Module 3 Flashcards
are responsible for maintaining data assurance for an organization and ensuring the integrity and confidentiality of information.
Network security professionals
Security specialist job roles within an enterprise include
Chief Information Officer (CIO),
Chief Information Security Officer (CISO),
Security Operations (SecOps) Manager,
Chief Security Officer (CSO),
Security Manager, and
Network Security Engineer.
Regardless of job titles, network security
professionals must always stay one step ahead of the hackers:
- They must constantly upgrade their skill set to keep abreast of the latest threats.
- They must attend training and workshops.
- They must subscribe to real-time feeds regarding threats.
- They must peruse security websites daily.
- They must maintain familiarity with network security organizations. These organizations often have
the latest information on threats and vulnerabilities.
Network Intelligence Communities
SANS
Mitre
FIRST Forum of Incident Response and Security Teams
SecurityNewsWire
(ISC)2 International Information Systems Security Certification Consortium
CIS Center for Internet Security
Institute resources are largely free upon request and include:
The Internet Storm Center - the popular internet early warning system
NewsBites, the weekly digest of news articles about computer security.
@RISK, the weekly digest of newly discovered attack vectors, vulnerabilities with active exploits, and explanations of how recent attacks worked
Flash security alerts
Reading Room - more than 1,200 award-winning, original research papers.
SANS also develops security courses.
SANS
SysAdmin, Audit, Network, Security (SANS)
maintains a list of common vulnerabilities and exposures (CVE) used by prominent security organizations making it easier for them to share data. The CVE serves as a dictionary of common names (i.e., CVE Identifiers) for known cybersecurity vulnerabilities.
The Mitre Corporation
is a security organization that brings together a variety of computer security incident response teams from government, commercial, and educational organizations to foster cooperation and coordination in information sharing, incident prevention and rapid reaction.
Forum of Incident Response and Security Teams (FIRST)
A security news portal that aggregates the latest breaking news pertaining to alerts, exploits, and vulnerabilities.
SecurityNewsWire
provides vendor neutral education products and career services to more than 75,000+ industry professionals in more than 135 countries.
International Information Systems Security Certification Consortium (ISC2)
is a focal point for cyber threat prevention, protection, response, and recovery for state, local, tribal, and territorial (SLTT) governments through the Multi-State Information Sharing and Analysis Center (MS-ISAC). The MS-ISAC offers 24x7 cyber threat warnings and advisories, vulnerability identification, and mitigation and incident response.
Center for Internet Security (CIS)
To remain effective, a network security professional must:
Keep abreast of the latest threats -
This includes subscribing to real-time feeds regarding threats, routinely perusing security-related websites, following security blogs and podcasts, and more.
Continue to upgrade skills -
This includes attending security-related training, workshops, and conferences.
Information security deals with protecting information
and information systems from unauthorized access,
use, disclosure, disruption, modification, or
destruction. The ___ serves as a conceptual
foundation for the field.
CIA Triad
Only authorized individuals, entities, or processes can access sensitive information.
Confidentiality
This refers to the protection of data from unauthorized alteration.
Integrity
Authorized users must have uninterrupted access to the network resources and data that they require.
Availability
There are 14 network security domains specified by the International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC).
Described by ISO/IEC 27001, these 14 domains serve to organize, at a high level, the vast realm of information and activities under the umbrella of network security.
These domains have some significant parallels with domains defined by the Certified Information Systems Security Professional (CISSP) certification.
CONT
The 14 domains are intended to serve as a common basis for developing organizational security standards and effective security management practices.
They also help to facilitate communication between organizations.
These 14 domains provide a convenient separation of the elements of network security. While it is not important to memorize these 14 domains, it is important to be aware of their existence and formal declaration by the ISO. In the ISO 27001 standard these are known as the 14 control sets of Annex A. They will serve as a useful reference in your work as a network security professional.
14 Network Security Domain
Information Security Policies
Organization of Information Security
Human Resources Security
Asset Management
Access Control
Cryptography
Physical and Environmental Security
Operations Security
Communications Security
System Acquisition, Development, and Maintenance
Supplier Relationships
Information Security Incident Management
Business Continuity Management
Compliance
This annex is designed to ensure that security policies are created, reviewed, and maintained.
Information Security Policies
This is the governance model set out by an organization for information security. It assigns responsibilities for information security tasks within an organization.
Organization of Information Security
This addresses security responsibilities relating to employees joining, moving within, and leaving an organization.
Human Resources Security
This concerns the way that organizations create an inventory of and classification scheme for information assets.
Asset Management
This describes the restriction of access rights to networks, systems, applications, functions, and data.
Access Control
This concerns data encryption and the management of sensitive information to protect confidentiality, integrity, and availability of data.
