Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

DRM 2019 > Unit 3 - Disciplines within Cybersecurity > Flashcards

Unit 3 - Disciplines within Cybersecurity Flashcards

1
Q

What are the six main cybersecurity functions (skills and tasks)?

A

1) Management
2) Cyber Audit and Assessment
3) Event Monitoring and Alerts (Reactive Operations)
4) Proactive Operations
5) Environment Testing
6) Specialists

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What roles sit within the Management function?

A

1) Chief Information Security Officer / Chief Cybersecurity Officer
2) Cyber Risk Manager
3) Cybersecurity Architect

Management is responsible and accountable for putting the correct governance in place.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What roles sit within the Cyber Audit and Assessment function?

A

Audit Manager
Auditor
Assessment Specialist

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What roles sit within the Event Monitoring and Alerts function?

A

1) Security Incident and Events Manager
2) Security Incident Responder
3) Cybersecurity and Network Intrusion analysts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What roles sit within the Proactive Operations function?

A

1) Access Administrators
2) Security Device Administrators (firewalls and more)
3) Encryption / Cryptography Consultatnt
4) Security Risk Consultants
5) Cybersecurity Analysts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What roles sit within the Environment Testing function?

A

1) Attack and Penetration Testers (Ethical Hackers)

2) Vulnerability Assessors

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What roles sit within the Specialists function?

A

1) Security Controls Designer
2) External Security Specialist
3) Digital Forensics Specialist
4) Cryptologyst
5) Cryptanalyst
6) Anti-Malware / Anti-Virus Specialist
7) Software Security Specialist

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What do I need to know about the role - CISO?

A
  • Single point of accountability for ensuring appropriate framework for managing dangers and threats to electronic and physical info assets is operating and effective.
  • Too few of them occupy position on main Exec Board.
  • Has an executive strategic focus, a business person.
  • Does not make direct business technology decisions, but manages processes and reports to help business to understand and mitigate security risks.
  • CISO processes should allow relevant decision-makers to understand the risks and then make decision about whether or not to proceed.
  • Defines the security culture for the org, ensuring right control structures in place to keep risk within acceptable levels.
  • Has final accountability for all security governance items, including policies and procedures.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What do I need to know about the role - Cyber Risk Manager?

A
  • Responsible for collecting and monitoring the cumulative set of open security risks across digital landscape.
  • Usually establishes minimum ‘materiality’ levels (potential probability and impact thresholds), to determine when should be escalated.
  • Risk entry must capture and explain which digital components and business processes can be impacted.
  • Ensures collective risk information picture can be analysed and understood (most breaches occur due to cumulative risks).
  • Critical to understand which security actions should be assigned highest priority.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What do I need to know about the role - Cybersecurity Architect?

A
  • Creates a coherent master plan with standard security components that can be used effectively and quickly each time a new technology needs to be added.
  • Ensure clear understanding of permitted methods for securely integrating and extending an org’s digital ecosystem to interact with others.
  • Consider security of individual mobile apps in any device in which they could exist.
  • Includes security standards and reqmts expected for remote technologies such as cloud services and critical supplier systems.
  • Design secure, standard options for the flow of info between devices.
  • Helps business to avoid costs involved with post-release security incident mgmt and reactive resolution of security gaps, by providing specifications to embed into design and release process.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What do I need to know about the role - Cyber Audit and Assessment?

A
  • Crosscheck security and integrity of all key technologies, suppliers and processes on regular basis.
  • Function exists to check samples of operations to verify whether or not they are being performed securely and correctly, and to ID any significant gaps and required corrective actions.
  • Based on key controls that appear in the policies and procedures set by mgmt, usually aligned to legal reqmts or industry standards.
  • May also include continuous tracking of activities of sec admin.
  • Immediate critical items must be escalated to the cyber risk register and CISO as appropriate.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What do I need to know about the role - Security Incident and Event Management?

A
  • Last line of defense function.
  • Sec Incident Responder usually on call at all times to ensure immediate response to event such as DoS or malware attack.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What do I need to know about the role - Cybersecurity and Network Intrusion Analysts?

A
  • Responsible for measuring, monitoring and managing the operational status of all assets and info flows directly under the control or accountability of the org.
  • Includes all software, hardware, network devices, comms channels and third party (external) landscape items that could be potential source of vulnerabilities.
  • Usually coordinated through device and network monitoring software, collected to form status dashboards and automated alerts.
  • SOC = Security Operations Centre (real-time threats monitored and mgmt).
  • Day-to-day operational gaps resolved by this team.
  • Analysts also usually part of incident response team, to assess damage and impact.
  • Valuable to consult for creation of new security solutions and hardening of existing security standards.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What additional areas are becoming increasingly important when considering cybersecurity resourcing?

A
  • Putting together a threat intelligence team across disciplines, tasked with predicting and pre-empting the most likely threats and exploits.
  • Ensuring the correct contingency (i.e. BCP) and restoration plans are ready to go, in the event that a disaster (technical or natural) takes place.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

The Head of Cybersecurity for the Department of Homeland Security recommends ensuring the team is “EGGE”, which is…

A

Ethnically Diverse
Geographically Diverse
Gender Diverse
Educationally Diverse

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Private individuals may secure own accts and devices with simple steps, such as…

A
  • Maintaining different complex passwords with over 12 characters.
  • Keeping devices up-to-date with software patches.
  • Installing the most effective anti-malware software.
  • Restricting ability to install software to a separate account.
  • Avoiding surfing unknown websites or opening unknown links and attachments.
17
Q

What is the DQ?

