Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

ISC > S3-m2 > Flashcards

S3-m2 Flashcards

1
Q

COSO objectives

A

operations, reporting, compliance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Operational Objectives

A

Include performance measures and safeguards that can help increase the likelihood that an organizations IT assets are protected against cybersecurity threats and fraud

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Reporting Objectives

A

Related to increasing the likelihood that cybersecurity controls are in place so that they do not affect internal and external financial and nonfinancial reporting. Focus of transparency, reliability, timeliness, and trustworthiness

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Compliance Objective

A

Based on adherence to governmental laws and compliance regulations. Compliance with industry standards such as those issued by NIST

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Control Environment

A

the tone at the top
-sets ethical values for an organization by creating a top down approach

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Risk Assmesment

A

Performing risks assessments to evaluate internal and external factors. Applied to cyber threats by tailoring the organizations risk assessment procedures to analyze cyber risks, likelihood of occurrence and the magnitude of their impact

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Control Activities

A

Policies and procedures put in place to help to determine whether the tone at the top set by the control environment is being implemented at all levels of the organization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Information and Communication

A

Focuses on using consistent and relevant language, following best practices for sharing information, and communicating internally and externally with the right stakeholders
-BIA reports reviewed by management that outline the impact of interrupting key business functions
-Periodic emails addressing cybersecurity internal controls to the entire company

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Monitoring Activities

A

Component that should be practiced on an ongoing basis to identify areas of risk vulnerability and to determine effectiveness and efficiencies.
-penetration testing
-vulnerability scanning
-Periodic phishing reports

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Uppermost level of an security rules

A

security policies, which serve as an overview of an organizations security needs and strategic plan for what should be implemented

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Mid level of security rules

A

set of standards that organizations use as a benchmark to accomplish the goals defined by the security policies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Bottom level of security rules

A

Standard operating procedures that are typically detailed documents that specially outline how to perform business processes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Acceptable Use Policy (AUP)

A

A control document created by an organization to regulate and protect technology resources by assigning varying levels of responsibilities to job roles, listing acceptable behaviors by employees and vendors, specifying consequences for those who violate the AUP
-Definition, scope, and purpose
-acceptable use of personal devices of business activities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Bring your own device (BYOD)

A

allows employees to use their personally owned devices for work related activities. It may include some of the same elements as an AUP but will address monitoring and enforcment of actions on personnel devices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is a network?

A

a system of physical and virtual devices that are connected using wired cables or wireless technology that communicate using a mix of different protocols so that users can send, receive, and store data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is a security standard?

A

organizational requirements that are either mandatory by law or adopted by companies as guidelines for best practices. the next level of security rules beneath policies that serve as a course of action to achieve security polices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Standard Operating Procedures (SOPs)

A

The lowest level of documentation that provide detailed instructions on how to perform specific security tasks or controls. These SOPs usually involve a combination of systems, software, and physicals actions so that goals of the security policy and standards are achieved

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Access Point (AP)

Network Hardware

A

a wireless connection point for users to directly connect to a wired network using wireless devices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Bridges

Network Hardware

A

connects separate networks that use the same protocol, even if those networks have different topologies or transmission speeds. Operate at the data link layer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Computers

Network Hardware

A

are user endpoint devices that are the primary mean of user interaction with a network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Gateway

Network Hardware

A

Connects multiple networks that use different protocols, translating one protocol to another so that the two networks can interact. Can operate in all layers but generally in the application

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Hub

Network Hardware

A

Connection points that link multiple systems and devices using the same protocol within a single network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Mobile Phones and Tablets

Network Hardware

A

Devices that are another means through network connection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Modems

Network Hardware

A

Devices that modulate between digital info and analog signal to support networks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Proxies

Network Hardware

A

A form of a gateway that does not translate protocols but rather acts as a mediator that performs functions on behalf of another network using the same protocol instead of just connecting the networks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Routers

Network Hardware

A

Devices that control data flow on an network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Servers

Network Hardware

A

Devices that support computer and networks by performing different core functions such as running apps with application servers, storing files with a file server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Single Modifiers

Network Hardware

A

Devices such as amplifiers, concentrators, and repeaters receive signals and modify them by increasing the signal strength, combining multiple signals

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Switches

Network Hardware

A

Similar to hubs, but instead of broadcasting received signals to every other networked device , switches only route traffic to target destinations, connecting various devices within a network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Network Segmentation or Isolation

