Corporate Security #1 Flashcards
(30 cards)
Note: Cyber Essential ‘the 5 Basic Requirements’ are also refered to as ….
the 5 Technical Controls’
What are the 5 Cyber Essentials Basic Requirements?
1) Firewalls 2) Security Configurations 3) Security Update Management 4) User Access Control 5) Malware Protection
The five Cyber Essentials Requirements (Firewall, etc) apply to all software/devices that do what 3 things?
1) Accept incoming connections from Internet 2) Establish outbound connections to Internet 3) Control the flow of data between devices and internet
What is a Firewall?
A Firewall is a Network Security Device
What does a Firewall do?
Firewalls block/allow traffic
What is the Goal/Aim of a Firewall?
Make sure only necessary network services are accessed by the Internet
A Firewall has three requirements. What is the first requirement, about a Firewall’s default behaviour?
By default, Firewalls block all inbound connections
A Firewall has three requirements. What is the second requirement, about a Firewall’s inbound connection rules?
Every inbound rule that accepts connections must be motivated and documented
A Firewall has three requirements. What is the third requirement, about uneccessary Firewall rules?
Remove or disable Firewall rules when they’re not needed
What is Secure Configuration?
A set of best practices for the configuration of computers/devices
What is the first Goal/Aim of Secure Configuration, about network device vulnerabilites?
Ensure that network devices are properly configured to reduce vulnerabilities
What is the second Goal/Aim of Secure Configuration, about network device services?
Ensure that network devices are properly configured to only offer the services required of their role
Secure Configuration has 4 requirements. What is the first requirement, about unnecessary software?
Remove or disable unnecessary software
Secure Configuration has 4 requirements. What is the second requirement, about auto-run?
Disable auto-run features
Secure Configuration has 4 requirements. What is the third requirement, about passwords?
Change guessable passwords
Secure Configuration has 4 requirements. What is the fourth requirement, about authentication?
Authenticate users before granting access
What is Security Update Management?
A set of best practices for the maintenance and update of software
What is the Aim of Security Update Management?
Ensure that devices and software are not vulnerable to known security issues that have patches available
Security Update Management has 3 requirements. What is the first requirement, about software licensing?
All software must be licensed or removed
Security Update Management has 3 requirements. What is the second requirement, about automatic updates?
Have automatic software updates enabled where possible
Security Update Management has 3 requirements. What is the third requirement, about when to apply updates?
Make sure updates are applied (manually, if required) within 14 days of release
What is User access control?
A set of processes to manage accounts
What is the Aim of User access control?
Ensure that user accounts are assigned to authorised people only, and provide access only to the things the user needs to carry out their role
User access control has 3 requirements. What is the first requirement, about removing accounts?
Remove/disable accounts when no longer required
