Flashcards in Security Operations Deck (88)
The concept that no single individual has complete authority or control of a critical system is known by which term?
Separation of duties
What 3 advantages does separation of duties provide?
- Reduces opportunities for fraud or abuse
- Reduces mistakes
- Reduces dependence on individuals
The concept involving regularly transferring key personnel into different positions or departments within an organisation is otherwise known as what?
What are 3 advantages of job rotation?
- Reduces opportunities for fraud or abuse
- Eliminate single points of failure
- Promote professional growth
What are 4 advantages of mandatory vacations?
- provides opportunity to uncover fraud or abuse
- Reduce individual stress, thus reducing the potential for mistakes or coercion by others
- Discover inefficient process with another individual performs role in their absence.
- Reveal single points of failure and opportunities for job rotation and separation of duties/responsibilities
What is the concept of "Need-to-know"?
- states that only people with a valid to need to know certain information in order to perform their job functions, should have access to that information.
- user must have relevant security clearance
What is the principle of "Least Privilege"?
persons should have the capability to perform only the tasks that are required to perform their primary jobs and nothing more.
What is the difference between the concepts of "Need-to-know" and "Least Privilege"?
"Need to know" is concerned with access control whereas "Least privilege" is concerned with functionality.
How can the "accumulation or privileges" occur?
When an employee moves to another role within the same organisation, but previous access rights are not revoked.
What is the main benefit of server virtualisation?
Reduces single point of failure as a virtual server can be replicated or moved from one physical server to another.
What things should be considered for systems regarding single points of failure?
- Redundant Power Supplies
- Multiple Power Supplies
- Cooling Fans
- RAID (Hot swappable)
- Can the system be clustered or virtualised?
- Can data be replicated to another system in real time?
What things should be considered for networks regarding single points of failure?
- Do routers/ firewalls failover automatically and do they fail-back?
- Do routers have multiple paths available to network destinations?
- Do you have multiple service providers and do they share the same point of presence (POP)?
- What happens if the connection to your telecommunications provider's central office is cut?
- Do your multiple telecoms providers networks go through the same telecoms hotel?
What is a telecoms hotel?
The facility that houses equipment belonging to many different telecoms providers
What things should be considered for processes regarding single points of failure?
- Do your personnel security policies and practices create single points of failure? ie you might have separation of duties, but not rotation of duties.
- Do you have contingency processes in place in case a primary system, process or person is unavailable?
4 key elements of handling sensitive information:
- Storage and Backup
When a system failure occurs, in which type of environment may access be lost?
Fail-soft or fail-closed
When a system failure occurs, in which type of environment will access be open to all?
When a system crash occurs, what term is used to describe the system when access has been restored?
What term is used to describe strategic and tactical errors that an organisation can face whether by performing an action or failure to perform an action?
Errors & Omissions (E&O)
What is Errors & Omissions liability otherwise known as in legal terms?
What term is used to describe software that typically damages or disables, takes control of, or steals information from a computer system?
Name 9 common types of malware:
- Logic Bombs
- Trojan Horses
Which type of malware uses pop-up advertising programs?
Which type of malware uses malicious code that allows an attacker to bypass normal authentication to allow an attacker to gain access to a compromised system?
Which type of malware is a kernel mode variant of a rootkit, commonly used to attack computers that are attacked by full disk encryption?
Which type of malware used malicious code that is activated when a specific condition is met, such as a particular date or event?
Which type of malware used malicious code to provide privileged (root level) access to a machine?
Which type of malware uses malicious software that collects information without a users knowledge and/or interferes with the operation of a computer by redirecting them to a web browser or installing additional malware?
Which type of malware uses malicious software that masquerades as a legitimate program?