Secure Device Management

Question 1

Risk Management Process

Answer 1

• Risk identification
• Risk Assessment (score, weigh, prioritise risks)
• Risk Response Planning (determine risk response, plan actions)
• Response Implementation (continuous risk monitoring)
• Monitor and Assess results (continuous risk monitoring and response evaluation)

Question 2

T-V pair

Answer 2

Threat Vulnerabilities

Question 3

Risk avoidance

Answer 3

• Stop performing the activities that create risk

Question 4

Risk reduction

Answer 4

Decrease the risk by taking measures to reduce vulnerability

Question 5

Risk sharing

Answer 5

Shift some of the risk to other parties

Question 6

Risk retention

Answer 6

Accept the risk and its consequences

Question 7

Vulnerability Management

Answer 7

a security practice that is designed to proactively prevent the exploitation of IT vulnerabilities that exist within an organization.

Question 8

Vulnerability Management Life Cycle

Answer 8

• Discover
• Prioritise Assets
• Assess
• Report
• Remediate
• Verify

Question 9

Discover

Answer 9

Inventory all assets across the network and identify host details, including operating systems and open services, to identify vulnerabilities. Develop a network baseline. Identify security vulnerabilities on a regular automated schedule.

Question 10

Prioritise Assets

Answer 10

Categorize assets into groups or business units, and assign a business value to asset groups based on their criticality to business operations.

Question 11

Assess

Answer 11

Determine a baseline risk profile to eliminate risks based on asset criticality, vulnerability, threats, and asset classification.

Question 12

Report

Answer 12

Measure the level of business risk associated with your assets according to your security policies. Document a security plan, monitor suspicious activity, and describe known vulnerabilities.

Question 13

Remediate

Answer 13

Prioritize according to business risk and address vulnerabilities in order of risk.

Question 14

Verify

Answer 14

Verify that threats have been eliminated through follow-up audits.

Question 15

Asset management

Answer 15

Asset management involves the implementation of systems that track the location and configuration of networked devices and software across an enterprise. As part of any security management plan, organizations must know what equipment accesses the network, where that equipment is within the enterprise and logically on the network, and what software and data those systems store or can access. Asset management not only tracks corporate assets and other authorized devices, but also can be used to identify devices that are not authorized on the network.

Question 16

MDM

Answer 16

Mobile Device Management (MDM) tackles unique challenges in asset management, especially with the rise of Bring Your Own Device (BYOD). Since mobile devices aren’t physically within an organization’s control, they’re susceptible to loss, theft, and tampering, endangering data and network access. MDM involves strategies for responding when devices are no longer under responsible parties’ supervision. Actions may encompass deactivating lost devices, encrypting device data, and bolstering access security through stronger authentication.

Question 17

Configuration management

Answer 17

Configuration management addresses the inventory and control of hardware and software configurations of systems. Secure device configurations reduce security risk

Question 18

Patch Management

Answer 18

Enterprise Patch Management involves handling software vulnerabilities in operating systems, firmware, and applications. It covers identifying, acquiring, distributing, installing, and verifying patches to mitigate vulnerabilities, including those in critical systems and frameworks. This practice is essential for security and compliance with regulations like SOX and HIPAA. Patches are crucial for addressing vulnerabilities effectively and are mandated in some cases. Asset management data is used to identify systems needing patches. Tools like SolarWinds, LANDesk, and Microsoft SCCM automate patch distribution in large networks.

Question 19

Patch Management techniques

Answer 19

• Agent-based
• Agentless Scanning
• Passive Network Monitoring

Question 20

Agent-based

Answer 20

This requires a software agent to be running on each host to be patched. The agent reports whether vulnerable software is installed on the host. The agent communicates with the patch management server, determines if patches exist that require installation, and installs the patches. The agent runs with sufficient privileges to allow it to install the patches. Agent-based approaches are the preferred means of patching mobile devices.

Question 21

Agentless scanning

Answer 21

Patch management servers scan the network for devices that require patching. The server determines which patches are required and installs those patches on the clients. Only devices that are on scanned network segments can be patched in this way. This can be a problem for mobile devices.

Question 22

Passive Network monitoring

Answer 22

Devices requiring patching are identified through the monitoring of traffic on the network. This approach is only effective for software that includes version information in its network traffic.