Module 2: Managing Security Risks Flashcards by Oliver Casey

CISSP 8 Domains

1) S______ and r___ m__________
2) A____ s_______
3) S_______ a__________ and e________
4) C_________ and n______ s________
5) I_______ and a_____ m__________
6) S______ a_________ and t______
7) S_______ o_________
8) S______ d_________ s_______

Security; risk management;
Asset security;
Security architecture; engineering;
Communication; network security;
Identity; access management;
Security assessment; testing;
Security operations;
Software development security;

How well did you know this?

Not at all

Perfectly

Layers of the web
- S______ web
- D___ web
- D___ web

Surface;
Deep;
Dark;

How well did you know this?

Not at all

Perfectly

NIST’s RMF steps

P_____
C_______
S_____
I_______
A_____
A_______
M______

Prepare;
Categorize;
Select;
Implement;
Assess;
Authorize;
Monitor;

How well did you know this?

Not at all

Perfectly

An asset is an item perceived as having v____ to an o__________.
- Assets can be d_____ or p______.

value; organisation;
digital; physical;

How well did you know this?

Not at all

Perfectly

Examples of digital assets include the p_____ i_________ of employees, clients or vendors, such as:
- S_____ S_______ N_______, or unique national identification numbers assigned to individuals
- D_____ of b_____
- B____ a______ numbers
- M______ a________

personal information;
Social Security Numbers;
Dates; birth;
Bank account;
Mailing addresses;

How well did you know this?

Not at all

Perfectly

Examples of physical assets include:
- P______ k_____
- S______
- D_____ c________
- O_____ spaces

Payment kiosks;
Servers;
Desktop computers;
Office;

How well did you know this?

Not at all

Perfectly

Some common strategies to manage risks include:
- A________: Accepting a r___ to avoid disrupting b______ c________
- A________: Creating a p___ to avoid the r___ altogether
- T_________: Transferring r___ to a third party to m_____
- M_______: Lessening the i_____ of a known r___

Acceptance; risk; business continuity;
Avoidance; plan; risk;
Transference; risk; manage;
Mitigation; impact; risk;

How well did you know this?

Not at all

Perfectly

Examples of risk management frameworks include:
- _ _ _ _ RMF
- H_____ I__________ T____ A________ (_ _ _ _ _ _ _)

NIST;
Health Information Trust Alliance (HITRUST);

How well did you know this?

Not at all

Perfectly

Threat

Any c___________ or e_____ that can negatively impact a______.

circumstance; event; assets;

How well did you know this?

Not at all

Perfectly

Insider threats

Staff m______ or v_____ abuse their a________ a_____ to obtain data that may h___ an organisation.

members; vendors; authorized access; harm;

How well did you know this?

Not at all

Perfectly

Advanced Persistent Threats (APTs)

A t____ a____ maintains unauthorized access to a s_____ for an e________ period of t___.

threat actor; system; extended; time;

How well did you know this?

Not at all

Perfectly

Risk

Anything that can impact the c__________, i_______, or a___________ of an a____

confidentiality; integrity; availability; asset;

How well did you know this?

Not at all

Perfectly

Basic formula for determining the level of risk:

Risk = Likelihood of a t_____

threat;

How well did you know this?

Not at all

Perfectly

Different factors affecting the likelihood of a risk to an organization’s assets:
- E_______ risk
- I_______ risk
- L______ systems
- M_________ risk
- S________ c_______/l_________

External;
Internal;
Legacy;
Multiparty;
Software compliance/licensing;

How well did you know this?

Not at all

Perfectly

Vulnerability

A w_________ that can be exploited by a t_____.
Therefore, organizations need to regularly i_____ for v__________ within their s_______

weakness; threat;
inspect; vulnerabilities; systems;

How well did you know this?

Not at all

Perfectly

Some vulnerabilities include:
- P____L_____
- Z___L____
-L__4S____
- P____P____
- S______ l______ and m_________ f_____
- S_____-s___ r______ f_______

ProxyLogon;
ZeroLogon;
Log4Shell;
PetitPotam;
Security logging; monitoring failures;
Server-side request forgery;

How well did you know this?

Not at all

Perfectly

Business continuity

An organization’s ability to maintain their e______ p__________ by establishing r___ d______ r_______ plans

everyday productivity; risk disaster recovery;

How well did you know this?

