S3-m2

Question 1

COSO objectives

Answer 1

operations, reporting, compliance

Question 2

Operational Objectives

Answer 2

Include performance measures and safeguards that can help increase the likelihood that an organizations IT assets are protected against cybersecurity threats and fraud

Question 3

Reporting Objectives

Answer 3

Related to increasing the likelihood that cybersecurity controls are in place so that they do not affect internal and external financial and nonfinancial reporting. Focus of transparency, reliability, timeliness, and trustworthiness

Question 4

Compliance Objective

Answer 4

Based on adherence to governmental laws and compliance regulations. Compliance with industry standards such as those issued by NIST

Question 5

Control Environment

Answer 5

the tone at the top
-sets ethical values for an organization by creating a top down approach

Question 6

Risk Assmesment

Answer 6

Performing risks assessments to evaluate internal and external factors. Applied to cyber threats by tailoring the organizations risk assessment procedures to analyze cyber risks, likelihood of occurrence and the magnitude of their impact

Question 7

Control Activities

Answer 7

Policies and procedures put in place to help to determine whether the tone at the top set by the control environment is being implemented at all levels of the organization

Question 8

Information and Communication

Answer 8

Focuses on using consistent and relevant language, following best practices for sharing information, and communicating internally and externally with the right stakeholders
-BIA reports reviewed by management that outline the impact of interrupting key business functions
-Periodic emails addressing cybersecurity internal controls to the entire company

Question 9

Monitoring Activities

Answer 9

Component that should be practiced on an ongoing basis to identify areas of risk vulnerability and to determine effectiveness and efficiencies.
-penetration testing
-vulnerability scanning
-Periodic phishing reports

Question 10

Uppermost level of an security rules

Answer 10

security policies, which serve as an overview of an organizations security needs and strategic plan for what should be implemented

Question 11

Mid level of security rules

Answer 11

set of standards that organizations use as a benchmark to accomplish the goals defined by the security policies

Question 12

Bottom level of security rules

Answer 12

Standard operating procedures that are typically detailed documents that specially outline how to perform business processes

Question 13

Acceptable Use Policy (AUP)

Answer 13

A control document created by an organization to regulate and protect technology resources by assigning varying levels of responsibilities to job roles, listing acceptable behaviors by employees and vendors, specifying consequences for those who violate the AUP
-Definition, scope, and purpose
-acceptable use of personal devices of business activities

Question 14

Bring your own device (BYOD)

Answer 14

allows employees to use their personally owned devices for work related activities. It may include some of the same elements as an AUP but will address monitoring and enforcment of actions on personnel devices

Question 15

What is a network?

Answer 15

a system of physical and virtual devices that are connected using wired cables or wireless technology that communicate using a mix of different protocols so that users can send, receive, and store data.

Question 16

What is a security standard?

Answer 16

organizational requirements that are either mandatory by law or adopted by companies as guidelines for best practices. the next level of security rules beneath policies that serve as a course of action to achieve security polices

Question 17

Standard Operating Procedures (SOPs)

Answer 17

The lowest level of documentation that provide detailed instructions on how to perform specific security tasks or controls. These SOPs usually involve a combination of systems, software, and physicals actions so that goals of the security policy and standards are achieved

Question 18

Access Point (AP)

Network Hardware

Answer 18

a wireless connection point for users to directly connect to a wired network using wireless devices

Question 19

Bridges

Network Hardware

Answer 19

connects separate networks that use the same protocol, even if those networks have different topologies or transmission speeds. Operate at the data link layer

Question 20

Computers

Network Hardware

Answer 20

are user endpoint devices that are the primary mean of user interaction with a network

Question 21

Gateway

Network Hardware

Answer 21

Connects multiple networks that use different protocols, translating one protocol to another so that the two networks can interact. Can operate in all layers but generally in the application

Question 22

Hub

Network Hardware

Answer 22

Connection points that link multiple systems and devices using the same protocol within a single network

Question 23

Mobile Phones and Tablets

Network Hardware

Answer 23

Devices that are another means through network connection

Question 24

Modems

Network Hardware

Answer 24

Devices that modulate between digital info and analog signal to support networks.

