05_IIBA CCA Securing the Layers

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

IDENTIFY-RISK ASSESSMENT (RA)-1

Asset vulnerabilities are identified and documented

PROTECT-DATA SECURITY (DS)-3

Assets are formally managed throughout removal, transfers, and dispositions

Network Segregation

Assets are grouped together based on common security requirements, and then each group is placed into its own isolated network zone, so that traffic flowing into each zone will be subject to the security policies defined by the zone's security requirements, and filtered accordingly.

Security Architecture Business Context

Attackers will typically go after the weakest point in a network or system. This weak point is rarely a security feature or function. When a secure system or network is being designed, it is important to consider the weakest link in the system and ensure it is secure enough

Full Disk Encryption

Automatic and transparent encryption of all harddrive data storage

Infrastructure as a Service (IaaS)

Offers the capability to provision processing, storage, networks and other fundamental computing resources, enabling the customer to deploy and run arbitrary software, which can include operating systems (OSs) and applications

uncontrolled

P2P applications are often designed to open an _____ channel through network boundaries, thus providing a way dangerous content, such as botnets, spyware, and viruses to enter an otherwise protected network

piracy

P2P applications, while possessing many legitimate applications, are associated with ____ and abuse of copyright and other forms of intellectual property

PROTECT-AWARENESS and TRAINING (AT)-5

Physical and information security personnel understand roles and responsibilities

IDENTIFY (ID)-ASSET MANAGEMENT (AM)-1

Physical devices and systems within the organization are inventoried; -5 Resources (hardware, devices) are prioritized based on their classification, criticality, and business value

PROTECT-INFORMATION PROTECTION (IP)-5

Policy and regulations regarding the physical operating environment for organizational assets are met; 9 Response plans (incident response and business continuity) and recovery plans (incident recovery and disaster recovery) are in place and managed

well-structured network

Security Operations Centers and threat hunting teams can be more effective in a ____. Traffic that may be normal in the user segment could be malicious in the server segment. This would be very hard to detect in a flat network

Information Asset

body of knowledge that is organized and managed as a single entity. Like any other corporate asset, an organization's these have financial value

Security Perimeter

boundary that defines the area of security concern and security policy coverage

Platform as a Service (PaaS)

built on top of the IaaS model as, in addition to providing the services from IaaS, this provider will also provide operating systems, middleware, and other runtime

Identify threat agents and possible attacks

characterize groups of potential attackers - inside and outside, malicious and inadvertent

Network Access Control (NAC)

concept of controlling access to an environment through strict adherence to, and implementation of, security policy. The goals of this are to prevent/reduce zero-day attacks, enforce security policy throughout the network, and use identities to perform access control.

Honeypot

decoy computer system for trapping or tracking hackers or new hacking methods. They are designed to intentionally engage and deceive hackers and identify malicious activities

Next Generation Firewall

deep-packet inspection firewall that moves beyond port/protocol inspection and blocking to add application-level inspection, intrusion prevention and bringing intelligence from outside the firewall

TCP/IP or DoD Model

descriptive model for modelling current internet architecture, as well as providing a set of rules that govern all forms of transmission over a network. It is comprised of four layers

Smart Meter

digital data collection and communication device used in the energy sector. Energy consumption data is tracked and made available to the provider and customer

Security Perimeter

first line of protection between networks of different zones. In general, it can include firewalls as well as proxies and devices such as intrusion detection systems (IDS) to warn of suspicious traffic

Identify exploitable vulnerabilities

focus on those that connect the identified possible attacks to the identified negative consequences

Prioritize identified risks

for each threat, estimate a number of likelihood and impact factors to determine overall risk/severity level

Sandboxing

form of software virtualization that lets programs and processes run in their own isolated environments

ring, bus, star and mesh

four basic physical topologies

Risk Management, Benchmarking and Good Practice, Financial, Legal and Regulatory

four factors which should drive architectural decisions

Hardware Security Module (HSM)

physical device that safeguards the cryptographic infrastructure by securely managing, processing and storing cryptographic keys inside a tamper-resistant external device that attaches directly to a computer

Network Topology

physical layout and organization of computers and networking devices.

