Lesson 1: Summarize Fundamental Security Concepts

Question 1

What are the 3 components of the CIA Triad?

Answer 1

1. Confidentiality
2. Integrity
3. Availability

Question 2

Define ‘Confidentiality’ in the CIA Triad

Answer 2

Keeping data and communications private and protecting them from unauthorized access; data can only be read by people who have explicit authorized access.

Question 3

Define ‘Integrity’ in the CIA (AIC) Triad

Answer 3

Keeping organizational data accurate, free of errors, and without unauthorized modifications.

Question 4

Define ‘Availability’ in the CIA Triad

Answer 4

Ensuring computer systems operate continuously and that authorized persons can access data that they need.

Question 5

Define ‘Non-repudiation’

Answer 5

Goal of ensuring that the party that sent a transmission/created data remains associated with that data and cannot deny sending or creating that data.

Question 6

Define ‘NIST’ (National Institute of Standards and Technology)?

Answer 6

Develops computer security standards; Publishes cybersecurity best practice and research.

Question 7

What are the 5 functions of information/cyber security classified by NIST?

Answer 7

1. Identify
2. Protect
3. Detect
4. Respond
5. Recover

Question 8

Define the ‘Identify’ function defined by NIST

Answer 8

Evaluating assets, risks, business function, policies, threats/vulnerabilities and recommending security controls/policies to manage them securely.

Question 9

Define the ‘Protect’ function defined by NIST

Answer 9

Ensures delivery of critical infrastructure services; Supports the ability to limit/contain a potential cybersecurity event.

Question 10

What are examples of the ‘Protect’ function defined by NIST?

Answer 10

Securing IAM; Security Awareness training; Data protection controls and documentation; Maintenance of assets; Managing protective technology.

Question 11

Define the ‘Detect’ function defined by NIST

Answer 11

Perform ongoing monitoring ensuring controls are effective and capable of protecting against new types of threats; Enables timely discovery of cybersecurity events.

Question 12

What are examples of the ‘Detect’ function defined by NIST?

Answer 12

Ensuring Anomalies and Events are detected; Implementing Continuous Monitoring; Maintaining Detection Processes

Question 13

Define the ‘Respond’ function defined by NIST

Answer 13

Identify, analyze, contain, and eradicate threats to systems and data security.

Question 14

What are examples of the ‘Respond’ function defined by NIST?

Answer 14

Managing communications with stakeholders and law enforcement; Analysis of incidents; Mitigation to prevent expansion and for resolution;

Question 15

Define the ‘Recover’ function defined by NIST

Answer 15

Implementing resilience to restore systems/services/data if other functions are unable to prevent attacks; Supports timely recovery to normal operations.

Question 16

What are examples of the ‘Recover’ function defined by NIST?

Answer 16

Implementing recovery processes to restore systems; Implement improvements based on lessons learned and review of strategy.

Question 17

How are NIST or other framework functions achieved?

Answer 17

By implementing security controls.

Question 18

Define a ‘Security Control’

Answer 18

A technology or procedure put in place to mitigate vulnerabilities and risk and to ensure the confidentiality, integrity, and availability (CIA/AIC)

Question 19

What is the purpose of a cybersecurity framework?

Answer 19

Guides selection and configuration of security controls; Gives structure to risk management and provides externally verifiable statement of regulatory compliance.

Question 20

What are the outcomes of an organization following a cybersecurity framework?

Answer 20

Allows an organization to asses current cybersecurity capabilities, identify a target level of capability, and prioritize investments to achieve targets.

Question 21

Define ‘Gap Analysis’

Answer 21

Measures the difference between the current and desired system state(s) to help assess the scope of work included in a project.

Question 22

What is the purpose of access controls?

Answer 22

Ensure that information system meets the goals of the CIA triad by governing how subjects interacts with objects.

Question 23

Define a ‘Subject’

Answer 23

Something that can request and be granted access to a resource; Person, Service/Process.

Question 24

Define an ‘Object’

Answer 24

The resources that access is granted to; Network, server, database, app, or file.

Question 25

Define IAM (Identity and Access Management)

Answer 25

Process providing identification, authentication, and authorization for users, computers, and services/process to access a network/host/application

Question 26

What are the 4 main processes of IAM?