Question 25

Proxies | Network Hardware

Answer 25

A form of a gateway that does not translate protocols but rather acts as a mediator that performs functions on behalf of another network using the same protocol instead of just connecting the networks

Question 26

Routers | Network Hardware

Answer 26

Devices that control data flow on an network

Question 27

Servers | Network Hardware

Answer 27

Devices that support computer and networks by performing different core functions such as running apps with application servers, storing files with a file server

Question 28

Single Modifiers | Network Hardware

Answer 28

Devices such as amplifiers, concentrators, and repeaters receive signals and modify them by increasing the signal strength, combining multiple signals

Question 29

Switches | Network Hardware

Answer 29

Similar to hubs, but instead of broadcasting received signals to every other networked device , switches only route traffic to target destinations, connecting various devices within a network

Question 30

Network Segmentation or Isolation | Security Method

Answer 30

The process of controlling network traffic so that it is either inaccessible or separated from outside communications or other segments within an organizations own network

Question 31

Firewall | Security Method

Answer 31

Are physical devices, software, or both that filter and monitor incoming and outgoing network traffic to a public network to block malicious activity from attackers

Question 32

Service Set Identifier (SSID) | Security Method

Answer 32

The name assigned to a wireless network is known as an SSID and is broadcast by a wireless access point within a certain range so that wireless enabled devices can connect. One way to improve wireless network security is to make networks less visible by disables SSID broadcasting so that the device, stops acting as a beacon that transmits a signal to nearby devices

Question 33

Virtual Private Network | Security Method

Answer 33

A virtual network built on top of existing physical networks that provides a means of secure communications using encryption protocols such as tunneling or internet protocol security

Question 34

Wifi Protected Access (WPA) | Security Method

Answer 34

Security protocol that encrypts traffic between a wireless access point, such as a switch, and a mobile device. Does not encrypt traffic

Question 35

Endpoint Security | Security Method

Answer 35

The notion that every device , also called hosts, connected to a network should have some form of local security that is separate from any other security measure in place on the network or communications channel

Question 36

System Hardening | Security Method

Answer 36

Is a multipronged comprehensive security approach that reduces risk by minimizing the number of access points through which a company can be attacked. Access points are referred to as attack vectors and include all aspects of IT infrastructure, including applications, databases, operating systems, servers, and networking equipment

Question 37

Media Access Control (MAC) Filtering | Security Method

Answer 37

A form of filtering in which an access point blocks access to unauthorized devices using a list of approved MAC addresses. A MAC address, also referred to as a physical or hardware address, is a unique identifier found on devices in a network that is used as an address for communicating with other devices

Question 38

Tunneling

Answer 38

A process in which data, or packets, in one protocol are encapsulated in packers within a different protocol, which creates a tunnel of protection

Question 39

IPsec

Answer 39

uses cryptography to encrypt communications, provides access control, and authenticate using IP protocols. Similar to tunneling, but it can also be used to only encrypt certain pieces of data, the payload, rathe than the entire IP packet

Question 40

Database Hardening

Answer 40

Create different privilege levels so that there is a clear delineation between admin users and users that have tiered need to know access. Also, data at rest needs to be encrypted

Question 41

Endpoint Hardening

Answer 41

Remove administrative rights for users on local devices so that endpoint users can only perform authorized functions. Restrict users from downloading certain files from the internet or email. Implement local firewalls and malware screening on all laptops.

Question 42

Network Hardening

Answer 42

Revise the rules for the firewall so that it is configured to remove unused ports and block unnecessary protocols.

Question 43

Server Hardening

Answer 43

Physically segregate servers in a secure facility, further separating backed up servers geographically. If one server or group is attacked, not all will be compromised.

Question 44

Zero Trust

Answer 44

The concept of zero trust assumes that a company's network is always at risk, even after a user has been authenticated, and it shifts a company's cybersecurity focus away from onetime authentication to continuous validation at every point of a users interaction with a network Prevent data breaches and limit internal lateral movement

Question 45

ZTA tenets outlined by NIST

Answer 45

-all devices and data sources are considered resources, even those not directly managed -all communications must be secure regardless of a networks location -Access to company resources is granted on a per-session basis

Question 46

NIST assumptions to implement ZTA tenets

Answer 46

-an organizations private network is not considered an implicit trust zone -Some devices on a company's network might not be owned or configurable by the company -no resource is inherently trusted -remote users should not trust local network connections

Question 47

Least Privilege

Answer 47

The notion that users and systems are granted the minimum authorization and system resources needed to perform a function. It admins should put safeguards in place so that privileges' do not become excessive or allow privilege's creep in which access to system gradually increases over time as a persons job role evolves

Question 48

Whitelisting

Answer 48

The process of identifying a list of applications that are authorized to run on an organizations system and only allowing those programs to be executed

Question 49

Context aware Authentication

Answer 49

used to identify mobile device users by using contextual data points such as time, geographic location of the user or ip address

Question 50

Digital signature

Answer 50

An electronic stamp of authentication that is usually encrypted and attached to a message for proof of identity

Question 51

Password weaknesses

Answer 51

-people often use easy or reused passwords, share passwords -short passwords can be easily guessed, -passwords saved by companies in databases by the web are frequently breached

Question 52

Hashing

Answer 52

the process of converting passwords into illegible text using hash algorithms such as secure hash algorithms (SHAs). then stored in databased -one way meaning they are not intended to be reversed

Question 53

Provisioning

Answer 53

The process in identity management when an organization creates a users account and provisions it with privilege's based on their job role.