Assets

pieces of IT equipment, including network infrastructure components, security infrastructure components, physical buildings/rooms/racks, laptops and personal computers, mobile devices, etc.

Whitelisting

practice of explicitly allowing identified people, groups, or services access to a particular privilege, service, or recognition

Defence in Depth

practice of layering defenses to provide added protection. It increases security by raising the effort needed in an attack. This strategy places multiple barriers between an attacker and an enterprise's computing and information resources

OSI Reference Model

prescriptive model that characterizes and standardizes the communication functions of a telecommunication or computing system without regard for its underlying internal structure and technology. It is comprised of seven layers

Threat Modelling

procedure for optimizing network/application/internet security by identifying objectives and vulnerabilities and then defining countermeasures to prevent, or mitigate the effects of, threats to the system

Encryption

process of taking an unencrypted message (plaintext), applying a mathematical function to it (encryption algorithm with a key) and producing an encrypted message (ciphertext).

Worm

program that is capable of copying itself onto other computers or devices without user interaction

Trojan

program that pretends to be legitimate code but conceals other unwanted functions

Dynamic Host Configuration Protocol (DHCP)

protocol used by networked computers (clients) to obtain IP addresses and other parameters such as the default gateway, subnet mask and IP addresses of domain name system (DNS) servers from a DHCP server; ensures that all IP addresses are unique

Internet of Things (IoT)

refers to systems that involve computation, sensing, communication, and actuation. Involves the connection between humans, non-human physical objects, and cyber objects, enabling monitoring, automation, and decision making.

Platform Security

security model that is used to protect an entire platform by using a centralized security architecture or system.

Rule Set

set of access control rules defined in firewalls, which control which traffic is permitted through and which must be blocked

Security Baseline

set of basic security objectives which must be met by any given service or system. Details depend on the operational environment a service/system is deployed into, and might thus, creatively use and apply any relevant security measure. Derogations from the baseline are possible and expected and must be explicitly marked

Application Programming Interface (API)

set of routines, protocols and tools referred to as "building blocks" used in business application software development; also thought of as an interface between a server and a client.

platform security

Unlike a layered security approach in which each layer/system manages its own security, this secures all components and layers within a platform.

Wrapper

Encapsulation solutions that manage, configure, and update embedded systems through a controlled channel; their security may be enhanced through addition of authentication and integrity features

Endpoint

any device through which users connect to information, systems, and networks, for example laptops, smart phones, printers, tablets.

Physical Topology

not always the same as logical topology

Network Segmentation

partitioning of a network into smaller networks

incomplete

A segregated network architecture is ____ if an organization does not have full visibility into it. This visibility is achieved by collecting, inspecting and analyzing traffic at the various security zones between segregated networks

Near-Field Communications (NFC)

A wireless technology that enables a variety of contactless and proximity-based applications, such as payments, information retrieval, mobile marketing and device pairing

Physical Access

Access into a network connection or wiring area or to proximity to LAN resources or systems

firewalls

After end-to-end application security requirements and risk factors are identified, these can be deployed as one component to help meet those security requirements

Sandbox

An isolated environment, referred to as this in this context, enables users to run programs or execute files without affecting the underlying system which they run on. In the case of PaaS, this is typically a virtualized environment

isolate

An underlying virtualization platform, such as VMware or Hyper-V, is used to do this to environments

Threat Event

Any event during which a threat element/actor acts against an asset in a manner that has the potential to directly result in harm

Attack Surface

Components available to be used by an attacker against the product itself

AV/AM

Coordination of this kind of policy enforcement across network, endpoints, and cloud services

Data Isolation

Data within partitioned applications which cannot be read or modified by other applications

Malware (Malicious Software)

Designed to infiltrate, damage or obtain information from a computer system without the owner's consent

