Chapter 2 review
Checksum
A checksum verifies the integrity of files, or strings of characters, before and after they transfer from one device to another across a local network or the Internet. Checksums simply convert each piece of information to a value and sum the total. To test the data integrity, a receiving system just repeats the process. If the two sums are equal, the data is valid (Figure 1). If they are not equal, a change occurred somewhere along the line (Figure 2).
Security Policy
A document that addresses the constraints and behaviors of members of an organization and often species how data can be accessed and what data is accessible by whom.
What is the Statement of Applicability (SOA)?
A document that defines which control objectives that the organization needs to use.
Guidelines
A list of suggestions on how to do things more efficiently and securely. They are similar to standards, but are more flexible and are not usually mandatory. Guidelines define how standards are developed and guarantee adherence to general security policies.
NAS
A network attached storage (NAS) device is a storage device connected to a network that allows storage and retrieval of data from a centralized location by authorized network users. NAS devices are flexible and scalable, meaning administrators can increase the capacity as needed.
Access control
A security measure that defines who can access a computer, device, or network, when they can access it, and what actions they can take while accessing it.
SAN
A storage area network (SAN) architecture is a network based storage system. SAN systems connect to the network using high-speed interfaces allowing improved performance and the ability to connect multiple servers to a centralized disk storage repository.
Counter measures for data in proccess
Access control, Data Validation, Data duplication
How is can Authorization be controlled.
An ACL, ... An ACL determines whether a user has certain access privileges once the user authenticates. Just because you can log onto the corporate network does not mean that you have permission to use the high-speed color printer. Authorization can also control when a user has access to a specific resource. For example, employees may have access to a sales database during work hours, but the system locks them out after hours.
what are each of the A's in the AAA
Authentication, Authorization, and Accounting
Cloud storage
Cloud storage is a remote storage option that uses space on a data center provider and is accessible from any computer with Internet access. Google Drive, iCloud, and Dropbox are all examples of cloud storage providers.
CIA triad
Confidentiality, Integrity, Availability
Cybersecurity professionals recognize the following:
Controls are not mandatory, but they are widely accepted and adopted, - Controls must maintain vendor-neutrality to avoid the appearance of endorsing a specific product or company. - Controls are like guidelines. This means that there can be more than one way to comply with the objective.
States of data
Data in transit Data at rest or in storage Data in process
DAS
Direct-attached storage (DAS) is storage connected to a computer. A hard drive or USB flash drive is an example of direct-attached storage. By default, systems are not set up to share direct-attached storage.
Types of Data Storage
Direct-attached storage (DAS), Redundant array of independent disks (RAID), A network attached storage (NAS), A storage area network (SAN), Cloud storage.
Ensuring Availability with what techniques?
Equipment maintenance OS and system updates Backup testing Disaster planning New technology implementations Unusual activity monitoring Availability testing
Hardware-based Technology Safeguards
Firewall appliances block unwanted traffic. Firewalls contain rules that define the traffic allowed into and out of a network. Dedicated Intrusion Detection Systems (IDS) detect signs of attacks or unusual traffic on a network and send an alert. Intrusion Prevention Systems (IPS) detect signs of attacks or unusual traffic on a network, generate an alert and take corrective actions. Content filtering services control access and transmission of objectionable or offensive content.
forensic analysis
Forensic analysis refers to a detailed investigation for detecting and documenting the course, reasons, culprits, and consequences of a security incident or violation of rules of the organization or state laws.
security policy typically includes?
Identification and authentication policies - Specifies authorized persons that can have access to network resources and outlines verification procedures. Password policies - Ensures passwords meet minimum requirements and are changed regularly. Acceptable use policies - Identifies network resources and usage that are acceptable to the organization. It may also identify ramifications for policy violations. Remote access policies - Identifies how remote users can access a network and what is remotely accessible. Network maintenance policies - Specifies network device operating systems and end user application update procedures. Incident handling policies - Describes how security incidents are handled.
laaS
Infrastructure as a Service - provides virtualized computing resources over the Internet. The provider hosts the hardware, software, servers, and storage components.
IPSec
Internet Protocol Security
A comprehensive security policy accomplishes several tasks. What are they?
It demonstrates an organization's commitment to security. It sets the rules for expected behavior. It ensures consistency in system operations, software and hardware acquisition and use, and maintenance. It defines the legal consequences of violations. It gives security staff the backing of management.
There are several ways to implement a formal training program. What are they?
