AIT Quiz 2
A security role is
the part an individual plays in the overall scheme of security implementation and administration within an organization
Security governance is the set of practices related to
to supporting, defining, and directing the security efforts of an organization * related to corporate and IT governance
How to handle risk? Once the risk analysis is complete, management must address each specific risk in of the these four possible ways
-Reduce/mitigate Implementing of safeguards -Assign or transfer Outsourcing, purchasing insurance -Accept Written/signed decision from senior management - Reject Ignoring risk is unethical and invalidates due care
Database transactions must have four characteristics
1. Atomicity 2. Consistency 3. Isolation 4. Durability (Acid Model)
Understanding the terms of cost benefit analysis
1. Calculate Annual Cost of Safeguard (ACS) Numerous factors are involved in calculating the value of a safeguard Cost of purchase, cost of maintenance, etc. 2. Calculate post safeguard ALE The value of ARO and ALE changes when a safeguard is applied 3. Cost/benefit equation (ALE before safeguard - ALE after safeguard) - ACS If the result is negative, the safeguard is not a financially viable choice If the result is positive, then that value is the annual savings the organization can gain by deploying the safeguard 4. Select a countermeasure Not just about cost and benefits Issues of legal responsibility and prudent due care must be considered
What are the two types of NATS?
1. Dynamic 2. Static
Steps of Quantitative risk analysis?
1. Inventory assets, and assign value (AV) 2. For each asset, list all possible threats For each asset and threat pair, calculate EF and SLE 3. Perform a threat analysis to calculate the likelihood of each threat being realized within a single year (ARO) 4. Derive the overall loss potential per threat by calculating the annualized loss expectancy (ALE) 5. Inventory countermeasures for each threat For each countermeasure, calculate the changes to ARO and ALE based on applying that countermeasure 6. Perform cost/benefit analysis, and select the most appropriate response to each threat for each asset
What is an inference attack?
An inference attack is an attack that combines several pieces of non-sensitive information to gain access to information that should be classified at a higher level of sensitivity.
What is a Strategic Plan?
A strategic plan is a long-term plan that is fairly stable It defines the organization's mission, long-term goals, and vision for the future It is useful for about five years if it is maintained and updated annually
What is a Tactical Plan?
A tactical plan is a midterm plan providing more details on accomplishing the goals set forth in the strategic plan A tactical plan is typically useful for about a year Examples: acquisition plans, and hiring plans
What is a VPN?
A virtual private network (VPN) is a communication tunnel that provides point-to-point transmission of both authentication information and data traffic over an intermediary untrusted network
Within a security policy, several issues must be addressed
Acceptable use policies for email Define what activities can and cannot be performed over an organization's email infrastructure Access control & Privacy Users should have access only to their inbox, and no other user can gain access to an individual's email Email management The mechanisms and processes used to implement, maintain, and administer email Email backup and retention policies Define how and for how long email messages are retained
What are agents?
Agents (aka bots) are intelligent code objects performing actions on behalf of a user Agents typically take initial instructions from the user and then carry on their activity in an unattended manner For instance, a web bot crawls websites to retrieve data on behalf of the user
What is atomicity of the ACID model?
All or none of the instructions in a transaction must be executed If any part of the transaction fails, the entire transaction must be rolled back as if it never occurred
Once the employee has been informed of their release, they should be escorted off the premises and not allowed to return to their work area without an escort
All organization-specific identification, access, or security badges as well as cards, keys, and access tokens should be collected An employee's system access should be disabled or removed
What is consistency of the ACID model?
All transactions must begin operating in an environment that is consistent with all of the database's rules For example, all records have a unique primary key When the transaction is complete, the database must again be consistent with the rules, regardless of whether those rules were violated during the processing of the transaction itself No other transaction should ever be able to utilize any inconsistent data that might be generated during the execution of another transaction
What are the security roles and responsibilities of a Auditor?
An auditor is responsible for testing and verifying that the security policy is properly implemented and the security solutions are adequate The auditor produces compliance and effectiveness reports that are reviewed by the senior manager
What is Operational Plan?
