with a risk management framework (RMF)
-ex. CIS- center for internet security
-NIST- national institute of risk management
what are some financial RMF’S
SSAE SOC 2
what is NIST
national institute of standards and technology
-It is a guide for conduction risk assessment
what is a GDPR
general data protection regulation
-protect EU citizens private data
ex. in the US- HIPPA ( health insurance portability and accountability act ) - protect health insurance info
-PCI DSS- Payment card industry data security standards
what are types of security policies
AUP- Acceptable use policy
-ex. email, account policies, web browsing , Data retention
define risk management frameworks
provide guidence on identifying and managing risk
what does a security control do
a solution that mitigates threat
-ex. running malware to prevent infections
What are the different security control categories
-Managerial/ adminitrative- WHAT
-operations- HOW OFTEN - POLICY REVIEWS
-technical - HOW - Technical controls
what is a cloud security control document
- cloud security alliance ( CSA)
- or CCM - cloud control matriculation
what are the security control types
-physical - ex. mantrap
-detective ( log files, tv)
-corrective- patching vulnerabilities
-detterent- device logon warning - ex. you are logging into
-compensating - ex. using alternative
what is risk assessment
prioritization of threats against assets and determining what to do about it
what is the risk assessment process
- risk awareness
-evaluate security controls
-implememt security controls
-periodic review
what are the different types of risk types
- Environmental - floods
-man made - terrorism
-internal - malicious insider
-external - competitors
-
what are the catagories for risk treatments
-risk acceptance - current level of risk is acceptable - mitigation/reduction of risk ( security controls before undertaking risk)
-transference/sharings - some risk transfered to someone else - ex. cybersecurity insurance)
-risk avoidance - avoid activity
what is a quantitative risk assessment
risk assesment based on numeric value- we are focusing on dollar amount
-what is the asset value (AV)
what is the exposure factor
amoutn of asset that is considered lost when a negative incident occurs
-ex. 1 –> 100% - one incident will be a complete loss of asset
what is the single loss expectancy
SLE- how much loss is experienced uring one negative incident
-multiply asset value by exposure factor
calculate SLE:
ASSET: 24,000
Exposure Factor: 12.5 %
24,000 x .125 = 3,000 SLE
when one negative occurance happens we are loosing about 3,000 dollars
How do you calculate the SLE ( SINGLE LOSS EXPECTANCY )
MULTIPLE THE ASSET VALUE X THE EXPOSURE FACTOR
what is the Annualized rate of occurance
ARO: - EXPECTED NUMBER OF YEARLY OCCURANCES DOWNTINE- ex. 3 times a years
how do you calculate the annualized loss expectancy
total yearly cost of bad things happening
1.) determining cost of single loss expectancy ( 1 negative occurance)
2.) multiple by number of occurances in one year BASED ON HISTORICAL KNOWLEDGE
what is a qualitative risk assesment
based on subjective opinions regarding
-thread likelihood
-impact of threat
threats are given a severity rating
what is a risk resgister
it is a cetralized list of risk, severities, responsibilities and mitigations - QUALITATIVE
what is a risk heat map
take risk severity levels and map them visually - by color
what is a risk matrix
table of risk details minus colors
what is a business impact analysis ( BIA)
-Allows us to prioritize mission critical processes
-ASSESS risk
*** identifies how negative incidents will impact business processes and sentitive data
What are the diffrent types of business impact
-financial
-Reputation laws
-Data Loss
-Data Exfiltration
Failed components Impact - different times
MTBF- Mean time between failures
* average time that passes between repairable compoent failures - EX. SOFTWARE
-Mean time to Failure ( MTTF)
-* average time between non repairable component failURES - ex. hard disk
-MTTR- Mean time to repair-
what is MTBF
MTBF- Mean time between failures
* average time that passes between repairable compoent failures - EX. SOFTWARE
what is MTTF
-Mean time to Failure ( MTTF)
-* average time between non repairable component
What is MTTR
-mean time to repair
*time required to repair a failed component
what is a privacy threshold assessment (PTA)
First step before implementing solutions related to sensitive data
-where is our sensitive data
what is the RPO
RECOVERY POINT OBJECTIVE ( MAXIMUM TOLERABLE Amount of data loss)
-EX. 1 hour maximum - then you should be backing up at least once every hour