Product Threat Models Steps

Determine Assessment scope Identify threat agents and possible attacks Understand existing countermeasures Identify exploitable vulnerabilities Prioritize identified risks Identify countermeasures to reduce threat

botnet

Due to the overlapping nature of P2P node structure, it can be very difficult to fully detect and shut down the controlling _____, allowing it to continue operating unimpeded

Pyramid of Trust

Each layer can rely on the effective security of its underlying layer without being able to verify it directly

target device

For malware to spread, it needs to be installed on this or computer. Some of the most common infection techniques are phishing, websites/drive-by attacks and removable media such as memory sticks

PROTECT (PR)-ACCESS CONTROL (AC)-1

Identities and credentials are managed for authorized devices and users; -2 Physical access to assets is managed and protected

Damage Limitation

If an attack damages a partitioned application, this damage cannot spread to other partitions/applications

firewall

If improperly managed or deployed, this can leave gaps in an organization's security that attackers can use to infiltrate your network.

platform

If this is compromised the entire infrastructure is vulnerable

IoT devices

These being connected to the internet but not adequately secured has resulted in incidents such as hackers accessing in-home monitoring devices, and botnets shutting down entire parts of the internet

IoT devices

These contain and collect a lot of sensitive information about their physical surroundings

PROTECT-MAINTENANCE (MA)-1

Maintenance and repair of organizational assets is performed and logged in a timely manner with approved and controlled tools

trust domains

Firewalls should be placed between entities that have different this

Anti-Virus/Anti-Malware

Focal Points • Be familiar with existing and emerging types of malware and their attack vectors. • Understand the types of devices and endpoints on the network and what level of Anti-Virus/Anti-Malware (AV/AM) coverage is required. • Understand the level of operational/management overhead is required to maintain the deployed AV/AM infrastructure. • Understand how the various AV/AM components interact with each other and how data can be aggregated for reporting.

Product Security: Embedded Systems

Focal Points • Understand how the technical and functional requirements meet the required security for critical embedded systems. • Understand how and where embedded systems will be deployed as part of a project. • Understand what mitigating controls can be deployed to account for embedded systems that are not secure on their own

System Security: Servers

Focal Points • Understand sensitivity and classification as it relates to server access controls. • Understand how users with a requirement for administrative access, whether IT staff or business workers, should be assigned only those privileges necessary for them to accomplish their required tasks. • Understand what is required for the server to meet technical requirements and what features are unnecessary and can be disabled. • Understand physical and technological controls required to control and monitor access to the server room or data center

Product Threat Models

Focal Points • Understand the business cases and usage scenarios that will feed into the threat modelling activity. • Understand how risks will be ranked for likelihood and impact • Understand how risks will be addressed after prioritization. • Understand how the security objectives of the organization align to the defined threat prioritization.

Internet of Things

Focal Points • Understand the data being transmitted through Internet of Things (IoT) devices, and connectivity requirements. • Understand the security objectives for the IoT product(s) and the relevant threats to those objectives. • Understand how information about IoT devices, such as serial numbers, will be protected. • Understand how firmware will be managed and updated on deployed IoT devices.

Platform Security

Focal Points • Understand the pros and cons of platform security, and its fit (or not) to business and security requirements. • Understand the platform being deployed and the applicable security controls to be applied. • Understand the use cases for the platform and if they may require additional security measures. • Understand how platforms will have required security patches applied and at what frequency.

Segregation

Focal Points • Understand the security requirements of various servers and applications on the network for them to be properly classified. • Understand the sensitivity of data and criticality of applications to facilitate the segregation activities. • Understand what data from a zone may need to be transmitted to another zone and if, based on data sensitivity, that communication flow should be permitted and under what conditions. • Understand organizational business and security requirements to ensure that any segregation strategy doesn't impede the business

Self-Encryption Device

Hard drive that self-encrypts data to a media storage device and then automatically decrypts the data from the media.

spear-phishing and social engineering

Hostile actors are increasingly targeting internal networks using techniques such as these. This, coupled with an increase in the use of mobile and remote working, provides additional attack vectors for access to a company's internal network