An operational plan is a short-term, highly detailed plan based on the strategic and tactical plans It is valid or useful only for a short time and must be updated often to retain compliance with tactical plans Examples: resource allotments, staffing assignments, and scheduling
Which of the following protocols are used by email clients to retrieve email messages from an email server? Check all that apply. a) Post Office Protocol version 3 (POP3) b) Simple Mail Transfer Protocol (SMTP) c) Internet Message Access Protocol (IMAP)
Answer A and C
Which of the following statements about Network Address Translation (NAT) are correct? Check all that apply a) NAT is a mechanism for converting internal IP addresses in a private network into public IP addresses for transmission over the Internet b) When a packet is received from a client, NAT changes the source address to the NAT's address c) Dynamic NAT permanently assigns a specific external IP address to an internal host d) Stateful NAT operates by maintaining a mapping between requests made by internal clients, a client's internal IP address, and the IP address of the Internet service contacted
Answer A, B , D
Which one of the following types of documents provides a step-by-step description of the actions necessary to implement specific security solutions? a) Security policy b) Standards c) Baselines d) Guidelines e) Procedures
Answer: E
What are applets?
Applets are code objects sent from a server to a client to perform some action Self-contained programs that execute independently of the server Security concern: remote system sending code to the local system for execution Two common types Java applets - Platform-independent The sandbox mechanism isolates Java code objects from the rest of the operating system by enforcing strict rules about the resources those objects can access ActiveX controls - Microsoft No sandbox mechanism: administrators must limit sites these controls can be used with
What is Security Awareness Training
Awareness Establishes a common baseline or foundation of security understanding across the entire organization Applies to all organizational personnel Training Teaches employees to perform their work tasks and to comply with the security policy, standards, guidelines, and procedures Education General, broad security information Employees learn more than they actually need to know to perform their work tasks Awareness and training are often provided in-house
What is the difference between Circuit & Packet switching?
Circuit Switching: - Constant Traffic - Fixed known delays - Connection Orientated - Used primarily for voice - Sensitive to connection loss Packet Switching: - Bursty traffic - Variable delays - Connectionless - Sensitive to data loss - Used for any type of traffic
The email infrastructure employed on the Internet also includes email clients
Clients retrieve email from their server-based inboxes using Post Office Protocol version 3 (POP3) Internet Message Access Protocol (IMAP)
What are the different security modes in security control architecture?
Compartmented security mode Systems may process two or more types of compartmented information Dedicated security mode Systems are authorized to process only a specific classification level at a time Multilevel security mode Systems are authorized to process information at more than one security level even when not all users have clearance for all information processed by the system System-high security mode System are authorized to process only information that all users are cleared for
Once data is transferred over a network connection, the process of securing it becomes much more difficult
Data becomes vulnerable to a number of threats to its CIA properties
What is Durability of the ACID model?
Database transactions must be durable Once they are committed to the database, they must be preserved Databases ensure durability through the use of backup mechanisms, such as transaction logs
Packet Switching Characteristics?
Each segment of data has its own header that contains source and destination information The header is read by each intermediary system and is used to route each packet to its intended destination Each packet takes the best path currently available across the network Each channel or communication path is reserved for use only while a packet is actually being transmitted over it As soon as the packet is sent, the channel is made available for other communications
What is white box testing?
Examines the internal logical structures of a program and steps through the code line by line, analyzing the program for potential errors
What is black box testing?
Examines the program from a user perspective by providing a wide variety of input scenarios and inspecting the output Black-box testers do not have access to the internal code
What are the different cost functions?
