Chapter 3 & 4

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

What are Business Challenges to the Organization for Compliance?

changing regulations, internal standards interfering with operations

Framework

conceptual set of rules and ideas that provide structure to a complex and challenging situation.

What are attributes of standard and frameworks?

depth/breadth, flexibility, reasoning, prioritization, industry acceptance

14 Adequate controls over privacy data helps prevent ________ theft

identity

Log Message Filtering:

including or excluding (exclusion is sometimes referred to as "dropping on the floor" or drop) log messages based on the content in the log message.

loghost

is a computer system, generally a Unix system or Windows server, where log messages are collected in a central location.

Log Message Normalization

is the act of taking disparately formatted log messages and converting them to a common format.

Performance tools

tell us how our network is handling traffic flow.

Log formats

tend to be "open" or "proprietary" but there is no single logging standard Material Adapted from © 2016 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.

Diagnostic tools

used to test connectivity, ascertain that a location is reachable, or a device is up - usually active tools

Privacy Management?

"The rights and obligations of individuals and organizations with respect to the collection, use, disclosure, and retention of personal information."

IDS Pattern matching

(Signature analysis) based on known attacks

SYSLOG

A Standard for logging/reporting based on severity level

Procedure

A document that provides step-by-step instructions for how standards and guidelines are put into practice.

Policy

A document that regulates conduct through a general statement of beliefs, goals and objectives.

Standard

A document that supports policy. It consists of mandated rules, which support the higher-level policy goals.

12. What can be done to manage risk? (select 3) A. Accept B. Transfer C. Avoid D. Migrate

A. Accept B. Transfer C. Avoid

13 Regarding the seven domains of IT infrastructure .. the Workstation domain includes which of the following? select 3 A. Desktop computers B. Laptop computers C. Remote access systems D. E-mail servers E. Handheld devices

A. Desktop computers B. Laptop computers E. Handheld devices

5 The COSO framework is targeted to which of the following groups within a company? A. Executive management B. First- line management C. Security analysts D. Application developers

A. Executive management

3 The process of selecting security controls is considered within the context of risk management. A. True B. False

A. True

Hybrid Auditing Framework

Allows operations-focused audits to combine with IT-focused audits by mapping business processes to IT processes. Uses COSO/COBIT

Control Activity

An activity that provides the details on how to achieve control objectives. Specific, detailed.

5 Account management and separation of duties are examples of what type of controls? A audit and accountability B. Access control C. Security assessment and authorization D. Personal security

B. Access control

3 Avoiding the need for audits is one reason organizations develop clearly documented policies, standards, and procedures. A. True B. False

B. False

Control Objective

Objectives that state the high-level organizational goals of information system measures. Remains fairly constant.

Control Objectives vs Activities?

Objectives: high-level/organizational goals Activities: specific/how to achieve goals

12 ISO.IEC 27002 is a code of _________ for information security management.

Practice

Configuration and Change Management

Process of systems control/maintenance/compliance throughout their life cycle

Standard & Framework: NIST 800-53

Provides catalog of security controls (management, technical, operational), targeted to fed gov't

IDS Stateful Matching

Scans for attack signatures; based on system behavior, several packets within a communication stream, requires regular updates

Logs

a collection of log messages that will be used collectively to paint a picture of some occurrence.

10 SSAE 16 Type 1 includes everything in a SSAE 16 Type 2 report, but it adds a detailed testing of the controls over a specific time frame. A. True B. False

B. False

11 Organizations may be audited for both ISO.IEC 27001 and ISO/IEC 27002 and receive a formal certification for both. A. True B. False

B. False

Protocol Anomaly-Based Intrusion Detection

Installed on web server, detects unacceptable deviations,

Auditing ISS Domains: Remote Access Domain

Use: Access organization resources remotely Scope: Unsecured transports, Internet, dial-up modem Improvement: Remote access solutions, VPNs, encryption, two-factor authentication

Auditing ISS Domains: Workstation Domain

Use: End user's computing environment Scope: Desktops, laptops, printers, scanners, mobile devices, wireless devices Improvements: Maintenance of system hardware and software

Auditing ISS Domains: WAN Domain

Use: End-to-end connectivity between LANs Scope:Routers, firewalls, intrusion detection system, telecommunications components Improvement: Channel service unit/data service unit, codecs, backbone circuits, Internet, untrusted zone

6 Which one of the following is not one of the 7 domains of an IT infrastructure? A. User domain B. Workstation domain C. LAN-to-LAN domain D. WAN domain E. Remote access domain

C. LAN-to-LAN domain

14 Which of the following provides a framework for assessing the adequacy of implemented controls? A. NIST 800-53 B. NIST 800 C. NIST 800-53A D. NIST 800A

C. NIST 800-53A

2 Which of the following best describes the rights and obligations of individuals and organizations with respect to the collection, use, disclosure, and retention of personal information? A. Security management B. Compliance management C. Privacy management D. Collection management

C. Privacy management

what are Popular Control Frameworks?

