Section 1 Flashcards
(43 cards)
1
Q
Categories of Security Controls (1.1)
A
-
Technical Controls
- Technologies, hardware, and software mechanisms that are implemented to manage and reduce risks
-
Managerial Controls
- Sometimes also referred to as administrative controls
- Involve the strategic planning and governance side of security
-
Operational Controls
day-to-day basis- Procedures and measures that are designed to protect data on aday-to-day basis
- Are mainly governed by internal processes and human actions
-
Physical Controls
- Tangible, real-world measures taken to protect assets
2
Q
Types of Security Controls (1.1)
A
-
Preventive Controls
- Proactive measures implemented to thwart potential security threats or breaches
-
Deterrent Controls
- Discourage potential attackers by making the effort seem less appealing or more challenging
-
Detective Control
- Monitor and alert organizations to malicious activities as they occur or shortly thereafter
-
Corrective Controls
- Mitigate any potential damage and restore our systems to their normal state
-
Compensating Controls
- Alternative measures that are implemented when primary security controls are not feasible or effective
-
Directive Controls
- Guide, inform, or mandate actions
- Often rooted in policy or documentation and set the standards for behavior within an organization
3
Q
CIA Triad (1.2)
A
-
Confidentiality
- Ensures information is accessible only to authorized personnel (Encryption, Access control)
-
Integrity
- Ensures data remains accurate and unaltered (Hashing, Digital signatures, Certificates, Non-repudiation, Checksums)
-
Availability
- Ensures information and resources are accessible when needed (Redundancy measures, Fault tolerance)
4
Q
Non-Repudiation (1.2)
A
- Guarantees that an action or event cannot be denied by the involved parties (e.g., digital signatures)
- Proof of integrity (hash, if data changes hash changes, doesnt necessarily associate data with individual)
- Proof of origin
5
Q
Triple A’s of Security (1.2)
A
-
Authentication
- Verifying the identity of a user or system (e.g., password checks)
-
Authorization
- Determining actions or resources an authenticated user can access (Authorisation model, permissions)
-
Accounting
- Tracking user activities and resource usage for audit or billing purposes
6
Q
Gap Analysis (1.2)
A
- Process of evaluating the differences between an organization’s current
performance and its desired performance- Define scope, gather data on organisation, analyse data to identify shortcomings, develop plan to bridge gap
7
Q
Zero Trust (1.2)
A
demands verification for every device, user, and transaction within the network, regardless of its origin
8
Q
To create a zero trust architecture, we need to use two different planes (1.2)
A
Control Plane, data plane
9
Q
Control plane (1.2)
A
- Control Plane: Refers to the overarching framework and set of components responsible for defining, managing, and enforcing the policies related to user and system access within an organization
- Adaptive Identity: Relies on real-time validation that takes into account the user’s behavior, device, location, and more
- Threat Scope Reduction: Limits the users’ access to only what they need for their work tasks because this reduces the network’s potential attack surface
- Policy-Driven Access Control: Entails developing, managing, and enforcing user access policies based on their roles and responsibilities
- Secured Zones: Isolated environments within a network that are designed to house sensitive data
- Policy Engine: Cross-references the access request with its predefined policies
- Policy Administrator: Used to establish and manage the access policies
10
Q
Data Plane (1.2)
A
- Subject/System: Refers to the individual or entity attempting to gain access
- Policy Enforcement Point: Where the decision to grant or deny access is actually executed
11
Q
Physical Security (1.2)
A
- Barricades/ bollards: prevents access, channels people through access points
- Access control vestibule: All door are normally locked (air lock system)
- Fencing: Perimeter security
- Video surveillance: CCTV cameras
- Guards and access badges
- Lighting: Leads to more security
- Sensors: Detects infrared radiation, pressure sensors, microwaves for large area, ultrasonic for reflection detection
12
Q
Deception and Disruption Technologies (1.2)
A
- Honeypots: Decoy systems to attract and deceive attackers
- Honeynets: Network of decoy systems for observing complex attacks
- Honeyfiles: Decoy files to detect unauthorized access or data breaches
- Honeytokens: Fake data to alert administrators when accessed or used
13
Q
Change management (1.3)
A
Structured approach to transitioning from a current state to a desired future state
14
Q
Change Owner (1.3)