Exposure Factor (EF) or loss potential The percentage of loss that an organization would experience if a specific asset were violated by a realized risk In most cases, a realized risk does not result in the total loss of an asset Single Loss Expectancy (SLE) The cost associated with a single realized risk against a specific asset SLE = Asset Value * EF Example: if AV = $200,000 and EF = 45%, then SLE = $90,000 Annualized Rate of Occurrence (ARO) The expected frequency with which a specific threat or risk will occur Annualized Loss Expectancy (ALE) The possible yearly cost of all instances of a specific realized threat against a specific asset ALE = SLE * ARO
Security is a continuous process
For a security plan to be effective, it must be continuously maintained
What is Dynamic NAT?
Grants multiple internal clients access to a few leased public IP addresses A large internal network can still access the Internet without having to lease a large block of public IP addresses In a dynamic mode NAT implementation, the NAT system maintains a database of mappings so that all response traffic from Internet services is properly routed to the original internal requesting client Not always compatible with VPN protocols, like IPSec
What is gray box testing?
Gray-box testing combines the two approaches Testers approach the software from a user perspective They have access to the source code and use it to help design their tests They do not analyze the inner workings of the program
NAT is used for
Hiding the identity of internal clients Masking the design of a private network Keeping public IP address leasing costs to a minimum NAT offers the capability to connect an entire network to the Internet using only a single (or just a few) leased public IP addresses
What is Circuit Switching?
In circuit switching, a dedicated physical pathway is created between the two communicating parties
Email is one of the most widely and commonly used
Internet Services
System components will eventually fail when used in unexpected ways What are 3 ways to avoid system failures?
Limit checks Techniques for managing data types, data formats, and data length when accepting input from a user or another application Ensure that data does not fall outside the range of allowable values Fail-Secure Puts the system into a high level of security (and possibly even disables it entirely) until an administrator can diagnose the problem and restore the system to normal operation Fail-Open Allows users to bypass failed security controls, erring on the side of permissiveness
In addition to employment agreements, there may be other security-related documentation that must be addressed (Employee agreements when hired)
Nondisclosure Agreement (NDA) Used to protect confidential information within an organization from being disclosed by a former employee Violations of an NDA are often met with strict penalties Noncompete Agreement (NCA) Attempts to prevent an employee with special knowledge of secrets from one organization from working in a competing organization in order to prevent the second organization from benefiting from the worker's special knowledge
A plan providing a detailed definition of an organization's short-term objectives is called ...
Operational Plan
What is Packet Switching?
Packet switching occurs when the message or communication is broken up into small segments and sent across the intermediary networks to the destination
What is Static NAT?
Permanently assigns a specific external IP address to an internal host Enables external entities to initiate the communication with systems inside the private network, even if it is using RFC 1918 IP addresses
At the hardware and operating system levels, controls should ensure enforcement of basic security principles
Process isolation mechanisms ensure that each process has its own isolated memory space for storage of data and execution of application code Hardware segmentation is a technique that implements process isolation at the hardware level by enforcing memory access constraints Abstraction hides details not necessary to perform certain activities For example, a system developer might need to know that a procedure, when invoked, writes information to disk, but it's not necessary for him to understand the exact format used to store and retrieve data Protection rings provide for several modes of system operation, thereby facilitating secure operation by restricting processes to running in the appropriate security ring
The change control process has three basic components
Request control A framework within which users can request modifications, managers can conduct cost/benefit analysis, and developers can prioritize tasks Change control Used by developers to recreate the situation encountered by the user and analyze the appropriate changes to remedy the situation, and to create and test solutions prior to rolling them out into a production environment Release control Includes acceptance testing to ensure that any alterations to end user work tasks are understood and functional
What is isolation of the ACID model?
Requires that transactions operate separately from each other If a database receives two SQL transactions that modify the same data, one transaction must be completed in its entirety before the other transaction is allowed to modify the same data This prevents one transaction from working with invalid data generated as an intermediate step by another transaction
The possibility that something could happen to damage, destroy, or disclose data or other resource is known as
Risk
A fundamental part of risk management is
Risk Analysis
An open relay is an
STMP server that does not authenticate senders before accepting and relaying mail Open relays are prime targets for spammers
What is the waterfall model?
Seeks to view the systems development life cycle as a series of iterative activities
Roles and Responsibilities for Security Management Planning?
