CISSP ch2 keep it UP queeeen
Memory
0's (off) and 1's (on); switches representing bits
Classification
A system, and the security measures to protect it, meet the security requirements set by the data owner or by regulations/laws
What would be a COMMON attack on our data at rest? Choose only ONE best answer. A Cryptanalysis. B Shoulder surfing. C Eavesdropping. D All of these.
Cryptanalysis Data at Rest (Stored Data): This is data on Disks, Tapes, CDs/DVDs, USB Sticks. We use disk encryption (full/partial), USB encryption, tape encryption (avoid CDs/DVDs). Encryption can be Hardware or Software Encryption
Tailoring
Customizing a standard to your organization. • This could be we will apply this standard, but we use a stronger encryption (AES 256bit)
Data Remanence
Data left over after normal removal and deletion of data
Scoping
Determining which portion of a standard we will deploy in our organization. • We take the portions of the standard that we want or that apply to our industry and determine what is in scope and what is out of scope for us.
Formatting
Does the same but it also puts a new file structure over the old one. Still recoverable in most cases
DRAM
Dynamic RAM Slower and cheaper. Uses small capacitors. • Must be refreshed to keep data integrity (100- 1000ms). • This can be embedded on graphics cards
When assigning sensitivity to our data, which of these should NOT be a factor? Choose only ONE best answer. A Who will have access to the data. B What the data is worth. C How bad a data exposure would be. D How the data will be used.
How the data will be used. Who will access it, the value of the data and how impactful a disclosure would be should all factor into our sensitivity labels, how we use the data should not.
We need to get rid of some old hard drives, and we need to ensure proper data disposal and no data remanence. Which of these options has NO known tools that can restore the data, once that specific disposal process has been used? Choose only ONE best answer. A Deleting files. B Formatting the hard drive. C Overwriting. D Installing a new OS over the old one.
Overwriting. We can still recover files from deleted, formatted or reinstalled drives. Overwriting is done by writing 0's or random characters over the data. As far as we know there is no tool available that can recover even single pass overwriting (not possible on damaged media)
Which type ROM can only be programmed once? Choose only ONE best answer. A EPROM. B EEPROM. C PROM. D APROM.
PROM PROM (Programmable Read Only Memory) - Can only be written once, normally at the factory.
We are wanting to erase EPROM memory to update to the latest firmware. How would we do that? Choose only ONE best answer. A It can't be erased once it has been written. B We can use programs to erase the content. C Shine an UV light on the chip. D Taking the chip out of the motherboard and degauss it.
Shine an UV light on the chip EPROM (Erasable Programmable Read Only Memory) - Can be erased (flashed) and written many times, by shining an ultraviolet light (flash) on a small window on the chip (normally covered by foil).
Shredders
Shred metal
SDRAM
Synchronous DRAM • What we normally put in the motherboard slots for the memory sticks. • DDR (Double Data Rate) 1, 2, 3, 4 SDRAM
Which of these would be something we should encrypt if we are dealing with sensitive data? Choose only ONE best answer. A Hard disks. B Backup tapes. C Data sent over the network. D All of these.
All of these. When dealing with sensitive data we want to encrypt as much as possible while still keeping data availability acceptable.
s part of our backup solution we use our retention policy to decide how long we should keep our backups. What should we base that decision on? Choose only ONE best answer. A Forever, we can never get rid of backup data. B 1 month, as long as we have a full backup of everything. C As long as it is useful or required, whichever is longer. D All data is required to be kept 1 year.
As long as it is useful or required, whichever is longer Data Retention: Data should not be kept beyond the period of usefulness or beyond the legal requirements (whichever is greater)
Which of these could be some of the ways we can protect our data, when an employee is actively using it? Choose only ONE best answer. A Encryption, clean desk policies, view angle screen. B Clean desk policies, view angle screens, computer locking when not in use. C Need to know policy. D Clean desk policies, print policies, job rotation, mandatory vacations, view angle screens.