Security Method

A

The process of controlling network traffic so that it is either inaccessible or separated from outside communications or other segments within an organizations own network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Firewall

Security Method

A

Are physical devices, software, or both that filter and monitor incoming and outgoing network traffic to a public network to block malicious activity from attackers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Service Set Identifier (SSID)

Security Method

A

The name assigned to a wireless network is known as an SSID and is broadcast by a wireless access point within a certain range so that wireless enabled devices can connect. One way to improve wireless network security is to make networks less visible by disables SSID broadcasting so that the device, stops acting as a beacon that transmits a signal to nearby devices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Virtual Private Network

Security Method

A

A virtual network built on top of existing physical networks that provides a means of secure communications using encryption protocols such as tunneling or internet protocol security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Wifi Protected Access (WPA)

Security Method

A

Security protocol that encrypts traffic between a wireless access point, such as a switch, and a mobile device. Does not encrypt traffic

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Endpoint Security

Security Method

A

The notion that every device , also called hosts, connected to
a network should have some form of local security that is separate from any other security measure in place on the network or communications channel

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

System Hardening

Security Method

A

Is a multipronged comprehensive security approach that reduces risk by minimizing the number of access points through which a company can be attacked. Access points are referred to as attack vectors and include all aspects of IT infrastructure, including applications, databases, operating systems, servers, and networking equipment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

Media Access Control (MAC) Filtering

Security Method

A

A form of filtering in which an access point blocks access to unauthorized devices using a list of approved MAC addresses. A MAC address, also referred to as a physical or hardware address, is a unique identifier found on devices in a network that is used as an address for communicating with other devices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

Tunneling

A

A process in which data, or packets, in one protocol are encapsulated in packers within a different protocol, which creates a tunnel of protection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

IPsec

A

uses cryptography to encrypt communications, provides access control, and authenticate using IP protocols. Similar to tunneling, but it can also be used to only encrypt certain pieces of data, the payload, rathe than the entire IP packet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

Database Hardening

A

Create different privilege levels so that there is a clear delineation between admin users and users that have tiered need to know access. Also, data at rest needs to be encrypted

41
Q

Endpoint Hardening

A

Remove administrative rights for users on local devices so that endpoint users can only perform authorized functions. Restrict users from downloading certain files from the internet or email. Implement local firewalls and malware screening on all laptops.

42
Q

Network Hardening

A

Revise the rules for the firewall so that it is configured to remove unused ports and block unnecessary protocols.

43
Q

Server Hardening

A

Physically segregate servers in a secure facility, further separating backed up servers geographically. If one server or group is attacked, not all will be compromised.

44
Q

Zero Trust

A

The concept of zero trust assumes that a company’s network is always at risk, even after a user has been authenticated, and it shifts a company’s cybersecurity focus away from onetime authentication to continuous validation at every point of a users interaction with a network
Prevent data breaches and limit internal lateral movement

45
Q

ZTA tenets outlined by NIST

A

-all devices and data sources are considered resources, even those not directly managed
-all communications must be secure regardless of a networks location
-Access to company resources is granted on a per-session basis

46
Q

NIST assumptions to implement ZTA tenets

A

-an organizations private network is not considered an implicit trust zone
-Some devices on a company’s network might not be owned or configurable by the company
-no resource is inherently trusted
-remote users should not trust local network connections

47
Q

Least Privilege

A

The notion that users and systems are granted the minimum authorization and system resources needed to perform a function. It admins should put safeguards in place so that privileges’ do not become excessive or allow privilege’s creep in which access to system gradually increases over time as a persons job role evolves

48
Q

Whitelisting

A

The process of identifying a list of applications that are authorized to run on an organizations system and only allowing those programs to be executed

49
Q

Context aware Authentication

A

used to identify mobile device users by using contextual data points such as time, geographic location of the user or ip address

50
Q

Digital signature

A

An electronic stamp of authentication that is usually encrypted and attached to a message for proof of identity

51
Q

Password weaknesses

A

-people often use easy or reused passwords, share passwords
-short passwords can be easily guessed,
-passwords saved by companies in databases by the web are frequently breached

52
Q

Hashing

A

the process of converting passwords into illegible text using hash algorithms such as secure hash algorithms (SHAs). then stored in databased
-one way meaning they are not intended to be reversed

53
Q

Provisioning

A

The process in identity management when an organization creates a users account and provisions it with privilege’s based on their job role.