Senior management is responsible for initiating and defining policies Policies provide direction for the lower levels of the organization's hierarchy Middle management is responsible for fleshing out the security policy into standards, baselines, guidelines, and procedures Operational managers or security professionals must then implement the configurations prescribed in the security management documentation Finally, the end users must comply with all the security policies
The email infrastructure employed on the Internet primarily consists of email servers using
Simple Mail Transfer Protocol (SMTP) to accept messages from clients, transport those messages to other servers, and deposit messages into a user's server-based inbox
What are the security roles and responsibilities of a Data Custodian?
The data custodian is the user who is responsible for implementing the prescribed protection defined by the security policy and senior management The data custodian performs all activities necessary to provide adequate protection for the confidentiality, integrity, and availability of data and to fulfill the requirements and responsibilities delegated from upper management
What are the security roles and responsibilities of a Data Owner
The person who is responsible for classifying information
What is Residual risk?
The risk that remains once countermeasures are implemented Controls gap = Total risk - Residual risk
What is the second step of risk analysis?
The second step consists in considering all possible threats Threats to IT are not limited to IT sources
What are the security roles and responsibilities of a Security Professional/ Information Security Officer?
The security professional is a trained and experienced network, systems, and security engineer who is responsible for following the directives mandated by senior management
What are the security roles and responsibilities of a Senior Manager?
The senior manager is the person who is ultimately responsible for the security maintained by an organization The senior manager must sign off on all policy issues, and will be held liable for the overall success or failure of a security solution
What are the security roles and responsibilities of a User, or end user, or operator
The user is any person who has access to the secured system
Risk analysis
Understand risk to allow senior management to make good security decisions about which risks should be mitigated which risks should be transferred which risks should be accepted
Security management is a responsibility of
Upper Management
A software testing methodology where testers examine the internal logical structure of a program, looking for potential errors, is called..
WHITE-BOX TESTING
software development life cycle (SDLC) models
Waterfall model Spiral model Agile Software Development Software Capability Maturity Model (SCMM) IDEAL Model
Once software has been released, users will inevitably request
addition of new features, correction of bugs, and other changes Organizations must have procedures to systematically manage changes
Personally identifiable information (PII) is
any data item that can be easily traced back to an individual Social security numbers Medical information Tax information
A VPN link can be established over
any type of network communication connection
Views are stored in the database as SQL commands rather than
as data tables This dramatically reduces the space requirements of the database On the other hand, retrieving data from a complex view can take significantly longer than retrieving it from a table
What is the first step of risk analysis?
asset valuation The goal is to assign each asset a specific dollar value that encompasses tangible as well as intangible costs
The process of quantitative risk analysis starts with
asset valuation and threat identification Next, the potential and frequency of each risk is estimated This information is then used to calculate various cost functions that are used to evaluate safeguards
VPNs do not provide
availability
Spamming is often possible because hackers are able to locate and take advantage of which of the following? a) E-mail clients b) Open relay agents c) Internet Protocol routing tables
b) Open relay agents
Which of the following mechanisms can reduce the risk of collusion? Check all that apply. a) Background checks b) Separation of duties c) Job rotation d) Nondisclosure agreements
b) Separation of duties c) Job rotation
SMTP is designed to be a
be a mail relay system This means it relays mail from sender to intended recipient However, one wants to avoid turning an SMTP server into an open relay (also known as open relay agent or relay agent)
Which one of the following statements is true? a) Qualitative analysis requires specific dollar valuations of assets b) Quantitative analysis requires subjective inputs from analysts c) A purely quantitative risk analysis is usually not sufficient since there are aspects that cannot be quantified
c) A purely quantitative risk analysis is usually not sufficient since there are aspects that cannot be quantified
What can a VPN do?