COBIT ▪NIST 800-53 ▪ SANS

Host Based Intrusion Detection System (HIDS)

Can monitor encrypted traffic, uses a lot of CPU and memory

Change vs Configuration Management

Change: method for tracking unauthorized changes Configuration: ensures changes are requested, evaluated, and authorized

COBIT 5 Principles

Meeting stakeholder needs; Covering the enterprise end to end; Applying a single integrated framework; Enabling a holistic approach; Separating governance from management

9 Which of the following is an example of why an ongoing IT compliance program is important? A. Organizations are dynamic, growing environments B. Threats evolve C. Laws and regulations evolve D. All of the above

D. All of the above

13 What PCAOB standard states that the auditor should assess the amount of IT involvement in the financial reporting process? A. Auditing Standard No. 1 B. Auditing Standard No. 11 C. Auditing Standard No. 55 D. Auditing Standard No. 5

D. Auditing Standard No. 5

11 Which of the following is not part of the change management process? A. Identify and request B. Evaluate request C. Decision response D. Implement unapproved change E. Monitor change

D. Implement unapproved change

Descriptive vs Prescriptive controls?

Descriptive: high level/align with IT business goals Prescriptive: specific/standardize IT operations and tasks

Traffic Anomaly-Based Intrusion Detection

Finds deviations based on traffic, relies on normal patters of traffic

International Organization for Standardization (ISO) 27000 series

Focuses on management and processes by relying on other standards

1. A ________- is a conceptual set of rules and ideas that provide structure to a complex and challenging situation.

Framework

What are Organizational Barriers to IT?

Funding/management support, no alignment to business objectives, misunderstanding of rationale for IT compliance

7 Responding to business requirements in alignment with the business strategy is an example of an IT _____________.

Goal

Service Organization Control (SOC) Reports

Help customers understand adequate controls and processes are in place

Statistical Anomaly-Based Intrusion Detection

Identifies suspicious behavior, detects unknown attacks, requires tuning, challenging to define normal traffic and vulnerable to false positives

Log message types

Informational, Debug, Warning, Errors, Alerts

Network Intrusion Detection System (NIDS)

Inspects packets, monitors sessions, doesn't impact network, can't monitor encrypted traffic

Log Message Event

The currency of exchange in a logging system. When your log data is in a common format it makes it much easier to manipulate the data so that meaning can be derived from it.

Auditing ISS Domains: LAN to WAN Domain

Use: WAN connects multiple LANs Scope:Routers, firewalls, intrusion detection devices Improvement: Public IP addresses; high level of security required

Log Message Structure

Timestamp; source; data

IDS Anomaly Detection

Unauthorized attempt

Auditing ISS Domains: User Domain

Use: Anyone accessing organizations info Scope: Acceptable use policy (AUP), system access policy, Internet access policy, e-mail policy Improvements: Authentication methods

Auditing ISS Domains: LAN Domain

Use: Computing and networking equipment Scope:Access to centralized resources (file servers, printers), administration, physical connections Improvement: Logon access control, hardening, configuration, backup procedures, network power supply

Auditing ISS Domains: System/Application Domain

Use: Systems and software applications that users access Scope: Mainframes, application servers, Web servers, proprietary software, and applications Improvement: Harden servers to authorized baseline, configured to policies and standards with controls

Guideline

A document that supports standards and policies, but is not mandatory.

COBIT

A high level control objective for Ensuring Systems Security

4If a baseline security control cannot be implemented, which of the following should be considered? A. Compensating control B. Baseline security control standard revision C. Policy revision D. None of the above

A. Compensating control

9 Which one of the following is not one of the four domains of COBIT? A. Plan and organize B. Implement and support C. Acquire and implement D. Deliver and support E. Monitor and evaluate

A. Plan and organize

4 Which of the following should organizations do when selecting a standard (select three) A. Select a standard that can be followed B. Employ the selected standard C. Select a flexible standard D. Select a standard that other organizations in the same geographic region are using

A. Select a standard that can be followed B. Employ the selected standard C. Select a flexible standard

2 Frameworks differ from each other in that they might offer varying levels of depth and breadth. A. True B. False

A. True

Security Information and Event Management (SIEM)

An approach to security that seeks to provide a holistic view of an organization's information technology (IT) security --> system that allows realtime analysis

8 Which one of the following is not true of the COBIT? A. It is business focused B. It's security-centered C. IT's process oriented D. It's controls based E. It's measurement driven

B. It's security-centered

8 Mitigating a risk from an IT security perspective is about eliminating the risk to zero. A. True B. false

B. false

7 Which of the following policies would apply to the user domain concerning the 7 domains of an IT infrastructure ? A. Acceptable use policy B. Internet Access policy C. Security incident policy D. Firewall policy E. Answers A and B F. Answers B and D

E. Answers A and B

10 Policies, standards, and guidelines are part of the policy ___________

framework

1 After mapping existing controls to new regulations, an organization needs to conduct a ________ analysis

gap

Log messages

generated by some device or system to denote that something has happened. That is, log messages are what a computer system, device, software, etc. generates in response to some sort of stimuli.

Monitoring tools

tools running in the background ("daemons" or services), which collect events, but can also initiate their own probes (using diagnostic tools), and recording the output, in a scheduled fashion.


Ensembles d'études connexes

Mastering Astronomy Chapter 10 pt 2

View Set

PSYCH EXAM 1- W2B (depression, suicide and self harm)

View Set

Chapter 10: Experimental and Quasiexperimental Designs

View Set

Building Construction Chapter 12

View Set

Sills 6th edition (2015) Self-Study Questions Ch 1-18

View Set

acid/base or chemical extraction

View Set

Human Biology Test 3 Chapters 11, 12, 14

View Set