Cryptography
This describes the protection of the physical computer facilities and equipment within an organization.
Physical and Environmental Security
This describes the management of technical security controls in systems and networks including malware defenses, data backup, logging and monitoring, vulnerability management, and audit considerations. This domain is also concerned with the integrity of software that is used in business operations.
Operations Security
This concerns the security of data as it is communicated on networks, both within an organization or between and organization and third parties such as customers or suppliers.
Communications Security
This ensures that information security remains a central concern in an organization’s processes across the entire lifecycle, in both private and public networks.
System Acquisition, Development, and Maintenance
This concerns the specification of contractual agreements that protect an organization’s information and technology assets that are accessible by third parties that provide supplies and services to the organization.
Supplier Relationships
This describes how to anticipate and respond to information security breaches.
Information Security Incident Management
This describes the protection, maintenance, and recovery of business-critical processes and systems.
Business Continuity Management
This describes the process of ensuring conformance with information security policies, standards, and regulations.
Compliance
are the guidelines that are developed by an organization to govern its actions. The policies define standards of correct behavior for the business and its employees. In networking, policies define the activities that are allowed on the network. This sets a baseline of acceptable use. If behavior that violates business policy is detected on the network, it is possible that a security breach has occurred.
Business policies
These policies establish the rules of conduct and the responsibilities of both employees and employers.
Policies protect the rights of workers as well as the business interests of employers.
Depending on the needs of the organization, various policies and procedures establish rules regarding employee conduct, attendance, dress code, privacy and other areas related to the terms and conditions of employment.
Company policies
These policies are created and maintained by human resources staff to identify employee salary, pay schedule, employee benefits, work schedule, vacations, and more.
They are often provided to new employees to review and sign.
Employee policies
These policies identify a set of security objectives for a company, define the rules of behavior for users and administrators, and specify system requirements.
These objectives, rules, and requirements collectively ensure the security of a network and the computer systems in an organization.
Much like a continuity plan, a security policy is a constantly evolving document based on changes in the threat landscape, vulnerabilities, and business and employee requirements.
Security policies
are used to inform users, staff, and managers of an organization’s requirements for protecting technology and information assets. A______also specifies the mechanisms that are needed to meet security requirements and provides a baseline from which to acquire, configure, and audit computer systems and networks for compliance.
Security policies
A comprehensive security policy has a number of benefits, including the following:
Demonstrates an organization’s commitment to security
Sets the rules for expected behavior
Ensures consistency in system operations, software and hardware acquisition and use, and maintenance
Defines the legal consequences of violations
Gives security staff the backing of management
Specifies authorized persons that can have access to network resources and identity verification procedures.
Identification and authentication policy
Ensures passwords meet minimum requirements and are changed regularly.
Password policies
Identifies network applications and uses that are acceptable to the organization. It may also identify ramifications if this policy is violated.
Acceptable Use Policy (AUP)
Identifies how remote users can access a network and what is accessible via remote connectivity.
Remote access policy
Specifies network device operating systems and end user application update procedures.
Network maintenance policy
Describes how security incidents are handled.
Incident handling procedures
One of the most common security policy components is an ____. This can also be referred to as an _____ This component defines what users are allowed and not allowed to do on the various system components. This includes the type of traffic that is allowed on the network. The ___ should be as explicit as possible to avoid misunderstanding.
AUP / Appropriate use policy
Many organizations must now also support _____. This enables employees to use
their own mobile devices to access company systems, software, networks, or information. This can bring an
increased information security risk because ____ can lead to data breaches and greater liability for the
organization.
Bring Your Own Device (BYOD)
BYOD security best practices to help mitigate BYOD vulnerabilities are:
Password protected access
Manually control wireless connectivity
Keep updated
Back up data
Enable “Find my Device”
Provide antivirus software
Use Mobile Device Management (MDM)
BYOD provides several key benefits to enterprises, including
increased productivity,
reduced IT and operating costs,
better mobility for employees, and
greater appeal when it comes to hiring and retaining employees.
Use unique passwords for each device and account.
Password protected access
Turn off Wi-Fi and Bluetooth connectivity when not in use. Connect only to trusted networks.
Manually control wireless connectivity
Always keep the device OS and other software updated. Updated software often contains security patches to mitigate against the latest threats or exploits.
Keep updated
Enable backup of the device in case it is lost or stolen.
Back up data
Subscribe to a device locator service with remote wipe feature.
Enable “Find my Device”
Provide antivirus software for approved BYOD devices.
Provide antivirus software
MDM software enables IT teams to implement security settings and software configurations on all devices that connect to company networks.
Use Mobile Device Management (MDM) software