Question 54

Vulnerability Management

Answer 54

Is a proactive security practice designed to prevent the exploitation of IT vulnerabilities that could potentially harm a system or organization. Involves identifying, classifying, mitigating, and fixing known vulnerabilities within a system

Question 55

Identify | Apply NIST Cybersecuirty Framwork - Vulnerability Tools

Answer 55

Use the CSF to identify resource vulnerabilities that present in systems, data, assets, and employees. Apply the framework to understand the business environment in which those assets operate, and understand the policies established regarding those resources to define how governance is executed.

Question 56

Protect | Apply NIST Cybersecuirty Framwork - Vulnerability Tools

Answer 56

Apply the framework to create safeguards against vulnerabilities by establishing measures to manage identity and access controls, keep assets secure, and inform employees of threats

Question 57

Detect | Apply NIST Cybersecuirty Framwork - Vulnerability Tools

Answer 57

Use framework to define relevant activities that can identify vulnerabilities quickly. -performing continuous monitoring -searching for anomalies

Question 58

Respond | Apply NIST Cybersecuirty Framwork - Vulnerability Tools

Answer 58

Use CSF to put activities in place that will react to discovered vulnerabilities. Analysis of the issue so that the appropriate response is delivered, executing mitigating activities to prevent the vulnerability from affecting other parts of the org

Question 59

Recover | Apply NIST Cybersecuirty Framwork - Vulnerability Tools

Answer 59

used to help org transition from its current state in which the vulnerability exists to a state where the vulnerability is mitigated. -implement a recovery plan -improvements

Question 60

Vulnerability Scanners

Answer 60

applications that test a company's system for known security risks. Works by checking results against a database of known threats. Scanning for open network ports that can be exploited, analyzing data packets transmitting across systems, identifying protocols -can also be used against organizations

Question 61

Vulnerability Assesments

Answer 61

Typically done as a part of initial risk analysis and then subsequently perform quarterly or annually after that.

Question 62

Common Vulnerabilities and Exposures Dictionary (CVE)

Answer 62

A database of security vulnerabilities that provides unique identifiers for different vulnerabilities and risk exposures

Question 63

Patch Management

Answer 63

As bugs are discovered, vendors release updated called patches so that customers can correct those vulnerabilities. Important part of minimizing security threats -patch management is normally subject to inspection by service auditors during a SOC 2

Question 64

What is the purpose of layered security?

Answer 64

To protect an org by using a diversified set of security tactics so that a single CS attack or security vulnerability does not compromise an entire system

Question 65

What is the layered approach?

Answer 65

typically combines physical access controls, logical and technical controls, and administrative controls to provide control redundancy

Question 66

Defense in Depth | Layerd Security Solution

Answer 66

focuses on a multilayered security approach that does not rely on technology alone, but rather it combines people, policies, technology, as well as both physical and logical access controls

Question 67

Redundancy and Diversification | Layerd Security Solution

Answer 67

helps counter attacks that target different weaknesses an organization might have. Duplication is a form of redundancy that can be administered through layering processes, isolating processes, concealing data, segmenting hardwarer

Question 68

Safeguarding Practices | Preventive Control

Answer 68

Strong preventive software and hardware controls should be coupled with well designed policies and procedures, such as requiring strong passwords, using multifactor authentication, background checks

Question 69

Education and Timing | Preventive Control

Answer 69

Informing employees about cybersecurity risks and the corporate tools in place to mitigate those risks serves as a preventive control

Question 70

Regular Security Updates | Preventive Control

Answer 70

Broad and comprehensive security enhancements should occur regularly in order for an organizations physical and logical security measures to be protected against the latest CS threats

Question 71

Encryption | Preventive Control

Answer 71

encrypting data both at rest and in transit involves the process of converting the data into illegible formatted based on industry standards so that if the data is comprised or stolen, the hackers will not be able to decipher and use the data

Question 72

Firewalls | Preventive Control

Answer 72

Monitors and filets traffic based on a set of predefined rules

Question 73

Patches | Preventive Control

Answer 73

An update or mod to an existing program that is typically released by an applications creator

Question 74

Physical Barriers | Preventive Control

Answer 74

Tangible barriers, or physical obstructions, are controls that are designed to both deter and prevent unauthorized physical access to an organization IT infrastructure -security guards -fences

