ISC2 Certified in Cybersecurity: Chapter 5 Security Operations
Primary use of Symmetric Algorithms?
-Encrypting bulk data (backups, hard drives, portable media) -Encrypting messages traversing communications channels (IPsec, TLS) -Streaming large-scale, time-sensitive data (audio/video materials, gaming, etc.)
What are the Change Management Components?
1. Request for Change 2. Approval 3. Rollback
What are the five main properties a cryptographic hash function must demonstrate?
1. Useful 2. Nonreversible 3. Content integrity assurance 4. Unique 5. Deterministic
This policy defines acceptable use of the organization's network and computer systems and can help protect the organization from legal action. It should detail the appropriate and approved usage of the organization's assets, including the IT environment, devices and data. Each employee (or anyone having access to the organization's assets) should be required to sign a copy, preferably in the presence of another employee of the organization, and both parties should keep a copy of the signed document.
Acceptable Use Policy (AUP)
Storing the data when it is temporarily not needed.
Archive
An algorithm that uses one key to encrypt and a different key to decrypt the input plaintext.
Asymmetric Encryption
Which organizational policy is most likely to indicate which types of smartphones can be used to connect to the internal IT environment?
BYOD Policy
A set of security controls or system settings used to ensure uniformity of configuration throughout the IT environment.
Baseline
This is a total inventory of all the system's components, hardware, software, data, administrative controls, documentation and user instructions. Once controls are in place to mitigate risks, this can be referenced. All further comparisons and development are measured against this.
Baselines
An update process for requesting changes to a baseline, by means of making changes to one or more components in that baseline. A review and approval process for all changes. This includes updates and patches.
Change Control
The discipline of transitioning from the current state to a future state. It consists of three major activities: deciding to change, making the change, and confirming that the change has been correctly accomplished.
Change Management Policy
A digit representing the sum of the correct digits in a piece of stored or transmitted digital data, against which later comparisons can be made to detect errors in the data.
Checksums (Hash Digest)
The altered form of a plaintext message so it is unreadable for anyone except the intended recipients. In other words, it has been turned into a secret.
Ciphertext
These are derived from laws, regulations, contract-specified standards or other business expectations. One might indicate "minor, may disrupt some processes" while a more extreme one might be "grave, could lead to loss of life or threaten ongoing existence of the organization." These descriptions should reflect the ways in which the organization has chosen (or been mandated) to characterize and manage risks.
Classification
This identifies the degree of harm to the organization, its stakeholders or others that might result if an information asset is divulged to an unauthorized person, process or organization. In short, this is focused first and foremost on painting the confidentiality of the data, based on the data sensitivity.
Classification
This is the process of recognizing the organizational impacts if the information suffers any security compromises related to its characteristics of confidentiality, integrity and availability.
Classification
A process and discipline used to ensure that the only changes made to a system are those that have been authorized and validated.
Configuration Management
Generate the knowledge, which is usually tacit knowledge at this point.
Create
The person who performs the study of mathematical techniques for attempting to defeat cryptographic techniques and/or information systems security. This includes the process of looking for errors or weaknesses in the implementation of an algorithm or of the algorithm itself.
Cryptanalysts
The study or applications of methods to secure or protect the meaning and content of messages, files, or other information, usually by disguise, obscuration, or other transformations of that content and meaning.
Cryptography
This policy defines whether data is for use within the company, is restricted for use by only certain roles or can be made public to anyone outside the organization. In addition, some data has associated legal usage definitions. The organization's policy should spell out any such restrictions or refer to the legal definitions as required. Proper data classification also helps the organization comply with pertinent laws and regulations.
Data Handling Policy
Which of the following can be used to map data flows through an organization and the relevant security controls used at each point along the way? A) Encryption B) Hashing C) Hard Copy D) Data Life Cycle
Data Life Cycle
System capabilities designed to detect and prevent the unauthorized use and transmission of information.