Make security awareness training a part of the employee's on boarding process Tie security awareness to job requirements or performance evaluations Conduct in-person training sessions Complete online courses
The five nines
One of the most popular high availability practices is five nines. The five nines refer to 99.999%. This means that downtime is less than 5.26 minutes per year.
PaaS
Platform as a Service provides access to the development tools and services used to deliver the applications.
The three dimensions of the cyber security cube
Principles of security, States of data, Cybersecurity Safeguards
Challenges of Protecting Data In-Transit
Protecting data confidentiality, Protecting data integrity, Protecting data availability
Challenges of Protecting Data In-Process
Protecting data during processing requires well-designed systems. Cybersecurity professionals design policies and procedures that require testing, maintaining, and updating systems to keep them operating with the least amount of errors.
Forms of Data Processing and Computation
Protection of data integrity starts with the initial input of data. Organizations use several methods to collect data, such as manual data entry, scanning forms, file uploads, and data collected from sensors. Each of these methods pose potential threats to data integrity. An example of data corruption during the input process includes data entry errors or disconnected, malfunctioning, or inoperable system sensors. Other examples can include mislabeling and incorrect or mismatched data formats. Data modification refers to any changes to the original data such as users manually modifying data, programs processing and changing data, and equipment failing resulting in data modification. Processes like encoding/decoding, compression/decompression and encryption/decryption are all examples of data modification. Malicious code also results in data corruption. Data corruption also occurs during the data output process. Data output refers to outputting data to printers, electronic displays or directly to other devices. The accuracy of output data is critical because output provides information and influences decision-making. Examples of output data corruption include the incorrect use of data delimiters, incorrect communication configurations, and improperly configured printers.
RAID
Redundant array of independent disks (RAID) uses multiple hard drives in an array, which is a method of combining multiple disks so that the operating system sees them as a single disk. RAID provides improved performance and fault tolerance.
The twelve domains of cyber security
Risk Assessment, Security policy, Organization of Information Security, Assets Management, Human Resources Security, Physical and environmental security, Communications and operations management, Information Systems Acquisition-Development-and Maintenance, Access Control, Information Security Incident management, Business Continuity management, and Compliance
SSL
Secure Sockets Layer
Methods of Transmitting Data
Sneaker net, Wired networks, Wireless network.
Cloud-based Technology Safeguards
Software as a Service (SaaS), Infrastructure as a Service (IaaS), Platform as a Service (PaaS)
SaaS
Software as a Service - allows users to gain access to application software and databases. Cloud providers manage the infrastructure. Users store data on the cloud provider's servers.
There are several software-based technologies used to safeguard an organization's assets. What are these assets?
Software firewalls control remote access to a system. Operating systems typically include a firewall or a user can purchase or download software from a third party. Network and port scanners discover and monitor open ports on a host or server. Protocol analyzers, or signature analyzers, are devices that collect and examine network traffic. They identify performance problems, detect misconfigurations, identify misbehaving applications, establish baseline and normal traffic patterns, and debug communication problems. Vulnerability scanners are computer programs designed to assess weaknesses on computers or networks. Host-based intrusion detection systems (IDS) examine activity on host systems only. An IDS generates log files and alarm messages when it detects unusual activity. A system storing sensitive data or providing critical services is a candidate for host-based IDS.
Software-based Technology Safeguards
Software safeguards include programs and services that protect operating systems, databases, and other services operating on workstations, portable devices, and servers. Administrators install software-based countermeasures or safeguards on individual hosts or servers.
What are the three can people do to also authenticate their access
Something they know (such as a password) Something they have (such as a token or card) Something they are (such a fingerprint)
how do standards help IT staff?
Standards help an IT staff maintain consistency in operating the network. Standards documents provide the technologies that specific users or programs need in addition to any program requirements or criteria that an organization must follow. This helps IT staff improve efficiency and simplicity in design, maintenance, and troubleshooting.
The Principles of Security
The CIA triad
Human resources security
The addresses security procedures relating to employees joining, moving within, and leaving an organization.
Control Objectives
The control objectives define the high-level requirements to implement a comprehensive ISM
Risk Assessment
The first step in the risk management process. It determines the quantitative and qualitative value of risk related to a specific situation or recognized threat.
An active security awareness program depends on?
The organization's environment The level of threat
Cybersecurity Safeguards
The skills and discipline a cybersecurity professional can call upon to protect cyberspace.
