Topic 10 Flashcards
Security maintenance
Who decides if the information security program can adapt to change adequately?
The CISO determines whether the information security group can adapt adequately and
maintain the information security program or if the macroscopic process of the SecSDLC
must be used to develop a new information security profile.
What are the three primary aspects of information security risk management? Why is each important?
The three primary aspects are threats, assets, and vulnerabilities. They are used to carefully
evaluate the organization’s security posture via security maintenance and readiness. By
carefully monitoring these three aspects of security, the organization will be more prepared
to address possible problems. By creating an aggressive monitoring policy, the organization
can stay abreast of changes in the environment.
What is a management maintenance model? What does it accomplish?
A management model deals with methods to manage and operate a particular business
operation. It is designed to provide clear guidelines for accomplishing the outlined goals of
the organization.
What changes need to be made to the model in SP 800-100 to adapt it for use in security management maintenance?
No major changes are needed. This document is written for use in information security
management applications. While it must be tailored for specific local requirements and
implementation details, it is functionally usable as presented.
What is vulnerability assessment?
Vulnerability assessment is the assessment of physical and logical vulnerabilities in
information security and related systems. These systems may be technical and nontechnical.
What is penetration testing?
Penetration testing requires security personnel to simulate or perform specific and controlled
attacks to compromise or disrupt their own systems by exploiting documented
vulnerabilities. Penetration testing from outside the organization is commonly performed on
network connections, as security personnel attempt to exploit system vulnerabilities from the
attacker’s viewpoint.
What is the difference between vulnerability assessment and penetration testing?
The primary goal of the vulnerability assessment is to identify specific, documented
vulnerabilities, using the inventory of environment characteristics stored in the risk, threat,
and attack database. These vulnerabilities are stored, tracked, and reported in the
vulnerability database until they are remediated. Penetration testing, a level beyond
vulnerability testing, is a set of security tests and evaluations that simulate attacks by a
malicious hacker. A penetration test, or pen test, is usually performed periodically as part of
a full security audit. In most security tests, such as vulnerability assessments, great care is
taken not to disrupt normal business operations, but in pen testing the analyst tries to get as
far as possible by simulating the actions of an attacker.
What is the objective of the external monitoring domain of the maintenance model?
The objective is to provide early awareness of new and emerging threats, threat agents,
vulnerabilities, and attacks that the organization needs to mount an effective and timely
defense.
What does CERT stand for? Is there more than one CERT? What is the purpose of a CERT?
CERT stands for computer emergency response teams. There are several forms of CERT,
including US-CERT.
What is the primary goal of the vulnerability assessment and remediation domain of the maintenance model? Is this important to an organization with an Internet presence? Why?
The primary goal is the identification of specific, documented vulnerabilities and their timely
remediation. This goal is important to organizations with an Internet presence because
attackers can take advantage of any loophole or flaw in the public network.
