What is Cybersecurity Flashcards
Nichols, L. (2024) Cybersecurity Architect’s handbook an end-to-end guide to implementing and maintaining robust security architecture. Birmingham: Packt Publishing, Limited.
What is the job title of the pinnacle of a cybersecurity technical career?
Cybersecurity Architect (CSA)
What is the role of a CSA?
To help shape, design, and plan the technical aspects of an organization’s approach to security at all levels.
What is Access Control?
involves the procedure of permitting solely authorized individuals, programs, or other computer systems to observe, alter, or gain control over a computer system’s resources. IT acts as a mechanism to restrict the utilization of certain resources to only those users who have been granted authorization.
What is Secure Software Development?
encompasses a series of procedures and tasks associated with the strategic planning, coding, and administration of software and systems. Furthermore, it encompasses the implementation of protective measures within those systems to guarantee the confidentiality, integrity, and availability of both the software and the data in processes.
What is BCP/DR?
ITs Business Continuity Planning / Disaster Recover. which encompasses the essential measures, procedures ,and strategies required to uphold uninterrupted business operations in the face of significant disruptions. This entails recognizing, choosing, executing, testing, and maintaining processes and specific actions aimed at safeguarding vital business infrastructure and operations from system and network interruptions. The ultimate goal is to promptly restore essential services and business activities to their normal functioning state.
What is cryptography?
The science of using deception and mathematics to hide data from unwanted access. It addresses the principles, means, and methods to convert plaintext into ciphertext and back again to ensure the confidentiality, integrity, and authenticity or non-repudiation of data.
What is information security governance / risk management?
The multifaceted strategies organizations employ to safeguard critical information assets and systems. This discipline seeks to establish holistic criteria for the protection by integrating frameworks, policies, organized culture, and standards.
What is Computer crime legislation?
Laws prohibiting unauthorized access, hacking, malware distribution, and other cyber offenses
What are Associated regulations?
Mandates around data privacy, breach disclosure, sector-specific requirements, and cybersecurity standards
What are investigative measures?
Techniques for detecting security incidents through monitoring, log analysis, and forensics
What are Evidence gathering/management methodologies?
Procedures for securely collecting, analyzing, documenting, and preserving evidence for investigations.
What are Reporting protocols?
Guidelines for reporting incidents to authorities and impacted parties.
What is foundational for security?
Adhering to legal and regulatory obligations
What is asset protection?
Ensuring hardware, applications, services, and data remain confidential and integral through access controls, encryption, and resilience measures
What is monitoring and detection?
Employing tools such as SIEMs and IDSs to continuously monitor systems, networks, and user activity to rapidly detect potential incidents
What is a Incident REsponse?
Investigating suspected or confirmed events, containing impacts, eradicating threats, recovering systems, and improving future response capabilities
What is ongoing maintenance?
Keeping security tools and services such as firewalls, antivirus, and log management operating reliably through patches, upgrades, and redundancy
What is process integration?
Incorporating security processes into IT operations and business workflows to embed good security hygiene.
What is physical and environmental security?
Physical and environmental security involves safeguarding facilities housing critical information systems against unauthorized access and environmental hazards.
What is a security survey?
Regularly evaluating facilities’ physical access controls, surveillance systems, and vulnerability to threats such as fires or floods
What is Risk vulnerability assessment?
Identifying physical infrastructure and procedural weaknesses that may enable data breaches or system damage
What is site planning and design?
Incorporating security into facility layouts through measures such as access control zones, cameras, alarms, and secure equipment rooms.
What are Access Control Systems?
Managing physical access to facilities and critical system components via methods such as ID badges, biometric validation, and multifactor authentication
What are Environmental controls?
Maintaining ideal temperature, humidity, electrical supply, fire suppression, and other environmental conditions to protect systems
What is procedural security?
Establishing policies for escorting visitors, reporting incidents, performing equipment maintenance, and responding to environmental events.
What is Security Architecture?
Security architecture involves translating organizational requirements into comprehensive cybersecurity designs encompassing people, processes, and technology controls.
What are Security principles and framework?
Applying models such as Zero Trust and CIS controls to guide architecture.
What are Control Translation?
Mapping security requirements to technical safeguards and policies that balance usability and protection.
What is a environmental design?
Architecting layered defenses tailored to infrastructure, cloud environments, applications, data flows, and diverse access scenarios.
What is monitoring integration?
Incorporating controls and systems to provide robust logging, visibility, analysis, and response capabilities.
What is compliance alignment?
Structuring architecture to adhere to industry regulations, legal obligations, and cybersecurity standards.
