Week 3 Flashcards
What does SIEM stand for?
Security Information & Event Management
SIEM is a security platform that ingests event logs and offers a single view of this data with additional insights.
What is the primary function of SIEM technology?
Supports threat detection and security incident response through real-time collection and historical analysis of security events
SIEM collects data from various sources and presents it as actionable information.
What notable surge occurred in the environmental services industry in 2023?
61,839% increase in HTTP-based DDoS attacks
DDoS attacks accounted for half of all HTTP traffic in the industry.
What is a False Positive (FP) in the context of SIEM?
An incorrect identification of a threat or vulnerability by a system or tool
What is a True Positive (TP) in SIEM terms?
A correct identification of a threat or vulnerability by a system or tool
- Event and Log Collection
- Normalization
- Aggregation
What service provides these features?
Security Information and Event Management
What is the CIA Triad?
A framework in information security that includes Confidentiality, Integrity, and Availability
What are the key aspects of confidentiality?
Data classification, access control, encryption, and authentication
What is Integrity in the context of the CIA Triad?
Assurance that data remains accurate, reliable, and unaltered during its lifecycle
What does Availability mean in the CIA Triad?
Ensuring that data, systems, and resources are accessible and operational when needed by authorized users
Why is the CIA Triad important for organizations?
It helps organizations assess risks, make decisions about security measures, and establish security policies
What is an Open Source SIEM solution?
A cost-effective alternative to commercial SIEM products that is highly customizable
Examples include ELK Stack, OSSIM, and Graylog.
What service has these features?
* Correlation
* Real-time security monitoring and analysis
* Incident investigation and forensics
* Compliance
SIEM
Fill in the blank: The CIA Triad helps organizations strike the right balance between _______.
[competing requirements based on their specific needs and risk tolerance]
What is the purpose of data retention policies?
To ensure data is preserved for the appropriate duration and securely destroyed when no longer needed
What is the role of Load Balancing in Availability?
Distributes network traffic across multiple servers to prevent overloading any single server
What is the significance of Service Level Agreements (SLAs) in Availability?
Establish SLAs with service providers to ensure that critical services meet predefined availability standards
What should organizations assess when evaluating third-party vendors?
How well these vendors can maintain the confidentiality, integrity, and availability of data and services