Access Control

Improving Server Security can have a positive impact on this security by the very nature of limiting the opportunities for potential access

embedded systems

In-vehicle computing systems can include these to monitor engine performance, optimize braking, steering and suspension, but can also include in-dash elements related to driving, environmental controls, and entertainment

Security Architecture Threat Risk and Vulnerability Assessments

Insecure systems tend to suffer from the same sorts of threats and vulnerabilities. Common vulnerabilities include poor memory management, the existence of covert channels, insufficient system redundancy, poor access control and poor protection of key components

File Level Encryption

Manual encryption of specific files where the user must initiate an action before the file is encrypted and stored

zero-day

Minimizing this kind of endpoint infections by pre-emptively blocking known, unknown, and targeted attacks at all endpoints, online and offline, on network and off.

Defence in Depth

Multiple layers or levels of access controls to provide layered security. In server defense the outer layer may often be physical access controls followed by logical and technical controls and finally administrative access controls

Physical, Data-link, Network, Transport, Session, Presentation, Application

OSI Reference Model 7 Layers

PROTECT-PROTECTIVE TECHNOLOGY (PT)-2

Removable media is protected, and its use restricted according to policy

Software as a Service (SaaS)

Software that is owned, delivered and managed remotely by one or more providers. The provider delivers software based on one set of common code and data definitions that is consumed by all contracted customers at anytime on a pay-for-use basis or as a subscription based on use metrics

Host Based Firewall

Software which is installed on individual computers, to protect the end host, or operating system, as opposed to at the network level

Cyber-physical

These types of systems integrate software technology into physical infrastructure such as smart cars or smart grids. These systems are often vulnerable to threats that manufacturers of traditional physical infrastructure may not consider

Peer-to-Peer (P2P)

Style of networking in which computers communicate directly with one another rather than routing traffic through managed central servers and networks. Typically used for sharing resources amongst each other

Link, Network, Transport, Application

TCP/IP or DoD Model Four Layers

Firmware Over-the-Air

Technology used by manufacturers of mobile devices after distribution, to remotely install software and services, or resolve issues wirelessly

Corporate Security Policy and/or Acceptable Use Policy

The definition of these are the first steps in defining the network security, application, and traffic policies that should be enforced. Without defined policies, a firewall configuration can end up being little more than an ad hoc listing of perceived needs.

Security Architecture Solution Scope

The idea behind defence in depth is to manage risk with diverse defensive strategies, so that if one layer of defense turns out to be inadequate, another layer of defense will hopefully prevent the breach

Security Architecture

The set of disciplines used to design solutions to address security requirements at a solution or system level

Embedded systems

These are often not only enabled with internet access but also with means to remotely modify and patch software. By compromising these, the hostile actor could install malware or even replace the operating system itself

best practices

These aren't enough for securing products

platform security

This enables the elimination of individual security measures and use of multiple applications/services to secure different layers of an IT environment.

consistency

This is an important security risk consideration for PaaS

segregation

This of sensitive information, hosts and services from the environment in which users access external resources (e.g. web, email) can minimize the impact of any potential breach due to user behavior

embedded system

This provides very little, if any, allowance for security, especially for size, weight and power considerations; thus, security must not impose excessive overhead on the protected system

Micro-Segmentation

Through the use of software, placing security controls between individual servers in a virtual environment

Egress Traffic

Traffic moving away from the firewall, regardless of destination (e.g. internet or LAN)

Ingress Traffic

Traffic moving towards the firewall, regardless of destination (e.g. internet or LAN)

Emanations

Unintentional electrical, mechanical, optical or acoustical energy signals that contain information or metadata about the information being processed, stored or transmitted in a system

Stateful Firewall

Watch traffic streams from end-to-end. They are aware of communication paths and can implement various IP Security (IPsec) functions such as tunnels and encryption. These are better at identifying unauthorized and forged communications

threat modelling

When performed early in a development cycle, this can assist with identifying potential issues and reduce the effort and complexity of resolving them

network zoning

While a firewall should always be placed at internet gateways, there are also internal network considerations and conditions where a firewall could be deployed, such as this

Flat

____ networks are easy to manage and save money; however, with minimal controls between servers and data of different classification and security levels, an attacker who gains access to one system is able to use it as a staging ground for other environments across the network.