Information Security Incident Management
This describes how to anticipate and respond to information security breaches.
Information systems Acquisition, Development, and Maintenance
This describes the integration of security into applications
Communications and operations management
This describes the management of technical security controls in systems and networks
physical environmental security
This describes the protection of the computer facilities within an organization.
business continuity Management
This describes the protection, maintenance, and recovery of business-critical processes and systems.
Access control
This describes the restriction of access rights to networks, systems, applications, functions, and data.
asset management
This is an inventory of and classification scheme for information assets.
Organization of information security
This is the governance model set out by an organization for information security
Wired Network
Uses cables and connectors to establish the network connection
Network-based Technology Safeguards
Virtual Private Network (VPN) is a secure virtual network that uses the public network (i.e., the Internet). The security of a VPN lies in the encryption of packet content between the endpoints that define the VPN. Network access control (NAC) requires a set of checks before allowing a device to connect to a network. Some common checks include up-to-data antivirus software or operating system updates installed. Wireless access point security includes the implementation of authentication and encryption.
VPNs
Virtual Private Networks
Data duplication
a data compression technique involves redundant copies of data being removed from a system. It is administered in both data backup and network data schemes, and enables the storage of a unique model of data within either a database or broader information system.
hot standby
a redundant method in which one system runs simultaneously with an identical primary system. Upon failure of the primary system, the hot standby system immediately takes over, replacing the primary system. However, data is still mirrored in real time. Thus, both systems have identical data.
security policy
a set of security objectives for a company that includes rules of behavior for users and administrators and specifies system requirements. These objectives, rules, and requirements collectively ensure the security of a network, the data, and the computer systems within an organization.
ISO/IEC 27000
an information security standard published in 2005 and revised in 2013. ISO publishes the ISO 27000 standards. Even though the standards are not mandatory, most countries use them as a de facto framework for implementing information security.
Protecting data confidentiality
cyber criminals can capture, save and steal data in-transit. Cyber professionals must take steps to counter these actions.
Protecting data integrity
cyber criminals can intercept and alter data in-transit. Cybersecurity professionals deploy data integrity systems that test the integrity and authenticity of transmitted data to counter these actions.
Protecting data availability
cyber criminals can use rogue or unauthorized devices to interrupt data availability. A simple mobile device can pose as a local wireless access point and trick unsuspecting users into associating with the rogue device. The cybercriminal can hijack an authorized connection to a protected service or device. Network security professionals can implement mutual-authentication systems to counter these actions. Mutual-authentication systems require the user to authenticate to the server, and requests the server to authenticate to the user.
redundancy
cyber system means building multiple resources that serve the same function and can replace each other in the event of the loss of primary system resources
Methods to ensure integrity?
hashing, data validation checks, data consistency checks, and access controls. Data integrity systems can include one or more of the methods listed above.
Controls
how to accomplish the objective.
Data Validation
includes the tests and evaluations used to determine compliance with data governance policies to ensure correctness of data
Accounting
keeps track of what users do, including what they access, the amount of time they access resources, and any changes made.
Procedure documents
longer and more detailed than standards and guidelines. Procedure documents include implementation details that usually contain step-by-step instructions and graphics.
Confidentiality
prevents the disclosure of information to unauthorized people, resources and processes. Another term for confidentiality is privacy.
Authorization
services determine which resources users can access, along with the operations that users can perform.
Methods used to ensure data availability.
system redundancy, system backups, increased system resiliency, equipment maintenance, up-to-date operating systems and software, and plans in place to recover quickly from unforeseen disasters.
Principle of Data Integrity
the accuracy, consistency, and trustworthiness of data during its entire life cycle. Another term for integrity is quality. Data undergoes a number of operations such as capture, storage, retrieval, update, and transfer. Data must remain unaltered during all of these operations by unauthorized entities.
compliance
the describes the process of ensuring conformance with information security policies, standards, and regulations.
Encripytion/Decription
the encryption/ decription of data
Availability
the principle used to describe the need to maintain availability of information systems and services at all times. Cyberattacks and system failures can prevent access to information systems and services.
Hashing
transforming plaintext of any length into a short code called a hash and then checking the original one with the sent one.
Wireless Network
uses radio waves instead of wires or cables as its transmission media to transmit data.
Sneaker net
uses removable media to physically move data from one computer to another
Authentication
verifies the identity of a user to prevent unauthorized access. Users prove their identity with a username or ID.