What is continuous adaptation?
Evolving architecture to address new threats, business demands, and technology advancements.
What is Telecommunications/network security?
Their purpose is to ensure the confidentiality, integrity, and availability of data transmitted over both private and public networks and various media. .
What is CIA?
Confidentiality, Integrity, and Availability. Confidentiality refers to protecting information from unauthorized access. Integrity refers to the reliability and completeness of data, ensuring that it has not been unintentionally modified or altered by an unauthorized user. Ultimately, integrity ensures that data remains trustworthy, complete, and free from unauthorized changes. Availability pertains to the continuous accessibility and optimal functioning of data, systems, and resources as required by authorized users.
What is confidentiality?
Confidentiality involves safeguarding sensitive information from unauthorized access or disclosure, ensuring that only authorized individuals have the ability to access and view such data. It focuses on the protection of sensitive information, preventing it from falling into the wrong hands and maintaining strict control over who can obtain and observe it. Here are key aspects related to confidentiality.
What is Data Encryption?
Encryption is the process of converting plaintext data into a coded form (ciphertext) that is unreadable without the appropriate decryption key. It prevents unauthorized individuals from understanding the content of the data even if they gain access to it.
What are Access Controls?
Access controls involve implementing mechanisms to restrict access to sensitive information based on user roles, permissions, and authentication factors. This prevents unauthorized individuals from accessing confidential data.
What are Data Classifications?
Data classification involves categorizing data based on its sensitivity level. It allows organizations to prioritize the protection of highly sensitive information and apply appropriate security controls based on the classification.
What is integrity?
Integrity ensures that data remains accurate, unaltered, and reliable throughout its life cycle. Maintaining data integrity is crucial to prevent unauthorized modification, corruption, or tampering. Here are key aspects related to integrity.
What is Data Validation?
Data validation involves verifying the accuracy and consistency of data. It ensures that data meets specific predefined criteria and is free from errors, omissions, or malicious modifications.
What are hash functions?
Hash functions are mathematical algorithms that generate a unique string of characters (hash value) for a given set of data. By comparing the hash value before and after data transmission or storage, integrity violations can be detected if the hash values do not match.
What are Digital Signatures?
Digital signatures use encryption techniques to provide a mechanism for verifying the authenticity and integrity of electronic documents or messages. They ensure that the sender cannot deny having sent the message and that the content remains unaltered.
What is availability?
Availability refers to ensuring that systems, networks, and data are accessible and usable when needed. It involves preventing disruptions, maintaining service continuity, and mitigating the impact of potential incidents. Here are key aspects related to availability.
What is redundancy and fault tolerance?
Implementing redundancy and fault-tolerant mechanisms ensures that critical systems and data have backup components or alternate paths, minimizing the impact of hardware failures, natural disasters, or other disruptions.
What is disaster recovery planning?
Disaster recovery planning involves creating strategies and processes to recover critical systems and data after a disruptive event. It includes regular backups, off-site storage, and documented procedures for system restoration.
What is DDoS?
Distributed Denial of Service (DDoS) attacks aim to overwhelm systems or networks, causing service unavailability. Implementing DDoS mitigation solutions, such as traffic filtering or content distribution networks (CDNs), helps protect against such attacks and ensures uninterrupted access to services.
What is non-repudiation?
Non-repudiation ensures that the actions or transactions of individuals cannot be denied or disputed. It provides evidence that a specific action took place and was performed by a specific entity. Here are key aspects related to non-repudiation.
What are digital certificates?
Digital certificates are electronic documents that validate the identity of individuals or entities in electronic transactions. They are issued by trusted third parties (certificate authorities) and provide assurance of authenticity and non-repudiation.
What are audit trails?
Audit trails are records that capture and document the activities and events within a system or network. They serve as evidence of actions performed and can be used to prove the occurrence of specific events or transactions.
What are LANS and WANs?
Local Area Networks (LANs) and Wide Area Networks (WANs) are two common types of networks. LANs connect devices within a limited geographical area, such as a home or office, while WANs connect geographically dispersed networks. Both types of networks require proper security measures to protect against unauthorized access and data breaches.
What are Network Devices?
Networking devices, such as routers, switches, and firewalls, are responsible for routing, switching, and securing network traffic. Routers direct data packets between different networks, switches connect devices within a network, and firewalls enforce network security policies.
What are Network protocols?
Network protocols are sets of rules and standards that govern how data is transmitted and received over a network. Common protocols include Transmission Control Protocol/Internet Protocol (TCP/IP), which forms the foundation of internet communication, and Domain Name System (DNS), which translates domain names into IP addresses.