Question 75

Device and Software Hardening | Preventive Control

Answer 75

Hardening refers to implementing security tools so that the totality of vulnerable points or the surfaces that can be attacked are reduced

Question 76

Intrusion Prevention System (IPS) | Preventive Control

Answer 76

a network security solution that is intended to detect and stop a cyberattack before it reaches the targeted systems. Done by receiving a direct feed of traffic so that all data coming into a network pass through the IPS

Question 77

Access Controls

Answer 77

security measures put in place to allow access only to authorized employees

Question 78

Discretionary Access Control (DAC)

Answer 78

Is a decentralized control that allows data owners, custodians, or creators to manage their own access to the data or object they own or created -control the passing of info to other users -grant or change security attributes of users

Question 79

Mandatory Access Controls

Answer 79

nondiscretionary controls that allow admins to centrally manage and enforce rules consistently across an environment. Access is not based on identity but on general set of rules that govern the entire system.

Question 80

Role Based Access Control

Answer 80

manages access to areas, devices, or databases according to a predetermined set of rules or access permissions independent of the users role or position within the organization -access rules are created -rules are integrated -control mechanisms check their credentials

Question 81

Policy Based Access Control (PBAC)

Answer 81

uses a combo of user roles and policies consisting of rules to maintain and evaluate user access dynamically. More like a framework

Question 82

Risk based Access Controls

Answer 82

Apply controls based on the risk level of the asset being accessed, the identity of the user, the intentions of accessing the asset, and the security risks that exits between the user and the system or asset being accessed

Question 83

Detective Controls

Answer 83

designed to detect a threat event while it is occurring and provide assistance during investigations and audits after the event has occurred

Question 84

Network Intrusion Detection System NIDS | Detective Controls

Answer 84

a security solution that monitors incoming traffic on all devices on a network by matching specific elements of that traffic to a library of known attacks and sending system alerts

Question 85

Antivirus Software Monitoring | Detective Controls

Answer 85

works by scanning file in real time and comparing them to a library of known viruses. Scheduled scans of systems should occur automatically

Question 86

Networking Monitoring | Detective Controls

Answer 86

There are various tools available to monitor a network, such as packet sniffers, which analyze data packets, NPM tools that measure stats or simple network management protocol (SNMP)

Question 87

Log Analysis | Detective Controls

Answer 87

involves the recording and monitoring of data to analyze it so that anomalies, trends, or patterns can be detected that may indicated that unauthorized events have occured

Question 88

Intrusion Detection System (IDS) | Detective Controls

Answer 88

A security solution that scans the environment to monitor and analyze network or system events for the purpose of finding and providing real time or near real time warnings of attempts to access system resources in an unauthorized manner -service auditor within the scope of a SOC 2 may inspect

Question 89

Corrective Controls

Answer 89

are intended to fix known vulnerabilities as a result of a recent security incident

Question 90

Reconfigurations | Corrective Controls

Answer 90

Modifying an app or system config to rectify known vulnerabilities can restore affected operations and prevent further damages -firewall rules, retooling

Question 91

Upgrades and Patches | Corrective Controls

Answer 91

Security patches and software or app upgrades may be implemented to accomplish objectives such as enhancing system performance, adding new features

Question 92

Revised Policies and Procedures | Corrective Controls

Answer 92

Periodically reviewing and revising organizational practices can eliminate some security issues without requiring the purchase of new tech or the modification of existing systems

Question 93

Updated Employee Training | Corrective Controls

Answer 93

Gaps in employee knowledge about the risk of certain cyberattacks and other forms of IT exploitation can be reduced or even eliminated by training employees to recognize the hallmarks of common fraud schemes

Question 94

Recovery and Continuity Plans | Corrective Controls

Answer 94

Orgs should have a robust plan in place that quickly allows them to recover from a disaster or attack and continue operating so that the period in which normal business operations are interrupted is minimized

Question 95

Antivirus Software Removal of Malicious Viruses | Corrective Controls

Answer 95

Most modern antivirus programs are designed to not only identify actual or potential viruses but also to expunge those viruses so that they are no longer a threat

Question 96

Virus Quarantining | Corrective Controls

Answer 96

Isolating actual or suspected viruses removes the threat from the rest of a company's network and is usually accomplished in an automated manner via antivirus software or manually after being flagged

Question 97

Batch Processing

Answer 97

Procedures include collection and grouping of input documents/transactions by type of transaction

Question 98

Digital Certificates

Answer 98

a form of data security. They behave online in the same way drivers licenses, passports, and other trusted documents behave.

Question 99

A filesystem ACL...

Answer 99

can deny privilege's in an operating system by restricting access to certain files, folders, and directions. A lists of rules that outline which users have permission to access certain resources.