Not at all

Perfectly

External threat

Anything o______ the o__________ that has the potential to h___ organizational a_____

outside; organization; harm; assets;

How well did you know this?

Not at all

Perfectly

Internal threat

A c______ or f______ employee, external v_____, or trusted p______ who poses a s______ risk

current; former; vendor; partner; security;

How well did you know this?

Not at all

Perfectly

Ransomware

A m_________ a_____ where threat actors e______ an organization’s d___ and demand p______ to restore access.

malicious attack; encrypt; data; payment;

How well did you know this?

Not at all

Perfectly

Risk mitigation

The process of having the right p_______ and r____ in place to quickly reduce the i_____ of a risk like a b_____

procedures; rules; impact; breach;

How well did you know this?

Not at all

Perfectly

Security posture

An organization’s ability to manage its d______ of critical a____ and d___ and react to c_____

defense; assets; data; change;

How well did you know this?

Not at all

Perfectly

Shared responsibility

The idea that all individuals within an organization take an active role in lowering r___ and m_________ both p_____ and v_____ s_______

risk; maintaining; physical; virtual security;

How well did you know this?

Not at all

Perfectly

Social engineering

A m__________ t_________ that exploits human e_____ to gain private i__________, a_____, or v________

manipulation technique; error; information, access; valuables;

How well did you know this?

Not at all

Perfectly

Key focus areas of the SECURITY and RISK MANAGEMENT domain - M_____ r___ - Define s______ g____ and o_______ - Be in c________

Mitigate risk; security goals; objectives; compliance;

Steps of implementing security controls: - Setting up m____-f____ a__________ - Assessing the e_________ of current s_________ - Regularly r________ s_______ information

multi-factor authentication; effectiveness; safeguards; reviewing security;

- A h___-r___ asset is any information protected by r_________ or l___. - If compromised, a m______-r___ asset may cause some damage to an organization's o______ o_________ - Another way to think of risk is the l___________ of a t_____ occurring.

high-risk; regulations; laws; medium-risk; ongoing operations; likelihood; threat;

Security frameworks Guidelines used for building p____ to help mitigate r____ and t_____ to d___ and p_____.

plans; risks; threats; data; privacy;

Security controls - Safeguards designed to reduce s_______ s_______ r_____ - The measures organizations use to lower r___ and t_____ to d___ and p______

specific security risks; risk; threats; data; privacy;

Cyber Threat Framework (CTF) - Developed by the U.S. government to provide a "common language for d_________ and c__________ information about c_____ t_____ activity". - Helps cybersecurity professionals a_____ and s____ information more e_________.

describing; communicating; cyber threat; analyze; share; efficiently;

ISO 27000 - Enables organizations of all s_____ and s____ to manage the s______ of a____, such as f________ information, i_________ property, e________ data, and information entrusted to third parties.

sectors; sizes; security; assets; financial; intellectual; employee;

ISO 27000 outlines the requirements for: - An i__________ s________ m__________ system - B___ p________ - Controls that support an organization's ability to manage r____

information security management; Best practices; risks;

Controls Controls are used alongside frameworks to reduce the p_________ and i______ of a security t_____, r___, or v___________.

possibility; impact; threat, risk; vulnerability;

Examples of technical controls - F_______ - M _ _ - A________ software

Firewalls; MFA; Antivirus;

Examples of administrative controls - S_________ of d_____ - A_________ - A____ c__________

Separation; duties; Authorization; Asset classification;

Cybersecurity frameworks and controls are used together to establish an organization's s______ p______.

security posture;

The CIA triad stands for

Confidentiality; Integrity; Availability;

Confidentiality - The idea that only a_________ u____ can access specific a_____ or d___. - Can be enhanced through the implementation of d____ p_______, such as the principle of l____ p_______.

authorized users; assets; data; design principles; least privilege;

Integrity - The idea that the data is verifiably c______, a_______ and r_______. - One way to verify data integrity is through c_________, which is used to t_______ d___ so unauthorized parties cannot r___ or t_____ with it.

correct, authentic; reliable; cryptography; transform data; read; tamper;

Encryption - The process of converting d___ from a r______ format to an e______ format. - Can be used to prevent a_____ and ensure d___, such as messages on an organization's internal chat platform, cannot be t________ with.

data; readable; encoded; access; data; tampered;

Availability - The idea that data is a__________ to those who are a__________ to use it. - When a system adheres to both a_________ and c__________ principles, data can be used when needed.

