Cissp Domain 1 Flashcards

Question

Steps in Threat modelling - 5

Answer 1

Identify threats Determining and diagram ing potential threats Perform Reduction analysis Prioritisation and response

Answer 2

Creation of diagram of the elements involved in a transaction along with data flow and previliges boundaries

Answer 3

Gain greater understanding of the logic of the product, it's internal components as well as it's interactions with external elements

Answer 4

Trust boundaries- level of trust or security changes Data flow paths - Movement of data between locations Input points - location where external input is received Previliged operations - Any activity that requires greater previliges than of a user account Details about security stance and approach

Answer 5

Damage potential Reproducibility Exploitablity Affected users Discoverablity

Answer 6

Most computers, devices, networks , systems and cloud services are not built by a single entity

Answer 7

Service level requirment a statement of the expectations of service and performance from the product or service of a vendor Prior to SLA and should incorporate above

Answer 8

When several people work together to prepetrate crime

Answer 9

Detect abuses, verify the work tasks and previliges

Answer 10

Several entities or organisation involved in project

Answer 11

Used to describe the use of an external third party such as vendor consultant

Answer 12

Active prevention of unauthorised access to pii Freedom from unauthorised access to info deemed personal or confidential Freedom from being observed, monitored or examined without consent or knowledge

Answer 13

Reduce risk to an acceptable level

Answer 14

Risk assessment: PXI Risk response : Evaluating countermeasures, safeguards and security controls using c/b analysis

Answer 15

Protection mechanism Anything that removes or reduces a vulnerability or protects against one or more specific threats

Answer 16

Threats exploits vulnerabilities which results in exposure. Exposure is risk and risk is mitigated by Safeguards which are endangered by threats

Answer 17

C-b Safeguards are applied

Answer 18

Threat based RA or Asset based RA 1.Asset valuation 2.Identify threats and vulnerabilities 3.Risk assessment Analysis 1. Quantitative: AV and Threat Identification EF SLE ARO ALE Research countermeasures C-B countermeasures 2. Qualitative: Scenario based Brainstorm Delphi : Anonymous feedback Interviews Risk Response - Reduction - Transfer - Deterrence - Avoidance - Acceptance - Reject

Answer 19

AV EF SLE ARO ALE Perform c-b countermeasures

Answer 20

Percentage of loss that an organisation would experience if specific assets were violated by risk

Answer 21

Total amount of risk that organization is willing to shoulder in aggregate across all assets Level of risk an organisation is able to shoulder RA>RC Amount of risk that an organization will accept per individual asset threat pair Maximum level of risk above risk target that will be tolerated before further risk management actions are taken

Answer 22

Upper management has chosen not to implement a response

Answer 23

**No Safeguards** Before security control After security control

Answer 24

Amount of risk an organisation would face if no safeguards implemented Threats*Vulnerability*Asset Value

Answer 25

Total risk- Residual risk

Answer 26

Risk introduced by introduction of countermeasures

Answer 27

For each asset threat pairing an inventory of potential and available Safeguards must be made ALE1 - Pre Safeguards ALE 2- Post Safeguards

Answer 28

[ALE1 - ALE2] - ACS = Value of Safeguards to company If it's-ve not good choice

Answer 29

Pre safeguards ALE for an asset threat pairing ( ALE1) Potential post Safeguard ALE for an asset threat pairing (ALE2) ACS

Answer 30

Administrative: Management controls, Policy, procedure, hiring practices Technical or logical: H/W or S/W mechanism to manage access and provide protection for IT resources Physical control

Answer 31

**Unwanted or unauthorised activity** Fences, locks, SoD, job rotation, dlp

Answer 32

Deployed to **discourage** security policy violations CCTV, awareness

Answer 33

**Discover or detect** unwanted or unauthorised activity

Answer 34

**Modifies** the environment to return systems to normal after an unwanted or unauthorised activity has occurred Reboot System, IPS, back and restore, antimalware solution

Answer 35

**Extension of corrective controls** Attempt to repair or restore resources after a security violation BCP, DR, Reciprocal agreement, cloud providers

Answer 36

Deployed to direct to force or encourage compliance with security policies Guidance from security gaurd, monitoring and supervision

Answer 37

Effectiveness of security mechanism, evaluate toughness of the risk management process of the organization, produce a report of relative strengths and weakness of devloped security infra

Answer 38

EOL: Manufacturer no longer produces product. **Service and support may continue for a period of time after EOL** EOSL: Those systems that longer receiving updates and support from vendor

Answer 39

Prepare : Process initiation Categorize Select Implement: Controls Asses Authorize Monitor

Answer 40

Convincing someone to perform an unauthorised operation Convincing someone to reveal confidential information

Answer 41

Authority Intimidating Consensus: Social proof or following herd Scarcity Familiarity Trust

Answer 42

Research method in order to craft a more effective pretext Pretext - False statement crafted to sound believable

