Chapter 8: Security

Question 1

Concepts of Security

Answer 1

1. security is a management issue
2. the time based model of security
3. Defense in Depth

Question 2

Security as a management issue:

Answer 2

1. create pro-active culture
2. inventory information assets and resources
3. implement mitigation
4. monitor effectiveness

Question 3

4 basica management activities called domains:

Answer 3

1. Plan and Organize
2. Acquire and Implement
3. Deliver and Support
4. Monitor and Evaluate

Question 4

5 information systems controls that most directly pertain to systems reliability

Answer 4

1. security
2. confidentiality
3. privacy
4. process integrity
5. Availability

Question 5

Defense-in-depth

Answer 5

employ multiple layers of controls in order to avoid having a single point of failure PDC

Question 6

Time-based model of security

Answer 6

employ a combination of detective and corrective controls that identify an information security incident early enough to prevent the loss or compromise of information.

Question 7

Basic steps criminals use to attack an organizations Information system:

Answer 7

1. Conduct reconnaissance
2. Attempt Social Engineering
3. Scan and Map the Target
4. Research
5. Execute the attack
6. cover tracks

Question 8

What happens during conducting reconnaissance

Answer 8

collecting information about the target. The objective is to learn as much as possible about the target and to identify potential vulnerabilities.

Question 9

What happens during social engineering

Answer 9

use information obtained during reconnaissance to ‘trick’ an unsuspecting employee into granting them access - social engineering.

Question 10

Preventive Controls

Answer 10

1. Training
2. user Access Controls (authenticate/authorize)
3. Physical Access controls
4. network access controls
5. Device and software hardening controls

Question 11

Detective Controls

Answer 11

1. Log analysis
2. Intrusion Detection Systems
3. Security testing and audits
4. managerial reports

Question 12

Corrective Controls

Answer 12

1. Computer Incident Response teams (CIRT)
2. Chief Information Security Officer (CISO)
3. Patch management

Question 13

Passwords are a type of

Answer 13

Authentication

Question 14

Authentication

Answer 14

the process of verifying the identity of a person or device attempting to access the system. The objective is to ensure that only legitimate suers can access the system. ACCESS

Question 15

Types of Authentication

Answer 15

Smart card id badges
Biometrics
Secure ID systems
Combine into multi-factor authentication

Question 16

Multifactor Authentication

Answer 16

use of two or all 3 types of authentications in conjunction

Question 17

Multimodal Authentication

Answer 17

using multiple credentials of the same type.

Question 18

Authorization

Answer 18

the process of restricting access of authenticated users to specific portions of the system and limit what actions they are permitted to perform. Restrict users functions and views.

Question 19

Access Control Matrix

Answer 19

how authorization controls are often implemented. When an employee attempts to access a particular information systems resource, the system performance a compatibility test that matches the user’s authentication credentials against the access control matrix to determine whether that employee should be allowed to access that resource and perform the requested action.

Question 20

Security equation

Answer 20

P > D+C

Question 21

Security

Answer 21

Access to the system and its data is controlled and restricted to legitimate users

Question 22

Confidentiality

Answer 22

Sensitive organizational information is protected from unauthorized disclosure

Question 23

Privacy

Answer 23

personal information about customers is collected, used, disclosed, and maintained only in compliance with internal policies and external regulatory requirements and is protected from unauthorized disclosure.

Question 24

Processing Integrity

Answer 24

Data are processed accurately, completely, in a timely manner, and only with proper authorization.

Question 25

Availability

Answer 25

the system and its information are available to met operational and contractual obligations

Question 26

Transmission Control Protocol (TCP)

Answer 26

specifies the procedures for dividing files and documents into packets to be sent over the internet and the methods for reassemble of the original documents or file at the destination.

Question 27

Internet Protocol (IP)

Answer 27

specifies the structure of those packets and how to route them to the proper destination.

Question 28

Border Router

Answer 28

connects an organizations information system to the internet. Captures packets addressed to the organization.

Question 29

Static Packet Filtering

Answer 29

screen individual IP packets based solely on the contents of the source and destination fields in the IP header - performed by border routers.

Question 30

Access Control List (ACL)

Answer 30

a set of rules which determines which packets are allowed entry and which are dropped off. Which packets are allowed entry and which are dropped.

Question 31

Fire wall

Answer 31

inspects packets and filters out unacceptable and risky packets.

Question 32

Stateful packet filtering

Answer 32

Creates and maintains a table in memory that lists all established connections between the organizations computers and the internet. Firewall consults this table to determine whether an incoming packet is part of an ongoing communication initiated by an internal computer.

Question 33

Demilitarized Zone (DMZ)

Answer 33

a separate network that resides outside the internal network that permits controlled access from the INternet to selected resources, such as organization's E-commerce web server,

Question 34

router

Answer 34

special purpose devices designed to read the destination address fields in the IP packet headers to decided where to send the packet next.

Question 35

Deep packet inspection

Answer 35

reads content of packet for inappropriate code, commands, data.

Question 36

Intrusion prevention systems (IPS)

Answer 36

monitor patterns, rather than only inspecting individual packets, in packet traffic to identify attackers.

Question 37

who can change configuration or load software

Answer 37

only administrator

Question 38

what can the administrator do

Answer 38

change configuration or load software.

Question 39

Hardening

Answer 39

process of modifying the default configuration of endpoints to eliminate unnecessary settings and services.

Question 40

Log Analysis

Answer 40

the process of examining logs to id evidence of possible attacks.

Question 41

Intrusion Detection Systems (IDS)

Answer 41

consist of a set of sensors and a central monitoring unit that create logs of network traffic that was permitted to pass the firewall and then analyze those logs for sings of attempted or successful intrusion.

Question 42

key performance indicators relevant to information security:

Answer 42

1. # of incidents with business impact 2. % of users who do not comply with password standards 3. % of cryptographic keys compromised and revoked.

Question 43

Penetration test

Answer 43

an authorized attempt by either an internal audit team or an external security consulting firm to break into an organization's information system.

Question 44

Computer Incident Response team (CIRT)

Answer 44

911 call to immediately take action. responsible fro dealing with major incidents, and is a key component to being able to responds to security incidents promptly and effectively.

Question 45

CIRT 4 steps.

Answer 45

1. recognition that the problem exists 2. containment of the problem. 3. recovery 4. follow up

Question 46

Chief Information Security Officer (CISO)

Answer 46

senior executive who can implement effective security policies and technologies.

Question 47

Patch Management

Answer 47

vendors constant fix bugs, close vulnerabilities and add functionality. Must be applied timely

Question 48

Cloud Computing

Answer 48

connection and traffic over internet. Data and applications at third party, co-mingled operations.

Question 49

Server Virtualization

Answer 49

run multiple systems on one machine because there is more risk on a single device.