Unpatched

____ servers are another major source of security problems

Trusted Computing Base (TCB)

group of trusted system assets consisting of software, hardware, and other controls, which together enforce security policies

Network Based Firewall

hardware appliance that is deployed on the network and filters traffic going between networks (e.g. Internet and LAN). Placed at the perimeter or border of the network

Domain Name System (DNS)

hierarchical database that is distributed across the internet that allows names to be resolved into IP addresses (and vice versa) to locate services such as web and e-mail servers

Virtualization

hosting of one or more operating systems (servers) within the memory of a single host server

Trusted Platform Module (TPM)

international standard (ISO 11889) for a secure crypto-processor, a dedicated microcontroller designed to secure hardware through integrated cryptographic keys

Security Boundary

line of intersection between any two areas, subnets or environments that have different security requirements or needs.

Grey list

list of email or Internet addresses that are neither good nor bad on first glance but require additional levels of validation before communication is permitted

Whitelist

list of email or Internet addresses that someone knows as "good"

Blacklist

list of email or internet addresses that someone knows as "bad"

Network Address Translation (NAT)

methodology of modifying network address information in IP datagram packet headers while they are in transit across a traffic routing device for the purpose of remapping one IP address space into another

Flat Network

network in which all computers (hosts) are able to communicate directly with all others within it; the network is not segmented at all

Determine assessment scope

tangible assets, application capabilities, reputation and goodwill attributes

Logical Topology

the grouping of networked systems into trusted collectives

weakest link

this could expose the entire platform to vulnerabilities

platform as a service

this may be useful when An organization has periodic spikes in application usage, requiring temporary increased computing power

Identify countermeasures to reduce threat

to reduce risk to acceptable levels based on the enterprise risk appetite

Stateless Firewall

type of firewall filter that watches end-to-end traffic flow and tracks packet sources and destinations; uses network connection state information to make traffic control decisions dynamically. These can tell if packets have been forged or have broken down, and are able to perform security functions such as encryption

Exploit

use of an identified vulnerability to violate security objectives such as confidentiality, integrity and availability

Embedded System

used to provide computing services in a small form factor with limited processing power. They embed the necessary hardware, firmware, and software into a single platform that can be used to provide a limited range of computing services, usually around a single application

Zero Day

vulnerability that is unknown to those who would be interested in mitigating it. Until the vulnerability is mitigated or AV/AM software is updated to detect it, hackers can exploit it.

IoT Technology Controls

• Anti-Virus and Anti-Malware software • Firewall • Intrusion Detection and Prevention Software • Virtual Private Network (VPN) • Key Authentication • Network Segregation

Embedded Systems Technology Controls

• Anti-Virus and Anti-Malware software • Firewall • Intrusion Detection and Prevention Software • Virtual Private Network (VPN) • Key authentication • Hardware Security Modules (HSM) • Network Segregation

Platform Security Technology Controls

• Anti-Virus/Anti-Malware • Identity and Access Management • Network Segregation • Privileged Account Management • Firewalls • Virtual Private Networks (VPN) • Intrusion Detection and Prevention Systems (IDS/IPS)

Endpoint Security Focal Points

• Business case and requirements analysis for endpoint security solutions • Understanding of applicable standards, regulatory considerations, and endpoint security controls

Physical Security Risks

• Compromise of equipment functionality from malicious activity can put confidentiality, integrity and availability at risk • Damage of physical IT assets due to natural causes, such as weather events, can prevent data and system availability • Malicious access to systems • Theft

Product Threat Models Risks

• Cybersecurity teams encounter new threats constantly, and adapting to the latest threats could protect the company from a large data breach and associated impacts. • No system is 100 percent secure; every system has vulnerabilities. At any given time, a system may not have any known software flaws, but security configuration issues and software feature misuse vulnerabilities are always present. • Older systems may be vulnerable to different threats than newer systems and due to their age, they may often be overlooked when developing threat models.

AV/AM Technology Controls

• Defence in Depth • Workstation and network-based AV/AM software • Security Information and Event Management (SIEM) software • Intrusion Detection and Prevention Software

Endpoint Security Process Controls

• Device Handling and Management Policies • IAM Governance

Segregation Technology Controls

• Disabling of non-essential services on servers and workstations • Firewalls and Security Appliances • Separation of management and operational networks • Network traffic whitelisting • Physical network isolation

Endpoint Security Risks

• Exposure of mobile devices, desktops, laptops and tablets to loss or theft which leaves data on those devices vulnerable to access from unauthorized users. • Potential of Malicious software (Malware) infecting a corporate device. • Potential data breach by unscrupulous persons accessing the data on stolen devices

Firewall Technology Controls

• Firewall Analyzer • Network Segmentation • Anti-Virus • Data Backup and Disaster Recovery

AV/AM Process Controls

• Hunt Teams • Security Operations Center • Information Security Policies (Acceptable Use, AV/AM, Software, Backup, etc.) • Security Awareness Training • Principle of Least Privilege

Endpoint Security Technology Controls

• IAM - Identity and Access Management Tools • FDE - Full Disk Encryption • FLE - File Level Encryption • SED - Self-Encryption Device • AMP - Anti-Malware Protection

Firewall Related Risks

• If improperly managed or deployed, a firewall can leave gaps in an organization's security that attackers can use to infiltrate your network. Gartner has projected that in the next three years, 99% of firewall breaches would be caused by misconfigurations. • Firewalls provide only limited protection against vulnerabilities caused by application flaws in server software on other hosts. For example, a firewall will not prevent an attacker from manipulating a database to disclose confidential information

Platform Security Process Controls

• Internal and External Audit • Architecture Standards and Policies • System Hardening Policy • Patch Management Process and Policy

Embedded System Risks

• It is often not financially and/or technically feasible to retrofit security capability into a system that was not originally designed for it. This can leave older embedded systems vulnerable to attack. • Parts from multiple manufacturers may comprise a finished product which leads to the problem that no single manufacturer has any incentive, expertise or even ability to patch the software on the embedded system once it is shipped. • Many embedded systems are designed with a focus on minimizing cost and extraneous features. This often leads to a lack of security and difficulty with upgrades and patches. Because an embedded system is in control of a mechanism in the physical world, a security breach could cause harm to people and property

Security Architecture Related Risks

• Like all system layers, networks are subject to risks that arise out of constant changes in the environment, in all aspects: people, process, and technology. • Designing security for a service must consider all connected systems or sub-systems, regardless of the layer in which they reside, otherwise any that are outside of the defined architecture can introduce vulnerabilities into and architecture if data or connections from those external sources is not validated and secured. • When privileged access is provisioned to users who require special access to restricted or sensitive information, there is a risk of abused privileges; the risk increases if the access is not audited and maintained on a regular basis

Security Architecture Technology Controls

• Network Segregation • Penetration Testing • Defense in Depth

Physical Security Process Controls

• PKI Governance Certificate Policy and Certificate Practice Statements • Access Control Governance and Processes • User credential standards • Removable media policies and controls • Employee awareness

Server Security Process Controls

• Policies and Procedures related to employee behaviours • Audits and Spot Checks • Principle of Least Privilege • Segregation of Duties • Physical Access Controls • Proactive Patching and Lifecycle Management

Firewall Process Controls

• Policy • Formalized Change Control Process for Firewall Rule Management • Principle of Least Privilege • Defense in Depth

Security Architecture Process Controls

• Principle of Least Privilege • Design and Architecture Reviews • System and Security Audits

Segregation Process Controls

• Principle of Least Privilege • Need to Know

Physical Security Technology Controls

• Public Key Infrastructure (PKI) to issue and manage certificates • Identity and Access Management (IAM) Tools • Physical Access Swipe Keys • Surveillance Systems • Redundant Systems • Remote Access Controls