Answer 26

1. Identification
2. Authentication
3. Authorization
4. Accounting

Question 27

Define the ‘Identification’ process of IAM

Answer 27

Aka enrollment; Creating an account and credentials to uniquely represent a user/host/process in the organization.

Question 28

Define the ‘Authentication’ process of IAM

Answer 28

Determines the method used to validate an entity or individuals credentials.

Question 29

Define the ‘Authorization’ process of IAM

Answer 29

Determining the rights/abilities subjects should have on each resource, and enforcing those rights.

Question 30

Define the ‘Accounting’ process of IAM

Answer 30

Tracking authorized usage of a resource or use of rights by a subject and alerting when unauthorized use is detected or attempted.

Question 31

What is another form of IAM?

Answer 31

AAA (Authentication, Authorization, and Accounting)

Question 32

What are the properties of a secure information processing system?

Answer 32

Confidentiality, integrity, and availability (and non-repudiation)

Question 33

What is the CMD to show the version of windows running on the machine?

Answer 33

winver

Question 34

What are the 4 categories of security controls?

Answer 34

1. Managerial
2. Operational
3. Technical
4. Physical

Question 35

Define a ‘Managerial’ security control

Answer 35

Focuses on the management of risk and the management of information system security.

Question 36

Define an ‘Operational’ security control

Answer 36

Controls implemented by people; Security Guards, Training programs, SOPs

Question 37

Define a ‘Technical’ security control

Answer 37

Implemented as a system (hardware, software, or firmware); Aka. ‘logical controls’; Firewalls, AV, IDS

Question 38

Define a ‘Physical’ security control

Answer 38

Controls such as alarms, gateways, locks, lighting, and security cameras that deter and detect access to premises and hardware.

Question 39

What is another way to define a security control?

Answer 39

.

Question 40

Define a ‘Preventive’ security control

Answer 40

Operates before an attack takes place to eliminate/reduce the likelihood that the attack will succeed.

Question 41

What are examples of a preventive security control?

Answer 41

ACLs, Anti-Virus/Malware, encryption

Question 42

Define a ‘Detective’ security control

Answer 42

Operates during an attack to identify and record an attempted or successful intrusion.

Question 43

What are examples of a detective security control?

Answer 43

Logs review, IDS

Question 44

Define a ‘Corrective’ security control

Answer 44

Eliminates/reduces the impact of a security policy violation.

Question 45

What are examples of a corrective security control?

Answer 45

Backup system to restore data damaged during an intrusion; A patch management system that eliminates a vulnerability before/during/after an attack; Lessons learned.

Question 46

Define a ‘Directive’ security control

Answer 46

Control that enforces a rule, best practice, SOP, or SLA through a policy or contract.

Question 47

What is an example of a directive security control?

Answer 47

A contract/policy; Training/awareness programs.

Question 48

Define a ‘Deterrent’ security control?

Answer 48

Control that discourages intrusion attempts; signs/warnings

Question 49

Define a ‘Compensating’ security control

Answer 49

A substitute for a principal control recommended by a security standard to mitigate risk and affords similar level of protection.

Question 50

Define a security policy

Answer 50

A formalized statement defining how security will be implemented within an organization.

Question 51

What is the role of a CIO (Chief Information Officer)?

Answer 51

Company officer responsible for management of information technology assets and procedures.

Question 52

What is the role of a Chief Technology Officer (CTO)

Answer 52

Company officer with the primary role of making effective use of new and emerging computing platforms and innovations.

Question 53

What is the role of a Chief (Information) Security Officer (CSO)/(CISO)

Answer 53

Person with overall responsibility for information assurance and systems security.

Question 54

Define a security operations center (SOC)

Answer 54

A location where security professionals monitor and protect critical information assets across other business functions.

Question 55

Define DevOps

Answer 55

A combination of software development and system/network operations.

Question 56

What is the purpose of DevOps?

Answer 56

IT personnel and developers can build, test, and release software faster and more reliably.

Question 57

Define DevSecOps

Answer 57

A combination of software development, security operations, and systems/network operations.

Question 58

What is the purpose of DevSecOps?

Answer 58

To embed security expertise into any development project.

Question 59

Define a computer incident response team (CIRT)

Answer 59

A single point of contact for notification of security incidents; Function might be handled by SOC or established as an independent business unit.