What are operating systems in cybersecurity?
An operating system serves as the software platform that manages computer hardware and software resources. It provides a secure foundation for running applications and plays a crucial role in cybersecurity. Here are the key aspects related to operating systems.
What are Types of Operating Systems?
Popular operating systems include Windows, macOS, and Linux. Each operating system has its strengths and vulnerabilities, making it important to understand the specific security considerations for each platform.
What are User Authentication and Access Controls?
Operating systems employ user authentication mechanisms, such as usernames and passwords, to ensure that only authorized individuals can access the system. Access controls further define permissions and privileges for users, limiting their actions and preventing unauthorized access to sensitive data.
What is Patch Management and Updates?
Operating systems regularly release updates and patches to address security vulnerabilities. Timely installation of these updates is critical for protecting against known exploits and ensuring a secure computing environment.
What is Antivirus and anti-malware software?
Operating systems can be fortified with antivirus and anti-malware software to detect and remove malicious programs that may compromise the system’s security. These software solutions help protect against viruses, worms, Trojan horses, and other forms of malware.
What is Network Segmentation?
Network segmentation involves dividing a network into smaller, isolated segments to limit the impact of a potential breach. It restricts unauthorized access and contains potential compromises, enhancing overall network security.
What is a Trust Zone?
A zone refers to a logical grouping of interfaces or systems that simplifies the management and control of access rules within a network or system. It helps establish and maintain different levels of trust for enhanced security. Each of these zones plays a crucial role in defining and enforcing security policies and controls within a network. By categorizing interfaces and systems into different zones, organizations can streamline their security management processes and ensure appropriate levels of trust and access across their infrastructure. In order to better understand the trust zone model, it is necessary to understand the basic concepts of zones. A core principle in modern cybersecurity architecture is network segmentation using zones to isolate systems with differing security levels. This recognizes that devices have varying risk profiles and business criticality.
What is tailored security related to network zoning?
Controls and monitoring can be customized per zone, enabling tighter protection for sensitive assets
What is reduced blast radius with respect by network zoning?
Threats are confined to one zone rather than propagating across the network.
What is Granular Access as related to network zoning?
Network rules actively limit which zones/systems can communicate.
What is improved visibility as related to network zoning?
Traffic flows and anomalies are easier to baseline and monitor within zones.
What is Simplified Compliance with respect to a benefit of network zoning?
Zones help logically group assets aligned to regulations
What is required for Effective Zoning?
requires classifying assets by risk, function, and data criticality.
What are the Four Zones?
Untrusted Zone (UTZ): The UTZ represents the lowest level of trust within the network. It is typically located on the internet-facing side of a security appliance or network edge. By default, traffic from the UTZ is not allowed to enter other zone types unless explicit rules are defined. However, traffic from the Trusted Zone (TZ) is usually permitted to communicate with the UTZ through the Semi-Trusted Zone (STZ), unless specific access control lists (ACLs) restrict the communication. The UTZ is often associated with the color red, symbolizing caution and potential threats.
Semi-Trusted Zone (STZ): The STZ offers a higher level of trust compared to the UTZ but is still lower than the TZ. It serves as a secure area between the LAN and the internet. The STZ typically hosts web-tier applications, such as presentation services, reverse-proxy mechanisms, or VPN termination points. It is sometimes referred to as a Demilitarized Zone (DMZ). The STZ is generally represented by the color yellow, indicating a level of caution and limited access.
Trusted Zone (TZ): The TZ provides the highest level of trust within the network. It is characterized by the least scrutiny and restrictions on traffic. TZs are typically part of the LAN but can extend across an enterprise and WAN connection. This zone encompasses end-user systems such as desktops and laptops. Traffic within the TZ is assumed to be secure and trustworthy. The TZ is commonly associated with the color green, signifying safety and reliability.
Restricted Zone (RZ): The RZ offers the highest level of security among the four zones. This zone typically contains the most sensitive data/databases and thus only explicit access is allowed to this zone such that direct access to the data within another zone is not allowed except through distinct sources, such as IP addresses and ports. This zone is typically characterized by the color black.
What is zero trust framework?
The zone model, discussed previously, originally designed to establish trust levels within network environments, can be effectively integrated with the concept of zero trust when adapting to cloud services and a distributed work-from-home model. In a zero trust framework, the focus shifts from implicitly trusting certain zones to continuously verifying and authorizing access requests regardless of the user’s location or the network they are connected to.