Answer 43

Adding RE: or FW: infront of message to make it look genuine It can fool spam filters

Answer 44

Installs itself without users knowledge It takes advantage of web browser vulnerability or plug ins

Answer 45

Dividing worker groups by sensitivity levels and limiting access to certain areas of building by using locked doors

Answer 46

To steal funds by providing false invoice Proper file sharing mechanism

Answer 47

Identity theft and identity fraud are also related to impersonation. Impersonation is the act of taking on someone’s identity. This might be accomplished by logging into their account with stolen credentials or claiming to be someone else when on the phone. Masquerading- amateurishly

Answer 48

Unauthorised entry gains under authorisation of valid worker without knowledge **Tricking victim into providing consent** - Piggyback

Answer 49

User is re directed to fake website after typo

Answer 50

Awareness - Baseline for understanding Training - Bring change Education - Certificate

Answer 51

Stratergic focused at high level and center around business process and operations DR- Tactical and describe technical details such as recovery sites, backups and fault tolerance

Answer 52

Project scope and planning BIA Continuity planning Approval and implementation

Answer 53

**Organization review** - Identify core department - Critical support services to upkeep system **BCP team selection** **Resource requirements** BCP devlopment BCP testing, training and maintenance BCP implementation **Legal and regulatory requirements**

Answer 54

Identifies business process and tasks that are critical to an organisation **Impact assessment** 1. Quantitative impact assessment * AV *MTD or MTO * RTO *RPO 2. Qualitative impact assessment **Identifying priorities** Create a comprehensive list of critical business functions and rank them in order of importance **Risk identification** - Purely Qualitative - Natural - Man made **Likelihood assessment** ARO for the risks **Impact analysis** EF SLE ALE **Resource prioritisation** Risk to be prioritised based on ALE to be addressed Merge both quantitative and qualitative risks

Answer 55

Devlop continuity stratergy 1. Stratergy devlopment Implementation of zero down time posture Risk to be acceptable and mitigated based on MTD 2. Provision and processes Meat of BCP Designs procedures and mechanism that will mitigate the risks deemed unacceptable during strategy development **Three categories to be protected** People Building and facilities- Hardening and alternate sites Infrastructure - "

Answer 56

Plan approvals Plan implementation- Implementation of resources, Deploying resources Training and education BCP documentation: Continuity planning goals 1.Statement of importance: Address employee on why we need BCP 2.Statement of priorities 3. Statement of organisation responsibility 4. Statement of urgency and timing 5. Risk assessment 6. Risk acceptance/Mitigation 7. Vital records program: Where critical records will be stored and backups 8. Emergency response guidelines 9. Maintanence 10. Testing and exercise

Answer 57

Govern matters that are not crime Difference between civil and criminal law is how it's enforced - govt. through enforcement authorities does not get involved in civil law

Answer 58

Immigration policies

Answer 59

Intangible assets

Answer 60

**Expression of ideas** Protection against unauthorised duplication

Answer 61

Avoid confusion Words, slogan and logos

Answer 62

IP rights of inventors 3 main requirements: - Invention must be new - Invention must be useful - Invention must not be obvious

Answer 63

IP absolutely critical to business could damage if disclosed Patents and copyright can be protected using trade secrets but: - Removes secrecy - Protection limited period of time

Answer 64

Contractual: vendor and customer Shrink wrap: Agreement acknowledgement outside of sw package Click through: Browser click Cloud services: Same as above

Answer 65

Transborder data flow of IP, PII, new tech

Answer 66

Lawfulness, fairness and transparency Purpose limitation Data minimisation Accuracy Storage limitation: Right to be forgotten Security Accountability

Answer 67

Structured analysis of organisation Creation of BCP team Assessment of available resources Analysis of legal and regulatory landscape

Answer 68

Taking no action and accept

Answer 69

Identification Identification is claiming to be an identity when attempting to access a secured area or system. Authentication Authentication is proving that you are that claimed identity. Authorization Authorization is defining the permissions (i.e., allow/grant and/or deny) of a resource and object access for a specific identity or subject. Auditing Auditing is recording a log of the events and activities related to the system and subjects. Accounting Accounting (aka accountability) is reviewing log files to check for com- pliance and violations in order to hold subjects accountable for their actions, especially violations of organizational security policy.

Answer 70

An SLR is a statement of the expectations of service and performance from the product or service of a vendor. Often, an SLR is provided by the customer/client prior to the establishment of the SLA (which should incorporate the elements of the SLR if the vendor expects the customer to sign the agreement).

Answer 71

A security control assessment (SCA) is the formal evaluation of a security infrastructure’s individual mechanisms against a baseline or reliability expectation. The SCA can be per- formed in addition to or independently of a full security evaluation, such as a penetration test or vulnerability assessment. The goals of an SCA are to ensure the effectiveness of the security mechanisms, evaluate the quality and thoroughness of the risk management processes of the organization, and pro- duce a report of the relative strengths and weaknesses of the deployed security infrastructure.