Data Loss Prevention (DLP)
The revers process form encryption. It is the process of converting a cipher text message back into plaintext through the use of cryptographic algorithm and the appropriate key for decryption (which is the same for symmetric encryption, but different for asymmetric encryption). This term is also used interchangeably with the "deciphering".
Decryption
Process of reducing or eliminating an unwanted magnetic field (or data) stored on tape and disk media
Degaussing
Getting rid of the data when it is no longer needed.
Destroy
The result of a cryptographic transformation of data which, when properly implemented, provides the services of origin authentication, data integrity, and signer non-repudiation. NIST SP 800-12 Rev. 1
Digital Signature
Monitoring of outgoing network traffic.
Egress Monitoring
This is used to regulate data leaving the organization's IT environment. The term currently used in conjunction with this effort is data loss prevention (DLP) or data leak protection. The DLP solution should be deployed so that it can inspect all forms of data leaving the organization, including, Email (content and attachments), Copy to portable media, File Transfer Protocol (FTP), Posting to web pages/websites, Applications/application programming interfaces (APIs)
Egress Monitoring
The process and act of converting the message from its plaintext to cipher text. Sometimes it is also referred to as enciphering. The two terms are sometimes used interchangeably in literature and have similar meanings.
Encryption
The total set of algorithms, processes, hardware, software, and procedures that taken together provide an encryption and decryption capability.
Encryption System
These are any actions that take place within the systems environment and cause measurable or observable change in one or more elements or resources within the system.
Events
The process of applying secure configurations (to reduce the attack surface) and locking down various hardware, communications systems and software, including the operating system, web server, application server and applications, etc.
Hardening
An algorithm that computes a numerical value on a data file or electronic message that is used to represent that file or message and depends on the entire contents of the file or message. It can be considered to be a fingerprint of the file or message. NIST SP 800-152
Hash Function
The process of using a mathematical algorithm against data to produce a numeric value that is representative of that data. CNSSI 4009-2015
Hashing
Monitoring of incoming network traffic.
Ingress Monitoring
This refers to surveillance and assessment of all inbound communications traffic and access attempts. Devices and tools that offer logging and alerting opportunities for this include, Firewalls, Gateways, Remote Authentication Servers, IDS/IPS Tools, SIEM Solutions, Anti-Malware Solutions.
Ingress Monitoring
A catalog or registry of all the information assets that the organization is aware of (whether they already exist, or there's a wish list or need to create or acquire them) is the first step in any asset management process. It requires that we locate and identify all assets of interest, including (and especially) the information assets.
Inventory
A ready visual cue to let anyone in contact with the data know what the classification is.
Label
These are part of implementing controls to protect classified information. It is reasonable to want a simple way of assigning a level of sensitivity to a data asset, such that the higher the level, the greater the presumed harm to the organization, and thus the greater security protection the data asset requires.
Labeling
the primary form of instrumentation that attempts to capture signals generated by events.
Logging
Which of the following is always true about logging? A) Logs should be very detailed B) Logs should be in English C) Logs should be Concise D) Logs should be stored separately form the systems they're logging
Logs should be stored separately form the systems they're logging
A digital signature that uniquely identifies data and has the property such that changing a single bit in the data will cause a completely different message digest to be generated. NISTIR-8011 Vol.3
Message Digest
Sending the key through a different channel (band) than the encrypted message
Out-of-Band Key Distribution
Clearing the device or system, which usually involves writing multiple patterns of random values throughout all storage media (such as main memory, registers and fixed disks).
Overwriting or Zeroizing
A software component that, when installed, directly modifies files or device settings related to a different software component without changing the version number or release details for the related software component. ISO/IEC 19770-2
Patch
The systematic notification, identification, deployment, installation and verification of operation system and application software code revisions. These revisions are known as patches, hot fixes, and service packs. CNSSI 4009
Patch Management
Using a rogue interactive voice response (IVR) system to re-create a legitimate-sounding copy of a bank or other institution's IVR system. The victim is prompted through a phishing email to call in to the "bank" via a provided phone number to verify information such as account numbers, account access codes or a PIN and to confirm answers to security questions, contact information and addresses.