Clean desk policies, view angle screens, computer locking when not in use Not job rotation or mandatory vacations since the employee would then not be actively using data on vaca Data in Use: (We are actively using the files/data, it can't be encrypted). Use good practices: Clean Desk policy, Print Policy, Allow no 'Shoulder Surfing', maybe the use of view angle privacy screen for monitors, locking computer screen when leaving workstation
Subjects have (labels or clearance)
Clearance
In the US government data classification scheme, data that, if disclosed, could cause damage to national security is classified as? Choose only ONE best answer. A Unclassified. B Confidential. C Secret. D Top Secret.
Confidential Confidential information is information that, if compromised, could cause damage to national security
Protect data from
DAD Disclosure, Alteration, and Destruction
We have many different types of memory. Which type is volatile? Choose only ONE best answer. A DRAM. B PROM. C Flash Memory. D EEPROM.
DRAM RAM (Random Access Memory) is volatile memory. It loses the memory content after a power loss or within a few minutes. ROM (Read Only Memory) is nonvolatile it retains memory after power loss
RAM (Random Access Memory)
volatile memory. It loses the memory content after a power loss(or within a few minutes). This can be memory sticks or embedded memory
Data controllers and data processors role to keep data safe
• Controllers create and manage sensitive data in the organization (HR/Payroll) • Processors manage the data for controllers (Outsourced payroll)
Business Classification
Highly Sensitive Sensitive Internal Public
In designing our data retention policy, which of these should NOT be a consideration? Choose only ONE best answer. A Which data do we keep? B How long do we keep the data? C Where do we keep the backup data? D How to safely destroy the data after the retention has expired?
How to safely destroy the data after the retention has expired? A data destruction policy would address how we deal with data no longer needed, the retention policy would only deal with what, how long, where and similar topics
As part of our hardware disposal and no data remanence policy, we are getting rid of a pile of hard drives. What would we use on the damaged SSD drives to ensure there is NO data remanence? Choose only ONE best answer. A Degauss. B Overwrite. C Incinerate. D Format.
Incinerate. We can't degaussing SSDs, formatting does nothing, we can't overwrite since it is damaged, only option of the 4 is to incinerate the drive.
Cache Memory
L1 cache is on the CPU (fastest), L2 cache is connected to the CPU, but is outside it
Objects have (labels or clearance)
Labels
System owner role to keep data safe
Management level and the owner of the systems that house the data. • Often a data center manager or an infrastructure manager
Data/information owner to keep data safe
Management level, they assign sensitivity labels and backup frequency. • This could be you or a data owner from HR, payroll or other department
We have many policies we need to adhere to in our organization. Which of these would be part of our clean desk policy? Choose only ONE best answer. A Minimal use of paper copies and only used while at the desk and in use. B Cleaning your desk of all the clutter. C Shred all paper copies everything. D Picking up anything you print as soon as you print it.
Minimal use of paper copies and only used while at the desk and in use As part of a clean desk policy we should only use paper copies of sensitive data when strictly needed.
ROM (Read Only Memory)
Nonvolatile (retains memory after power loss); most common use is the BIOS Nonvolatile
Data handling
Only trusted individuals should handle our data; we should also have policies on how, where, when, why the data was handled. Logs should be in place to show these metrics
What would be the role of the Data custodian? Choose only ONE best answer. A Make the policies, procedures and standards that govern our data security. B Perform the backups and restores. C Be trained in the policies, procedures and standards. D Assign the sensitivity labels and backup frequency of the data.
Perform the backups and restores Data Custodian: These are the technical hands-on employees who do the backups, restores, patches, system configuration. They follow the directions of the Data Owner
Which of these would be something we do during the e-discovery process? Choose only ONE best answer. A Discover all the electronic files we have in our organization. B Produce electronic information to internal or external attorneys or legal teams. C Make sure we keep data long enough in our retention policies for us to fulfil the legal requirements for our state and sector. D Delete data that has been requested if the retention period has expired.
Produce electronic information to internal or external attorneys or legal teams e-Discovery or Discovery of electronically stored information (ESI) is the process of producing all relevant documentation and data to a court or external attorneys in a legal proceeding.