accessible; authorized; availability; confidentiality;

NIST Cybersecurity Framework core functions - I______ - P_____ - D_____ - R______ - R______

Identify; Protect; Detect; Respond; Recover;

Govern function (NIST CSF) - Emphasizes the importance of strong c__________ g________ across all levels of the o__________. - It's about e__________ and m_________ the structures and processes need to effectively manage c__________ r___.

cybersecurity governance; organization; establishing; maintaining; cybersecurity risk;

Identify (NIST CSF) The management of c__________ r___ and its effect on an organization's p_____ and a_____.

cybersecurity risk; people; assets;

Protect (NIST CSF) The strategy used to protect an organization through the implementation of p_______, p________, t_______ and t____ that help mitigate c__________ t_____.

policies, procedures, training; tools; cybersecurity threats;

Detect (NIST CSF) Identifying potential s_______ i________ and improving m_________ c__________ to increase the s_____ and e________ of detections

security incidents; monitoring capabilities; speed; efficiency;

Respond (NIST CSF) Making sure that the proper procedures are used to c_____, n_______, and a______ security incidents, and implement i___________ to the s_______ process.

contain, neutralize; analyze; improvements; security;

Recover (NIST CSF) The process of returning a________ s______ back to normal o________.

affected systems; operation;

OWASP Security Principles 1) Minimize a______ s______ a____ 2) Principle of l_____ p_______ 3) D______ in d_____ 4) S_________ of d______ 5) Keep s_______ s_____ 6) Fix s______ issues c________

attack surface area; least privilege; Defense; depth; Separation; duties; security simple; security; correctly;

Common elements of (cybersecurity) internal audits - Establishing the s____ and g____ - Conducting a r___ a_________ - Completing a c______ a_________ - Assessing c_________ - C__________ results

scope; goals; risk assessment; controls assessment; compliance; Communicating;

Security audit - A review of an organization's s______ c______, p______ and p________ against a set of expectations.

security controls, policies; procedures;

Internal criteria include: - Outlined p______, p________ and b___ p_______ External criteria include: - R_________ c________ - L___ - F________ r___________

policies, procedures; best practices; Regulatory compliance; Laws; Federal regulations;

- The goal of an audit is to ensure that an organization's I_________ T_________ practices are meeting i_______ and o___________ standards. - The objective is to identify areas of r________ and g_____

Information Technology; industry; organizational; remediation; growth;

Security audits must be performed to s________ d___ and avoid p_______ and f____ from g___________ agencies.

safeguard data; penalties; fines; governmental;

Factors that determine the types of audits an organization implements: - I______ type - O___________ size - Ties to the applicable g_________ r_________ - A business's g__________ location - A business d________ to adhere to a s_______ r__________ compliance

Industry; Organization; government regulations; geographical; decision; specific regulatory;

Attack Vectors The p________ attackers use to penetrate s________ d_________

pathways; security defenses;

Biometrics The unique p______ c___________ that can be used to v_____ a person's i______.

physical characteristics; verify; identity;

Open Web Application Security Project (OWASP) A non-profit organization focused on improving s______ s______

software security;

In an internal security audit, _____ refers to identifying p_____, a_____, p______, p________ and t__________ that might impact an organization's s______ p______.

scope; people, assets, policies, procedures; technologies; security posture;

Some common logs include: - F______ logs - N______ logs - S_____ logs

Firewall; Network; Server;

Firewall log - A record of a________ or e__________ connections for incoming t______ from the i______. - It also includes o______ r_______ to the i_______ from within the n______.

attempted; established; traffic; internet; outbound requests; internet; network;

Network log - A record of all computers and devices that e____ and l_____ the n______. - It also records c_________ between d______ and s______ on the network.

enter; leave; network; connections; devices; services;

Server log - A record of events related to s______, such as w______, e____ or f___ shares. - It includes actions such as l____, p_______, and u_________ requests

services; websites, emails; file; login, password; username;

Metrics Key t_______ a________, such as r______ t___, a_________, and f_____ r___, which are used to assess the performance of a s_______ a_________.

technical attributes; response time, availability; failure rate; software application;

Security Orchestration, Automation, and Response (SOAR) A collection of a__________, t____ and w_______ that uses a_________ to respond to security e_____.

applications, tools; workflows; automation; events;

Different types of SIEM tools - S___-h_____ - C_____-h_____ - H_____

Self-hosted; Cloud-hosted; Hybrid;