54
Q

Vulnerability Management

A

Is a proactive security practice designed to prevent the exploitation of IT vulnerabilities that could potentially harm a system or organization. Involves identifying, classifying, mitigating, and fixing known vulnerabilities within a system

55
Q

Identify

Apply NIST Cybersecuirty Framwork - Vulnerability Tools

A

Use the CSF to identify resource vulnerabilities that present in systems, data, assets, and employees. Apply the framework to understand the business environment in which those assets operate, and understand the policies established regarding those resources to define how governance is executed.

56
Q

Protect

Apply NIST Cybersecuirty Framwork - Vulnerability Tools

A

Apply the framework to create safeguards against vulnerabilities by establishing measures to manage identity and access controls, keep assets secure, and inform employees of threats

57
Q

Detect

Apply NIST Cybersecuirty Framwork - Vulnerability Tools

A

Use framework to define relevant activities that can identify vulnerabilities quickly.
-performing continuous monitoring
-searching for anomalies

58
Q

Respond

Apply NIST Cybersecuirty Framwork - Vulnerability Tools

A

Use CSF to put activities in place that will react to discovered vulnerabilities. Analysis of the issue so that the appropriate response is delivered, executing mitigating activities to prevent the vulnerability from affecting other parts of the org

59
Q

Recover

Apply NIST Cybersecuirty Framwork - Vulnerability Tools

A

used to help org transition from its current state in which the vulnerability exists to a state where the vulnerability is mitigated.
-implement a recovery plan
-improvements

60
Q

Vulnerability Scanners

A

applications that test a company’s system for known security risks. Works by checking results against a database of known threats. Scanning for open network ports that can be exploited, analyzing data packets transmitting across systems, identifying protocols
-can also be used against organizations

61
Q

Vulnerability Assesments

A

Typically done as a part of initial risk analysis and then subsequently perform quarterly or annually after that.

62
Q

Common Vulnerabilities and Exposures Dictionary (CVE)

A

A database of security vulnerabilities that provides unique identifiers for different vulnerabilities and risk exposures

63
Q

Patch Management

A

As bugs are discovered, vendors release updated called patches so that customers can correct those vulnerabilities. Important part of minimizing security threats
-patch management is normally subject to inspection by service auditors during a SOC 2

64
Q

What is the purpose of layered security?

A

To protect an org by using a diversified set of security tactics so that a single CS attack or security vulnerability does not compromise an entire system

65
Q

What is the layered approach?

A

typically combines physical access controls, logical and technical controls, and administrative controls to provide control redundancy

66
Q

Defense in Depth

Layerd Security Solution

A

focuses on a multilayered security approach that does not rely on technology alone, but rather it combines people, policies, technology, as well as both physical and logical access controls

67
Q

Redundancy and Diversification

Layerd Security Solution

A

helps counter attacks that target different weaknesses an organization might have. Duplication is a form of redundancy that can be administered through layering processes, isolating processes, concealing data, segmenting hardwarer

68
Q

Safeguarding Practices

Preventive Control

A

Strong preventive software and hardware controls should be coupled with well designed policies and procedures, such as requiring strong passwords, using multifactor authentication, background checks

69
Q

Education and Timing

Preventive Control

A

Informing employees about cybersecurity risks and the corporate tools in place to mitigate those risks serves as a preventive control

70
Q

Regular Security Updates

Preventive Control

A

Broad and comprehensive security enhancements should occur regularly in order for an organizations physical and logical security measures to be protected against the latest CS threats

71
Q

Encryption

Preventive Control

A

encrypting data both at rest and in transit involves the process of converting the data into illegible formatted based on industry standards so that if the data is comprised or stolen, the hackers will not be able to decipher and use the data

72
Q

Firewalls

Preventive Control

A

Monitors and filets traffic based on a set of predefined rules

73
Q

Patches

Preventive Control

A

An update or mod to an existing program that is typically released by an applications creator

74
Q

Physical Barriers

Preventive Control

A

Tangible barriers, or physical obstructions, are controls that are designed to both deter and prevent unauthorized physical access to an organization IT infrastructure
-security guards
-fences

75
Q

Device and Software Hardening

Preventive Control

A

Hardening refers to implementing security tools so that the totality of vulnerable points or the surfaces that can be attacked are reduced