PLD
Programmable logic devices - programmable after they leave the factory (EPROM, EEPROM and flash memory). Not PROM Nonvolatile
PROM
Programmable read only memory - Can only be written once, normally at the factory Nonvolatile Go to your prom once
An attacker has stolen one of our backup tapes. What could prevent the data on the tape from being accessible? Choose only ONE best answer. A Proper data handling. B Proper data storage. C Proper data retention. D Proper data encryption.
Proper data encryption Proper encryption can prevent data compromise even if the physical tape is lost. This obviously requires that the encryption is strong enough
We have added logs to our backup servers to see which of our employees is accessing which data. What is this an example of? Choose only ONE best answer. A Proper data handling. B Proper data storage. C Proper data retention. D Proper data encryption.
Proper data handling. Data Handling: Only trusted individuals should handle our data; we should also have policies on how, where, when, why the data was handled. Logs should be in place to show these metrics.
ROM
ROM - read only memory, nonvolative PROM (Programmable read only memory) - Can only be written once, normally at the factory EPROM (Erasable programmable read only memory) - Can be erased (flashed) and written many times, by shining an ultraviolet light (flash) on a small window on the chip (normally covered by foil) EEPROM (Electrically erasable programmable read only memory) - These are electrically erasable; you can use a flashing program. This is still called read only. • The ability to write to the BIOS makes it vulnerable to attackers PLD (Programmable logic devices) - programmable after they leave the factory (EPROM, EEPROM and flash memory). Not PROM Nonvolatile
Mission/business owner to keep data safe
Senior executives make the policies that govern our data security
Which of these would be something we would consider for proper data disposal of SSD drives? Choose only ONE best answer. A Degaussing. B Formatting. C Deleting all files. D Shredding.
Shredding SSD drives can't be degaussed and formatting or deleting the files only removes the file structure, most if not all files are recoverable. We would need to shred the SSD drives
Which of these types of data destruction would we use to ensure there is no data remanence on our PROM, flash memory, and SSD drives? Choose only ONE best answer. A Degaussing. B Overwriting. C Shredding. D Formatting.
Shredding We can't overwrite, format or degauss PROM. The only way to ensure destruction is shredding
Flash memory
Small portable drives (USB sticks are an example); they are a type of EEPROM
SRAM
Static RAM: Fast and expensive. Uses latches to store bits (Flip-Flops). • Does not need refreshing to keep data, keeps data until power is lost. This can be embedded on the CPU
Which of these is a COMMON attack against data at rest? Choose only ONE best answer. A Stealing unencrypted laptops. B MITM. C Screen scrapers. D Keyloggers.
Stealing unencrypted laptops If we do not encrypt our laptops which uses the data from our database, it is a very good attack vector for someone wanting to steal our data.
Data at Rest
Stored Data - on disks, tapes, CDs, USBs We use disk encryption (full/partial), USB encryption, tape encryption (avoid CDs/DVDs). • Encryption can be hardware or software encryption
Data in Motion
Data being transferred on a network • We encrypt our network traffic, end to end encryption, this is both on internal and external networks
For which type of data would we want to use end-to-end encryption? Choose only ONE best answer. A Data at rest. B Data in use. C Data in motion. D All of these.
Data in motion. Data in Motion (Data being transferred on a Network). We encrypt our network traffic, end to end encryption, this is both on internal and external networks.
When we talk about data, we look at the 3 states it can be in. In which of those states, are we unable to protect the data by using encryption? Choose only ONE best answer. A Data at rest. B Data in motion. C Data in use. D Data on backup tapes.
Data in use Data in Use: (We are actively using the files/data, it can't be encrypted). Use good practices: Clean Desk policy, Print Policy, Allow no 'Shoulder Surfing', maybe the use of view angle privacy screen for monitors, locking computer screen when leaving workstation
What are we trying to get rid of with when we do our data disposal? Choose only ONE best answer. A Data remanence. B How long we keep the data. C The data content. D The data in use.