Splunk Enterprise A s___-h_____ tool used to r_____, a_____, and s_____ an organization's l__ d___ to provide s______ i_________ and a_____ in real-time.

self-hosted; retain, analyze; search; log data; security information; alerts;

Splunk Cloud A c____-h_____ tool used to c_____, s_____ and m_____ log data.

cloud-hosted; collect, search; monitor;

Chronicle A c____-n_____ tool designed to r____, a_____ and s_____ data

cloud-native; retain, analyze; search;

Open-source tools - Often f___ to use and can be u___-f_______. - Objective is to provide users with s_______ that is built by the p____ in a c__________ way, which can result in the s______ being more s_____.

free; user-friendly; software; public; collaborative; software; secure;

Proprietary tools - Developed and owned by a p_____ or c______, and users typically pay a fee for u_____ and t_______. - The owners of proprietary tools are the only ones who can a_____ and m_____ the s______ c____.

person; company; usage; training; access; modify; source code;

Examples of proprietary tools - S_____ - Google S__O__ (C________) SIEM tools

Splunk; SecOps (Chronicle);

Examples of open-source tools - L____ - S_______

Linux; Suricata;

Key benefits of SIEM tools - Provide event m__________ and a______ - S___ t___ - Collect l__ d___ from different s______

monitoring; analysis; Save time; log data; sources;

A security team installs a SIEM tool within their company's own infrastructure to keep private data on internal servers. What type of tool are they using? A) Infrastructure-hosted B) Hybrid C) Self-hosted D) Cloud-hosted

C) Self-hosted

You want a security solution that will be fully maintained and managed by your SIEM tool provider. What type of tool do you choose? A) Self-hosted B) Cloud-hosted C) Solution-hosted D) Hybrid

B) Cloud-hosted;

You receive an alert about hundreds of login attempts from unusual geographic locations within the last few minutes. What can the analyst use to review a timeline of the login attempts, locations, and time of activity?

A SIEM tool dashboard;

Playbooks - Clarify what t____ should be used to respond to s_______ incidents. - Ensure that people follow a c________ l___ of a_____ in a prescribed way - Are manuals that provide details about any o__________ a_____.

tools; security; consistent list; actions; operational action;

Phases of an incident (and vulnerability) response playbook 1) P________ 2) D_______ and a______ 3) C_________ 4) E_________ and r_______ 5) P___-i_______ a______ 6) C__________

Preparation; Detection; analysis; Containment; Eradication; recovery; Post-incident activity; Coordination;

- A playbook is a m_____ that provides details about any o__________ action. - It provides a p_______ and up-to-date list of steps to perform when r_________ to an i________.

manual; operational; predefined; responding; incident;

- Playbooks are accompanied by a s_______. -The strategy outlines expectations of team members who are assigned a task, and some playbooks also list the i___________ responsible.

strategy; individuals;

Updates to playbooks are made if: - A f______ is identified, such as an o_______ in the outlined p______ and p________, or in the p_______ itself. - There is a change in i_______ standards, such as changes in l___ or r_________ c_________. - The c__________ landscape changes due to evolving t_____ actor t_____ and t__________.

failure; oversight; policies; procedures; playbook; industry; laws; regulatory compliance; cybersecurity; threat; tactics; techniques;

Preparation (Playbook phase) Before i_______ occur, mitigate potential i______ on the organization by d_________, establishing s______ plans, and e________ users.

incidents; impacts; documenting; staffing; educating;

Detection and analysis (playbook phase) - D____ and a______ events by implementing defined p_______ and appropriate t__________.

Detect; analyze; processes; technology;

Containment (playbook phase) - Prevent further d______ and reduce immediate i______ of i_______.

damage; impact; incidents;

Eradication and recovery (playbook phase) - Completely remove a_______ of the i________ so that an organization can r______ to n______ o__________

artifacts; incident; return; normal operations;

Post-incident activity - Document the i_______, inform organizational l_________, and apply l______ l______

incident; leadership; lessons learned;

Coordination (playbook phase) Report i_______ and share i_________ throughout the r_______ process, based on established s________.

incidents; information; response; standards;

Incident response An organization's quick attempt to identify an a_____, contain the d_____, and correct the effects of a s_______ b_____.

attack; damage; security breach;

Module 2: Managing Security Risks Flashcards

(89 cards)