Phone Phishing (Vishing)
The ultimate remedy to data remanence. Magnetic or optical disks and some flash drive technologies may require being mechanically shredded, chopped or broken up, etched in acid or burned; their remains may be buried in protected landfills.
Physical Destruction
A message or data in its natural format and in readable form; extremely vulnerable from a confidentiality perspective.
Plaintext
The human equivalent of phishing, where someone impersonates an authority figure or a trusted individual in an attempt to gain access to your login information. They may claim to be an IT support worker who is supposed to do maintenance or an investigator performing a company audit. Or they might impersonate a coworker, the police, a tax authority or some other seemingly legitimate person. The goal is to gain access to your computer and information.
Pretexting
It is imperative that the organization documents that the personnel understand and acknowledge the organization's policies and procedures for handling of that type of information and are made aware of the legal repercussions of handling such sensitive data. This type of documentation is similar to the AUP but is specific to privacy-related data.
Privacy Policy
What is the most important aspect of security awareness/training?
Protecting health and human safety
A user wishing to use asymmetric encryption would first generate a key pair. To ensure the strength of the key generation process, this is usually done by the cryptographic application without user involvement.
Public Key Infrastructure (PKI)
A request for your password or login credentials in exchange for some compensation, such as a "free gift," a monetary payment or access to an online game or service. If it sounds too good to be true, it probably is.
Quid Pro Quo
The automated and/or manual documenting of evidence of activities performed or results achieved (e.g., forms, reports, test results), which serve as a basis for verifying that the organization and the information system are performing as intended. Also used to refer to units of related data fields (i.e., groups of data fields that can be accessed by a program and that contain the complete set of information on particular items). NIST SP 800-53 Rev. 4
Records
A practice based on the records life cycle, according to which records are stored as long as necessary, and then are destroyed after the appropriate time interval has elapsed.
Records Retention
Residual information remaining on storage media after clearing. NIST SP 800-88 Rev. 1
Remanence
The first stage of change management, wherein a change in procedure or product is sought by a stakeholder.
Request for Change (RFC)
Information and data should be kept only for as long as it is beneficial, no more and no less. For various types of data, certain industry standards, laws and regulations define these periods. When such external requirements are not set, it is an organization's responsibility to define and implement its own policy.
Retention
What are other names of Symmetric Algorithms?
Same key Single key Shared key Secret key Session key
A minimum level of protection that can be used as a reference point. These provide a way to ensure that updates to technology and architectures are subjected to the minimum understood and acceptable level of security requirements.
Security Baseline
The entirety of the policies, roles, and processes the organization uses to make security decisions in an organization.
Security Governance
Who is responsible for publishing and signing the organization's policies?
Senior Mangement
Distributing the data with other users, whether as a copy or by moving the data from one location to another.
Share
Recording data in some fashion (which makes it explicit)
Store
This involves the simple process of substituting letters for other letters, or more appropriately, substituting bits for other bits, based upon a cryptovariable. These ciphers involve replacing each letter of the plaintext with another that may be further down the alphabet.
Substitution Cipher
A mode of encryption for ensuring confidentiality efficiently, with a minimum amount of processing overhead
Symmetric
These uses the same key in both the encryption and the decryption processes. It could be said that the decryption process is just a mirror image of the encryption process.
Symmetric Algorithm
An algorithm that uses the same key in both the encryption and the decryption process.
Symmetric Encryption
Substitution cipher is an example of what type of encryption?
Symmetric Encryption
Which entity is most likely to be tasked with monitoring and enforcing security policy?
The Security Office
Using the knowledge, which may cause the information to be modified, supplemented or partially deleted.
Use
A regression and validation process, which may involve testing and analysis, to verify that nothing in the system was broken by a newly applied set of changes. An audit process can validate that the currently in-use baseline matches the sum total of its initial baseline plus all approved changes applied in sequence.
Verification and Audit
Why is an asset inventory so important?
You can't protect what you don't know you have.