76
Q

Intrusion Prevention System (IPS)

Preventive Control

A

a network security solution that is intended to detect and stop a cyberattack before it reaches the targeted systems. Done by receiving a direct feed of traffic so that all data coming into a network pass through the IPS

77
Q

Access Controls

A

security measures put in place to allow access only to authorized employees

78
Q

Discretionary Access Control (DAC)

A

Is a decentralized control that allows data owners, custodians, or creators to manage their own access to the data or object they own or created
-control the passing of info to other users
-grant or change security attributes of users

79
Q

Mandatory Access Controls

A

nondiscretionary controls that allow admins to centrally manage and enforce rules consistently across an environment. Access is not based on identity but on general set of rules that govern the entire system.

80
Q

Role Based Access Control

A

manages access to areas, devices, or databases according to a predetermined set of rules or access permissions independent of the users role or position within the organization
-access rules are created
-rules are integrated
-control mechanisms check their credentials

81
Q

Policy Based Access Control (PBAC)

A

uses a combo of user roles and policies consisting of rules to maintain and evaluate user access dynamically. More like a framework

82
Q

Risk based Access Controls

A

Apply controls based on the risk level of the asset being accessed, the identity of the user, the intentions of accessing the asset, and the security risks that exits between the user and the system or asset being accessed

83
Q

Detective Controls

A

designed to detect a threat event while it is occurring and provide assistance during investigations and audits after the event has occurred

84
Q

Network Intrusion Detection System NIDS

Detective Controls

A

a security solution that monitors incoming traffic on all devices on a network by matching specific elements of that traffic to a library of known attacks and sending system alerts

85
Q

Antivirus Software Monitoring

Detective Controls

A

works by scanning file in real time and comparing them to a library of known viruses. Scheduled scans of systems should occur automatically

86
Q

Networking Monitoring

Detective Controls

A

There are various tools available to monitor a network, such as packet sniffers, which analyze data packets, NPM tools that measure stats or simple network management protocol (SNMP)

87
Q

Log Analysis

Detective Controls

A

involves the recording and monitoring of data to analyze it so that anomalies, trends, or patterns can be detected that may indicated that unauthorized events have occured

88
Q

Intrusion Detection System (IDS)

Detective Controls

A

A security solution that scans the environment to monitor and analyze network or system events for the purpose of finding and providing real time or near real time warnings of attempts to access system resources in an unauthorized manner
-service auditor within the scope of a SOC 2 may inspect

89
Q

Corrective Controls

A

are intended to fix known vulnerabilities as a result of a recent security incident

90
Q

Reconfigurations

Corrective Controls

A

Modifying an app or system config to rectify known vulnerabilities can restore affected operations and prevent further damages
-firewall rules, retooling

91
Q

Upgrades and Patches

Corrective Controls

A

Security patches and software or app upgrades may be implemented to accomplish objectives such as enhancing system performance, adding new features

92
Q

Revised Policies and Procedures

Corrective Controls

A

Periodically reviewing and revising organizational practices can eliminate some security issues without requiring the purchase of new tech or the modification of existing systems

93
Q

Updated Employee Training

Corrective Controls

A

Gaps in employee knowledge about the risk of certain cyberattacks and other forms of IT exploitation can be reduced or even eliminated by training employees to recognize the hallmarks of common fraud schemes

94
Q

Recovery and Continuity Plans

Corrective Controls

A

Orgs should have a robust plan in place that quickly allows them to recover from a disaster or attack and continue operating so that the period in which normal business operations are interrupted is minimized

95
Q

Antivirus Software Removal of Malicious Viruses

Corrective Controls

A

Most modern antivirus programs are designed to not only identify actual or potential viruses but also to expunge those viruses so that they are no longer a threat

96
Q

Virus Quarantining

Corrective Controls

A

Isolating actual or suspected viruses removes the threat from the rest of a company’s network and is usually accomplished in an automated manner via antivirus software or manually after being flagged

97
Q

Batch Processing

A

Procedures include collection and grouping of input documents/transactions by type of transaction

98
Q

Digital Certificates

A

a form of data security. They behave online in the same way drivers licenses, passports, and other trusted documents behave.

99
Q

A filesystem ACL…

A

can deny privilege’s in an operating system by restricting access to certain files, folders, and directions. A lists of rules that outline which users have permission to access certain resources.

ISC (18 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions