Ch. 2.2

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

What are the 7 layers in layered security?

1.)policies, procedures, and awareness 2.)physical 3.)perimeter 4.)network 5.)host 6.)application 7.)data

What is a countermeasure?

A way to mitigate a potential risk. Reduce the risk of a threat agent by being able to exploit a vulnerability

what is layered security?

a security approach that combines multiple security controls and defenses to create a cumulative effect

layered security model

a security approach that defines seven layers of security

includes authentication and authorization, user management, and group policies

application

includes cryptography and secure transmissions

data

includes OS hardening, patch management, malware, and password attacks

host

includes each individual workstation, laptop, and mobile device

host

application

includes authentication, and authorization, user management, group policies, and web application security

host

includes each individual workstation, laptop, and mobile device. this layer includes log management, OS hardening, patch management and implementation, auditing, malware, and password attacks

physical

includes fences, door locks, mantraps, turnstiles, device locks, server cages, cameras, motion detectors, and environmental controls

perimeter

includes firewalls using ACLs and securing the wireless network

data

includes storing data properly, destroying data, classifying data, cryptography, and data transmission security

network

includes the installation and configuration of switches and routers, implementation of VLANS, penetration testing, and virtualization use

policies, procedures. and awareness

includes user education, manageable network plans, and employee onboarding and off-boarding procedures

which of the following is a security approach that combines multiple security controls and defenses and is sometimes called defense in depth?

layered security

includes implementation of VLANS, penetration testing; and the utilization of virtualization

network

includes firewalls using ACLs and securing the wireless network

perimeter

includes cameras, motion detectors, and even environmental controls

physical

includes fences, door locks, mantraps, turnstiles, device locks, and server cages

physical

includes how to manage employee onboarding and off-boarding

policies, procedures, and awareness

includes user education and manageable network plans

policies, procedures, and awareness

How can countermeasures reduce the risk of a threat agent by being able to exploit a vulnerability?

provides a security solution to an identified problem, is not dependent on secrecy, is testable and verifiable, provides uniform or consistent protection for all assets and users, is independent of other safeguards, requires minimal human intervention, is tamper-proof, has overrides and fall-safe defaults

employees are the single greatest threat to network security. therefore, user education is very important. Look for ways to take the following actions:

train employees so that they know that employees are the primary targets in most attacks, ensure employees understand that phishing attacks are one of the most common attacks directed at employees, ensure that employees can identify email, instant messaging, download, and website attacks, enforce effective password policies including a policy that prohibits writing down passwords, train employees to identify both internal and external threats, ensure that employees are aware of the company's security policies


Ensembles d'études connexes

My Best Buy Credit and Visa Card/Rewards Program

View Set

4.9 14 CFR Part 91: 91.3 - 91.151

View Set

CH 10 Concept Quiz 17/18 correct

View Set

Chapter 1, Chapter 3 cells, Chapter 4 tissues, Chapter 5 integument, Chapter 2, AP 5 Integumentary System Part 3- Accessory Structures, Anatomy and Physiology I- Chapter 5 learnsmart, 3.2b Classification of Chemical Reactions, Chapter 3 Energy, Chemi...

View Set