can link two networks or two individual systems
VPNs can provide
confidentiality and integrity over insecure or untrusted intermediary networks
NAT is a mechanism for
converting the internal IP addresses found in a private network into public IP addresses for transmission over the Internet
After completing risk analysis, different decisions can be made depending on the results of analysis. Which one of the following options would be considered an irresponsible choice? a) Mitigating a risk b) Transferring a risk c) Accepting a risk d) Ignoring a risk
d) Ignoring a risk
Database transactions must be durable. This means that... a) Transactions are executed separately from each other b) All or none of the instructions in a transaction must be executed c) When the transaction is complete, the database must again be consistent with the rules, as it was before the transaction was executed d) Once transactions have been committed to the database, their effects must be preserved
d) Once transactions have been committed to the database, their effects must be preserved
Mixing data with different classification levels and/or need-to-know requirements is known as
database contamination Often, administrators deploy a trusted front end to add multi-level security to a legacy or insecure DBMS
Layering, also known as
defense in depth, is simply the use of multiple controls in a series
Elements of security management planning include
defining security roles prescribing who will be responsible for security, and how security will be tested for effectiveness developing security policies performing risk analysis
Multilevel security databases contain information at a number of
different classification levels The DBMS must verify the labels assigned to users and, in response to user requests, provide only information that is appropriate
When employees are hired, they should sign an
employment agreement outlining Details of the job description, and the length of time the position is to be filled The rules and restrictions of the organization The security policy, violations, and consequences
Most VPNs use
encryption to protect the encapsulated traffic, but encryption is not necessary for the connection to be considered a VPN
Many organizations use data classification to
enforce access controls based on the security labels assigned to objects and users When mandated by an organization's security policy, data classification must be extended to the organization's databases
Relational databases support the explicit and implicit use of transactions to
ensure data integrity
Rotating personnel reduces the risk of
fraud and misuse of information The longer employees work in a specific position, the more likely they are to be assigned additional work tasks and expand their privileges They may then abuse their privileges for personal gain Job rotation provides a form of peer auditing and protects against collusion If abuse is committed by one employee, it will be easier to detect by another employee who knows the job position and work responsibilities
Quantitative risk analysis creates a report that
has dollar figures for levels of risk, potential loss, cost of countermeasures, and value of safeguards This report is usually fairly easy to understand
Risk management is the process of
identifying factors that could damage or disclose data evaluating those factors in light of data value and countermeasure cost implementing cost-effective solutions for reducing risk to an acceptable level
Over a VPN link, clients can perform the same activities and access the same resources they could if
if they were directly connected via a LAN cable
Job rotation provides
knowledge redundancy Multiple employees are each capable of performing the work tasks required by several job positions The organization is less likely to experience serious downtime or loss in productivity if an incident keeps one or more employees out of work for a long time
A termination policy is essential to
maintaining a secure environment even in the face of a disgruntled employee who must be removed from the organization
Terminations should take place with at least
one witness When possible, an exit interview should be performed The primary purpose is to review the liabilities and restrictions placed on the former employee based on employment agreement, nondisclosure agreement, etc.
Views are simply SQL statements that
present data to the user as if they were tables themselves collate data from multiple tables, aggregate individual records, and restrict a user's access to a limited subset of database attributes and/or records
NAT was developed to allow
private networks to use any IP address set without causing conflicts with public Internet hosts with the same IP addresses
Security management planning ensures
proper creation, implementation, and enforcement of a security policy
NAT operates by maintaining a mapping between
requests made by internal clients, a client's internal IP address, and the IP address of the Internet service contacted
The modern waterfall model does allow development to
return to the previous phase to correct defects discovered during the subsequent phase This is known as the feedback loop characteristic of the waterfall model The limitation is that the model can step back only one phase in the development process
IPSec provides for
secured authentication as well as encrypted data transmission
All secure systems implement some sort of
security control architecture
The traditional waterfall model has
seven stages of development As each stage is completed, the project moves into the next phase
Together, change control and configuration management techniques form an important part of
software engineering They protect the organization from development related security issues
Many Internet-compatible email systems rely upon
the X.400 standard for addressing and message handling
NAT maintains information about
the communication sessions between clients and external systems