Data remanence When we dispose of our data media we are making sure there is no data remanence on our hard disks, tapes, etc
Digital disposal
Deleting - File just removes it from the table; everything is still recoverable Formatting - Does the same but it also puts a new file structure over the old one. Still recoverable in most cases Overwriting - Writing 0's or random characters over the data. • As far as we know there is no tool available that can recover even single pass overwriting (not possible on damaged media)
Degaussing
Destroys magnetic media by exposing it to a very strong magnetic field. This will also most likely destroy the media integrity Not for SSD or USBs, used for CDs, HDD
Which of these could be a COMMON attack on our data in motion? Choose only ONE best answer. A Cryptanalysis. B Shoulder surfing. C Eavesdropping. D All of these.
Eavesdropping Data in Motion (Data being transferred on a Network). We encrypt our network traffic, end to end encryption, this is both on internal and external networks
EEPROM
Electrically erasable programmable read only memory - These are electrically erasable; you can use a flashing program. This is still called read only. • The ability to write to the BIOS makes it vulnerable to attackers PLD Nonvolatile USBs Flash memory
What could be one of the ways we could protect our data-at-rest? Choose only ONE best answer. A Clean desk policy. B Privacy screens for monitors. C Encryption. D DAC.
Encryption. Data at Rest (Stored Data): This is data on Disks, Tapes, CDs/DVDs, USB Sticks. We use disk encryption (full/partial), USB encryption, tape encryption (avoid CDs/DVDs). Encryption can be Hardware or Software Encryption.
Melt
Ensure full data destruction
EPROM
Erasable programmable read only memory - Can be erased (flashed) and written many times, by shining an ultraviolet light (flash) on a small window on the chip (normally covered by foil) Floppy D PLD Nonvolatile
Deleting
File just removes it from the table; everything is still recoverable
Data custodian role to keep data safe
These are the technical hands-on employees who do the backups, restores, patches, system configuration. They follow the directions of the data owner
Users role to keep data safe
These are the users of the data. User awareness must be trained; they need to know what is acceptable and what is not acceptable, and the consequences for not following the policies, procedures and standards
Firmware
This is the BIOS on a computer, router or switch; the low-level operating system and configuration. • The firmware is stored on an embedded device. • PROM, EPROM, EEPROM are common firmware chips
We have chosen to use multiple types of data destruction on our sensitive data. Why would we do that? Choose only ONE best answer. A Because it is easier than just a single type of data destruction. B To ensure there is no data remanence. C To ensure data is still accessible after the destruction. D To make sure we have the old drives available.
To ensure there is no data remanence It is common to do multiple types of data destruction on sensitive data (both degaussing and disk crushing/shredding). While it may not be necessary, it is a lot cheaper than a potential $1,000,000 fine or loss of proprietary technology or state secrets
We are implementing some new standards and framework in our organization. We chose to use scoping on one of the standards we are implementing. What does scoping mean? Choose only ONE best answer. A To implement the full standard or framework, but implement higher standards in some areas. B To pick and chose which parts of the standard or framework we want to implement. C To find out how much the implementation will cost us. D To see if the standard is a good fit for our organization.
To pick and chose which parts of the standard or framework we want to implement
Military Classification
Top Secret Secret Confidential Unclassified
Looking at the data classifications classes of the US government: data that, if disclosed, won't cause any harm to national security, would be classified as? Choose only ONE best answer. A Unclassified. B Unregulated. C Secret. D Common knowledge.
Unclassified
Data in Use
We are actively using the files/data, it can't be encrypted • Use good practices: Clean desk policy, print policy, allow no 'shoulder surfing', may be the use of view angle privacy screen for monitors, locking computer screen when leaving workstation
Data storage
Where do we keep our sensitive data? It should be kept in a secure, climate-controlled facility, preferably geographically distant or at least far enough away that potential incidents will not affect that facility too Need to be with access logs and access restrictions (often unencrypted)
Overwriting
Writing 0's or random characters over the data. • As far as we know there is no tool available that can recover even single pass overwriting (not possible on damaged media)
SSD drives
a combination of EEPROM and DRAM, can't be degaussed
Accreditation
The data owner accepts the certification and the residual risk. This is required before the system can be put into production