1
Q
SOAR
A
Security Orchestration Automation Response tools allow an organisation to collect data about security threats from various sources and respond to low-level events without human intervention.
Soar has 3 important capabilities:
- Threat and vulnerabilities management
- Security incident response
- Security operations automation
2
Q
SIEM
A
Security Information and Event Management systems use log collectors to aggregate log data from sources such as security devices, network devices, servers and applications. Logs can generate many events in a day so SIEM systems help to reduce event volume by combining similar events to reduce the event data load.
SIEM identifies deviations from the norm and then takes the appropriate action.
The goals of SIEM system for security monitoring are:
- Identify internal and external threats
- Monitor activity and resource usage
Conduct compliance reporting for audits - Support incident response
INFOSYS 727
flashcards
Decks in class (54)
# Cards
-
Risk Management Continue5
-
Informationn Security And Risk Management41
-
Security Management9
-
Security Roles and Responsibilities7
-
Data Classification and Protection8
-
Personnel Security3
-
Cryptography33
-
Governance and compliance21
-
Governance2
-
Ethics12
-
Security Management Framework35
-
Application of Cryptography7
-
Management of Cryptography13
-
Encryption Alternatives2
-
Network Security Testing11
-
Security Automation2
-
Chapter 10 - Wired Telecom Technologies13
-
Chapter 10 - Network Technologies11
-
Chaper 10 - Network Topologies5
-
Chapter 10 - Ethernet Devices7
-
Chapter 10 - Wireless Network Technologies5
-
Chapter 10 - Network Protocols24
-
Chapter 10 - Network-Based Threats, Attacks and Vulnerabilities15
-
Network Security Testing Tools8
-
Penetration Testing9
-
Information Sources5
-
Threat Intelligence services11
-
Network and Server Vulnerability11
-
Common Vulnerability Scoring System9
-
Secure Device Management22
-
Enpoint Vulnerability Quiz11
-
Module 5 - Risk Management21
-
Module 5 - Risk Assessment10
-
Module 5 - Security Control11
-
Chapter 2 - Access Control11
-
Chapter 2 - Access Control Technologies and Methods8
-
Chapter 2 - Access Control Attacks15
-
Chapter 2 - Access Control Processes6
-
Chapter 2 - Access Control Concepts13
-
Chapter 2 - Testing Access Controls4
-
Module 6 - Digital Forensics26
-
Module 6 - The Cyber Kill Chain & Diamond Model21
-
Module 6 - Incident Response17
-
Module 6 - Disaster Recovery1
-
Chapter 3 - Operating Systems12
-
Chapter 3 - Software Models and Technologies7
-
Chapter 3 - Threats in Software Environments23
-
Chapter 3 - Threats in Software Continued6
-
Chapter 3 - Security in the Software Development Life Cycle7
-
Chapter 3 - Application Environment and Security Controls5
-
Chapter 4 - Business Continuity and Disaster Recovery Planning4
-
Chapter 9 - Security Concepts16
-
Chapter 9 - Information Systems Evaluation Models7
-
Chapter 9 - Certification and Accreditation5