A

Digital Quotient - used to measure technology-related intelligence (knowledge or familiarity with digital practices).

In 2014, average adult scored 96 and average six-year-old scored 98.

18
Q

What is difference in role of CISO vs CIO?

A

CIO looks at how to optimise and leverage information value.

CISO ensures that those information transactions are governed under secure processes.

19
Q

What do I need to know about the role - Access Administrators?

A
  • Performs the actions that set up and manage access to devices and systems used to run each org.
  • Usually prohibited from any operational use of system.
  • Roles should be rotated periodically and changes on highly sensitive systems should require a proposer and approver.
  • Activity normally recorded in electronic audit trails for any suspicious activity patterns to automatically raise alerts.
20
Q

What do I need to know about the role - Security Device Administrators?

A
  • Perform configuration or management of technologies that used to detect, block or allow digital traffic.
  • Considered to have privileged access and so should have processes to supervise this, such as Privileged Account Management Systems (PAMS).
  • If misused, technologies operated by sec admin may cause massive business disruption, incl preventing entire environment from working.
  • Roles therefore usually subject to close monitoring - audit trails, secondary approval and automated alerts.
21
Q

What do I need to know about the role - Encryption / Cryptography Specialist?

A
  • Acts as advisor or administrator of safe key management processes and advises on appropriate encryption / cryptography standards.
  • Cryptographic key architecture allows orgs to ensure keys used to encrypte and decrypt info are readily available when and where needed.
22
Q

What do I need to know about the role - Security Risk Consultant?

A
  • Advisor when new type of technology, device or comms channel is being considered, to help assess the risk.
  • Advises on security risk process design and provides consultative assistance each time a risk assessment process is run.
23
Q

What do I need to know about the role - Penetration Testers (ethical hackers)?

A
  • Perform checks and scans for potential exploits across new system or website before operational and on periodic repeating basis.
  • Exploits usually assigned a criticality level and resolved if that exceeds the orgs acceptable standard.
  • Usually performed in test (not the live) environment.
  • Considered essential ingredient for release of any software that has security by design.
24
Q

What are drawbacks of ‘Red Teaming’?

A
  • Very expensive.
  • Reactively uncovering issues, so will be expensive to fix.
  • Requires permission of owner of environment, which may rule out testing of supplier systems.
25
Q

What do I need to know about the role - Vulnerability Assessors?

A
  • Checks usually performed using specialised software on live and operational environments and are intentionally passive to prevent inadvertent operational disruption.
  • Assessor manages the assessments and the results produced by the process.
  • Can be performed periodically, but increasingly performed continuously in real time.
26
Q

What do I need to know about the role - Security Controls Designer?

A
  • Can support cybersecurity area by analysing exact requirements (purpose and intention) for any new security controls and proposing the most efficient, effective and least-disruptive design.
27
Q

What do I need to know about the role - External Security Specialists?

A
  • Userful in helping to advise, augment or educate the internal cybersecurity team on any matters or subject areas that are unfamiliar to them, or for which they have insufficient time allocation.
  • Useful for temp / part-time roles.
28
Q

What do I need to know about the role - Digital Forensics?

A
  • Preserves, rebuilds and recovers electronic information following any legal issues arising from an incident.
  • Key part in an law enforcement or legal action involving misuse of digital devices.
29
Q

What do I need to know about the role - Anti-Malware / Anti-Virus Specialists?

A
  • Help to analyse, counteract, report and defend against new types of malicious software.
  • Particularly useful during zero-day attacks.
30
Q

What do I need to know about the role - Software Security Specialist?

A
  • Ensures software is ‘secure by design’, incorporating security features into both construction process and feature specifications.
  • May also run automated and manual scans through the program itself (known as the source code) to guard against any backdoor or other unfriendly insertions by programmers.
31
Q

What do I need to know about the roles - Cryptologist / Cryptanalyst?

A

Cryptologist - Encryption code-maker, performs research to create stronger encryption algorithms. Usually reserved for security software companies and nation-state government agencies.

Cryptanalyst - Encryption code-breaker, who analyses encrypted info to decrypt and reveal the info. Useful in anti-malware companies.

32
Q

Which cybersecurity functions are Proactive?

A

Proactive operations and environment testing.

Management may also be (through policy setting) proactive.

33
Q

Which cybersecurity functions are Reactive?

A

Cyber Audit and Assessment and Event Monitoring and Alerts.

Management may also be.

34
Q

Why can Firewalls be seen as Proactive measures?

A

They protect data movement in networks.

So, as points of access and egress for data are possible attack targets, setting up firewalls can be seen as proactive.

35
Q

What is an example of a safeguard that a proactive operations person could apply with respect to network access?

A

To not allow administrators of access rights to have access to operational parts of a system.

They are privileged users, so should be subject to monitoring.

DRM 2019 (15 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions