AIS Chapter 8

preventative controls: people 1. 2.

1. creation of a "security aware" culture 2. training

examples of physical access controls

1. locks on doors and computer 2. don't put sensitive information on laptops

2 types of authentication

1. multifactor 2. multimodal

Preventative Controls 1. 2. 3. 4. 5.

1. people 2. user acces controls 3. physical access controls 4. network access controls 5. change management

2 key concepts in information security

1. security is a management issue, not just an IT issue 2. time based model of information security

corrective control that sets the tone at the top and links operations via COO

Certified information security officer (CISO)

CEO and CFO have to sign off on financials

SOX 302

the internal controls report. The company has to issue a report that says the condition of their internal controls/financial reporting

SOX 304

which of the following is a preventive control? a. training b. log analysis c. CIRT d. virtualization

a. training

a set of IF THEN rules used to determine what to do with arriving packets

access control list (ACL)

where you look at various elements in your systems and it creates a grid

access controls matrix (a type of authorization)

verifying the identity of the person or device attempting to access the system

authentication

preventative controls: user access controls 1. 2.

authentication authorization

the control producer designed to restrict what portions of an information system an employee can access and what actions they can perform is called

authorization

which of the following combinations of credentials is an example of multi factor authentication? a. voice recognition and fingerprint reader b. a PIN and ATM card c. a password and user ID d. all of the above

b. the pin is something a person knows the ATM card is something a person has

a physical or behavioral characteristic that is used as an authentication credential

biometric identifier

a device hat connects an organizations information system to the internet

border router

which of the following is a detective control? a. hardening endpoints b. physical access controls c. penetration testing d. patch management

c. penetration testing

the formal process used to ensure that modifications to hardware, software or processes do not reduce systems reliability

change control and change management

using a browser to remotely access software, data storage, hardware and applications

cloud computing

matching the users authentication credentials against the access control matrix to determine whether that employee should be allowed to a access that resource and perform that requested action

compatibility test

corrective control that deals with major incidents

computer incident response team (CIRT)

what is the most effective way for a firewall to use to protect the perimeter?

deep packet inspection

employing multiple layers if controls to avoid a single point of failure

defense in depth

a balancing act between _____________ to avoid system failures and ________

defensive depth costs related to them

a separate network located outside the organizations internal information system that permits controlled access from the internet

demilitarized zone (DMZ)

collective term for the workstations, servers, printers and other devices that compromise an organization's network

endpoints

a program designed to take advantage of a known vulnerability

exploit

instructions for taking advantage of a vulnerability

exploit

a special purpose hardware device or software running a general purpose computer that controls both inbound and outbound communication between the system behind it and other networks

firewall

modifying default configurations to turn of necessary programs and features to improve security is called

hardening

the process of modifying the default configuration of endpoints to eliminate unnecessary settings and services

hardening

this detective control you want to especially look at failed attempts. it includes intrusion detection systems and keeps records of who is logged in and who attempted to log in

log analysis

detective control that make sure upper management must stay involved

monitoring

which type of authentication is better?

multifactor

authenticate thorough what you have, what you know, or who you are

multifactor authentication

the use of two or more types of authentication credentials in conjunction to achieve a greater level of security

multifactor authentication

the use of multiple authentication credentials of the same type of achieve a greater level of security

multimodal authentication

using multiple things of the same factor for authentication

multimodal authentication

a process that uses various fields in a packers IP and TCP headers to divide what to do with the packet

packet filtering

coe released by software developers that fixes a particular vulnerability

patch

corrective control that regularly applies patches and updates to software

patch management

the process of regularly applying patches to updates and softwares

patch management

what is a corrective control designed to fix vulnerabilities?

patch management

code released by developers to address vulnerabilities

patches

an authorized attempt to break into the organizations information system

penetration test

detective control that is authorized testing by an internal audit.

penetration testing

performed by "white hat hackers"

penetration testing

defense in depth's layers consist of what 3 types of controls

preventive detective corrective

special purpose devices that are designed to read the source and destination address fields in IP packet headers to divide where to send the packet next

routers

_____ is the key and ____ provides the foundation

systems reliability security

P > D + R

time based model of information security

implementing a combination of preventative, detective, and corrective controls that protect information assets long enough to enable an organization to recognize that an attack is occurring and takes steps to thwart it before any information is lose or compromised

time based model of security

___________ for the ERM Cube shapes the organizations security culture

tone at the top

running multiple systems simultaneously on one physical computer

virtualization

flaws in programs that can be exploited to either crash the system or take control of it

vulnerabilities

a weakness that an attacker can take advantage of to either disable or take control of a system is called

vulnerability