Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
13 Cards in this Set
- Front
- Back
Name the 3 fundamental principles of secuirty from the CIA triangle? |
Confidentiality, Intergrity and Availability |
|
What is the best way to ensure integrity of a system? |
Strict access control, hashing, job rotation and separation of duties. |
|
What can help to protect confidentiality of a system? |
Strict access controls, encrypting data, data classification and training personnel. |
|
What can help to ensure availability of a system? |
Load balancing, off site locations, data backups, disaster recovery plans. |
|
What is the difference between vulnerability, risk, threat, control? |
-Vulnerability is a weakness within a system or environment. -Risk is the probability that the threat will be exploit. -Threat is the person, application, process that is exploiting a vulnerability. -Exposure is the amount of loss suffered a company is impact by an attack. -Control is a countermeasure that is in place to lower risk. |
|
Name an administrative, physical, and technical control. |
-administrative controls are documentation of a security plan, separation of duties -technical controls are ids, access control mechanisms, and antimalware, passwords, encryption -physical controls are gates, locks, high walls, raised floors, badges |
|
Zachman vs SABSA model |
-zachman is one of the first ENTERPRISE FRAMEWORK, easy to use and maps who, what, where, when how, why to business jobs to show his/her perspective -sabsa is similar bc of the who, what, where mapping but is a SECURITY FRAMEWORK that builds in stages or levels from an idea to policy then to practical implementation. |
|
What are the differences between these security frameworks: COBIT 5, NIST 800-53, COSO INTERNAL CONTROL? |
-COBIT are controls used by non Federal auditors to evaluate security, as it is focused on stakeholder drivers to organization needs -Nist 800-53 are used to secure federal govt systems, control categories are technical, operational, management -COSO came from COBIT but is focused on non IT issues such as financial and accounting things like Sanrbanes-oxley to ensure responsibility to the SEC |
|
What is the capability maturity model intergration (cmmi)? |
Was developed by the DoD but is used in companies to allow step-by-step imcremental improvement changes to take place. |
|
What is approach is better when implementing a new security plan top down or bottom up? |
Top down because you need the support, guidance, initiation of top management for the program to work. |
|
Data protection involves what 3 things? |
Where the sensitive data lives? How is data moves in through the system? 3rd party connections to the data. What security solutions are in place such as VPN, TLS, PGP? |
|
Describe a zombie, bot, and a bonet? |
-zombie is a computer or system that has been compromised -bot is the application or software that was uploaded to make a zombie -bonet is a group of zombies |
|
Script Kiddie vs a Advance Persistent Threat describe the differences. |
All age group fall into both group. -script kiddies have access to tool kits used to play around over network and complete novice security incidents but not very skilled -advance persistent threats (apt) can be state support threats that are seeking to cause a huge impact to security and have plotted well developed plans, skills and goals to attack and exploit systems |