Server Security Technology Controls

• SSH Keys • Firewalls • VPN and Private Networks • Public Key Encryption and SSL/TLS Encryption • Service and File Auditing • Isolated Execution Environments

Product Threat Models Technology Controls

• Security Operating Center (SOC)/Security Information and Event Management (SIEM) • Intrusion Detection and Prevention Systems • Next Generation Firewalls • Audit logging

Server Security Risks

• Servers may end up running services unintentionally and not be aware of it, which introduces potential risks that do not get identified. This can happen when administrators install an operating system, which turns on additional, unwanted services automatically with the base configuration. • P2P applications, while possessing many legitimate applications, are associated with piracy and abuse of copyright and other forms of intellectual property. • P2P applications are often designed to open an uncontrolled channel through network boundaries, thus providing a way dangerous content, such as botnets, spyware, and viruses to enter an otherwise protected network. • Due to the overlapping nature of P2P node structure, it can be very difficult to fully detect and shut down the controlling botnet, allowing it to continue operating unimpeded.

Embedded Systems Process Controls

• Software Development Lifecycle • Security by Design

IoT Process Controls

• Software Development Lifecycle • Security by Design • Security Awareness Training

AV/AM Related Risks

• USB memory sticks, CDs, DVDs and other removable media devices provide an effective way of spreading malware onto additional computers. When the media is inserted into the machine, the malware will either run and infect the target or will copy itself onto the removable media in order to prepare to infect the next machine it is plugged into. • The widespread use of mobile code such as JavaScript on websites has provided attackers with another route to infect computers with malware. Increasingly, legitimate websites are being compromised and made to host malware without the owner's knowledge, making this type of attack very difficult for the user to avoid.

Network Security Focal Points

• Understand how the security architecture ties back to the organization and existing operational processes, and the impact decisions will have on stakeholders. • Understand what is within the scope of the security architecture; as it is not possible to cover all business aspects, it is important to focus and keep scope clear to avoid unnecessary complexity. • Where architecture requirements are transferred between development efforts, understand the rationale behind the original component selection decision to ensure it fits with the current security architecture. • Understand how selected security controls relate to the four factors which should drive architectural decisions

Firewalls Focal Points

• Understand the network connectivity requirements for applications being deployed behind a firewall. • Understand the logging and audit requirements for firewall deployments. • Understand the policies which form the basis for firewall rule implementation. In the absence of documented policy, defining these is the first step to a successful deployment

Physical Security Focal Points

• Understanding, development, and implementation of Physical Security Policies, Processes, and Controls • Understanding of applicable regulatory and industry-specific requirements • Requirements analysis for IAM, PKI, solutions • Disaster Recovery, Business Continuity Planning

Product Threat Models Process Controls

• Vulnerability and Threat Risk Assessment Procedures • Secure Development • Policies and Controls • Internal and External Audits

IoT Related Risks

• Where many IoT devices use embedded systems made with components from multiple manufacturers, the risk applies where no single manufacturer has any incentive, expertise or even ability to patch the software on the embedded system once it has shipped. • A compromised IoT device on a network can give an attacker a foothold within the network to attack other portions of the network and collect sensitive data. • Traditionally, Bring Your Own Device (BYOD) applied to smartphones, but as employees work away from the office and have other connected devices like digital assistants or fitness devices connected to the same network, there are new concerns around data security; if one of those devices is compromised, hackers can move laterally to compromise a connected corporate asset such as a laptop.


Kaugnay na mga set ng pag-aaral

AP Spanish Lang & Cult: Cortometraje Ella y Yo

View Set

The Art of Public Speaking - CH. 10 (Beginning and Ending the Speech)

View Set

Chapter 38: A World Without Borders

View Set

UWorld Pediatrics: Infectious Disease

View Set

Erhvervsøkonomi: Kapitel 7 - Virksomhedens omkostningsforhold

View Set

কাজ শক্তি ও ক্ষমতা

View Set