A
- Individual or team responsible for initiating change request
- Advocates for the change, details reasons, benefits, and challenges
- Key in presenting the case for the change
15
Q
Stakeholders (1.3)
A
- Individuals or teams with a vested interest in the proposed change
- Directly impacted or involved in assessment and implementation
16
Q
Impact analysis (1.3)
A
- Integral part of the Change Management process
- Essential before implementing proposed changes
- Assesses potential fallout, immediate effects, long-term impacts
- Identifies challenges and prepares for maximizing benefits
17
Q
Backout plan (1.3)
A
Having a way to revert changes
18
Q
Technical change management (1.3)
A
Allow List
- Specifies entities permitted to access a resource
Deny List
- Lists entities prevented from accessing a resource
19
Q
Restricted Activities (1.3)
A
- Certain tasks labeled as ‘restricted’ due to their impact on system health or security
20
Q
Downtime (1.3)
A
- Any change, even minor, carries the risk of causing downtime
- Estimate potential downtime and assess its negative effects against benefits
21
Q
Service and application restarts (1.3)
A
- Some changes, like installing security patches, require service or application restarts
- Restarting critical services can be disruptive, potentially causing data loss
22
Q
Legacy applications (1.3)
A
- Older software or systems still in use due to functionality and user needs
- Legacy applications are less flexible and more sensitive to changes
23
Q
Dependencies (1.3)
A
- Interconnected systems create dependencies, where changes in one area affect others
- Mapping dependencies is crucial before implementing changes
24
Q
Documenting changes (1.3)
A
- Documenting changes provides a clear history of the what, when, and why for accountability and future reference
-
Version Control
- Tracks and manages changes in documents, software, and other files
- Allows multiple users to collaborate and revert to previous versions when needed
25
Public Key Infrastructure (PKI) (1.4)
Framework managing digital keys and certificates for secure data transfer
26
*Asymmetric Encryption* (1.4)
- Uses two separate keys
- Public key for encryption
- Private key for decryption
- Private key is only key that can decrypt data encrypted with public key
26
*Key Escrow* (1.4)
- Storage of cryptographic keys in a secure, third-party location (escrow)
- Enables key retrieval in cases of key loss or for legal investigations
27
Symmetric encryption (1.4)
- Uses a single key for both encryption and decryption
- Often referred to as private key encryption
- Challenges with key distribution in large-scale usage
28
*Encryption* (1.4)
- Converts plaintext to ciphertext
- Provides data protection at rest, in transit, and in use
- Types of encryption:
- Database encryption
- Transport encryption (VPN)
29
Encryption algorithms (1.4)
DES
AES
30
Cryptographic keys (1.4)
- Determines the output
- Should be kept private
- Larger kets tend to be more secure
- 128-bit keys common in symmetric encyption
31
Key stretching (1.4)
- performing multiple processes
- hashing a password, then creating a hash of the hash…
32
Key exchange (1.4)
- Out of band key exchange
- not sending over internet
- In band key exchange
- Can use different encryption techniques to send
33
Trusted platform module (1.4)
- Specification for cryptographic functions
- Cryptographic processor, persistent memory, versatile memory, password protected
34
Hardware security module (1.4)
- Used in large environment
- Securely stores cryptographic keys
- Key backup
35
Key management system (1.4)
- Local or cloud based
- Manages keys from one console
- associate keys with specific users
36
Data privacy (1.4)
- Secure enclave
- A protected are for secrets
- often implemented as hardware processor
- monitors boot process, true random number generator, real time memory encryption…
37
Obfuscation (1.4)
- The process of making something unclear
- Only visible if you know how to read it
38
Steganography (1.4)
- Hiding data in an image
- Can hide in network traffic
- Can also hide in audio/ video
39
Tokenisation (1.4)
- replacing sensitive data with non-sensitive placeholder
- Common with credit card processing
40
Data masking (1.4)
- Hiding parts of original data
- May only be hidden from view
41
Hashing (1.4)
- representing data as a short string of text
- Cannot recreate data from hash
- Can be a digital signature
- Proves source of message
- non repudiation
- private key used to make signature, and public key used to verify
- Hash should be unique
- Collision:
- when different inputs create the same output
42
Practical hashing (1.4)
- verifying a downloaded file matches download site
- Password storage
- slated hash: random data added to password when hashing
