Shared Flashcard Set

Details

Chapter 1 CompTIA Security+ The Total Course
General Prep Flash Cards
43
Computer Science
Undergraduate 4
05/13/2019

Additional Computer Science Flashcards

 


 

Cards

Term
What is the CIA of IT Security?
Definition
Confidentiality, Integrity, Availability
Term
Attributes of Threat Actors
Definition
1. Internal or External
2. Level of Sophistication
3. Resources and Funding
4. Intention or Motivation
5. Use of open source intelligence
Term
Types of Threat Actors
Definition
1. Script Kiddies
2. Hackivist
3. Organized Crime
4. Nation States
5. Insiders
6. Competitors
Term
APT
Definition
Advanced Persistent Threat
Term
Hackivist Motive
Definition
Some cause or social/political agenda
Term
Organized Crime Motive
Definition
Money
Term
Nation States Motive
Definition
Intelligence
Term
Insiders Motive
Definition
Varies from mistakes to malicious threats
Term
Competitors motive
Definition
Proprietary secrets
Term
Risk Management:

Term: Assets
Definition
Any part of our infrastructure which we worry may be harmed.

Computers, Routers, employees, physical property, even reputation
Term
Risk Management:

Term: Vunerablilities
Definition
A weakness to an Asset that leaves it open to risk
Term
Risk Management:

Term: Threats
Definition
A discovered action which exploits a vulnerability's potential to harm an Asset
Term
Risk Management:

Term: Threat Agent
Definition
The source or initiator of the threat

i.e. Hacker, Hurrican, power outage
Term
Risk Management:

Term: Likelihood
Definition
The level of certainty that something will happen
Term
Risk Management:

Term: Impact
Definition
The actual harm caused by a threat
Term
How to measure IMPACT?
Definition
1. Quantitatively - cost, labor, time

2. Qualitatively - loss of projected business, loss of reputation, loss of trust
Term
What is RISK?
Definition
Threats applied to Vulnerabilities = Risk
Term
What is the NIST SP 800-30?
Definition
A Guide for Conducting Risk Assessments
Term
What is the first step of Risk assessment?
Definition
Catalog and define all the Assets

Assess Vulnerabilities and Threats
Term
Name some Risk Assessment tools
Definition
1. Nessus (a program which finds and reports vulnerabilities)
2. Penetration Testing or Pen-Testing (A third party company which will test your system for vulnerabilities and report the results)
Term
What are types of Threats?
Definition
1. Adversarial (intentional harm - hacker or malware)
2. Accidental (ID10T mistakes and errors)
3. Structural (Hardware & Software Malfunctions)
4. Environmental (earthquakes, power outages, ect)
Term
Types of Risk Response
Definition
1. Mitigation (An effort to fix or reduce risk)
2. Transference (Unload the risk, vulnerability, and impact to a third party)
3. Acceptance (Likelihood and Impact are less than the cost of mitigation)
4. Avoidance (Likelihood and Impact so high that we just do something else altogether)
Term
What is a Risk Management Framework?
Definition
A workflow or process to help you deal with risk management
Term
What are the basic parts of every Risk Management Framework?
Definition
1. Assessment
2. Implementation (Applying Security Controls)
3. Monitoring
4. Issue response
Term
Types of Risk Assesment Guides
Definition
1. Bench Mark (Thresholds by which to verify expected throughput values or actions)
2. Secure Configuration (These help to secure the stuff in your infrastructure. These tend to be platform or vendor specific)
3. General Purpose (these are broad guides)
Term
What Are Security Controls?
Definition
A mechanism applied to the IT infrastructure to 1. protect, or 2. Remedy security problems.
Term
What are the different categories of Security Controls?
Definition
1. Administrative or Management (policies, laws, ect)
2. Technical (Encryption, passwords, ect)
3. Physical (Keys, Cameras, ect)
Term
What are the different security control functions
Definition
1. Deterrent
2. Prevention
3. Detective
4. Corrective
5. Compensating
Term
Interesting Security Controls
Definition
1. Mandatory Vacations
2. Job Rotation
3. Multi-person control (two check signers)
4. Separation of Duties
5. Principle of least privilege (Need to Know)
Term
Defense in Depth Terms
Definition
1. Redundancy (same control applied in layers)
2. Diversity (different controls to reach the same result)
Term
What is IT Governance?
Definition
Rules for how we do IT Security in our organization.
Term
What are the sources for IT Governance?
Definition
1. Laws & Regulations
2. Standards (government or industry)
3. Best Practices
4. Common Sense
Term
Documents used to practice IT Governance?
Definition
1. Policies (lists the directives to be followed)
2. Organizational Standards (Exact Rules)
3. Procedures (step by step guides)
Term
7 Important Security Policies to Know
Definition
1. Acceptable Use
2. Data Sensitivity and Classification
3. Access Control
4. Password
5. Care and Use of Equipment
6. Privacy
7. Personnel
Term
Describe the following type of security policy: Acceptable Use
Definition
What a person can and cannot do with company assets.
Term
Describe the following type of security policy: Data Sensitivity and Classification
Definition
Defines how important different types of data are.
Term
Describe the following type of security policy: Access Control
Definition
Defines how people get access to our data and other resources
Term
Describe the following type of security policy: Password
Definition
Defines how we deal with passwords
(i.e. Recovery, login, complexity, retention, re-uses)
Term
Describe the following type of security policy: Care and Use of Equipment
Definition
Deals with maintenance and physical use of Equipment
Term
Describe the following type of security policy: Privacy
Definition
How we handle the privacy of others
Term
Describe the following type of security policy: Personnel
Definition
How we handle the people who use or work with our data
Term
Types of Risk Management Frameworks
Definition
1. Regulatory
2. Non-regulatory
3. National Standards
4. International Standards
5. Industry Specific
Term
Quantitative Risk Assessment Formula
Definition
SLE (single loss Expectancy) x ARO (Annual Rate of Occurance) = ALE (Annual Loss Expectancy)

(SLE x ARO = ALE)
Supporting users have an ad free experience!