CompTIA Security+ SY0-701: 1.0 General Security Concepts

Zero Trust Model

1■ A security model that assumes the worst case scenario and protects resources with that expectation 2■ Operates on the principle that no one should be trusted by default

Risk Management

1■ A strategy to offset business risks 2■ A process of finding different ways to minimize the likelihood of an outcome and achieve the desired outcome

Control Plane typically encompasses 4 key elements

1■ Adaptive Identity 2■ Threat Scope Reduction 3■ Policy-Driven Access Control 4■ Secured Zones

Triple A's of Security

1■ Authentication 2■ Authorization 3■ Accounting

CIA Triad

1■ Confidentiality - keeping information private. 2■ Integrity - ensuring information is accurate and unaltered. 3■ Availability - making sure information is accessible when needed.

Steps for conducting a Gap Analysis

1■ Define the scope of the analysis 2■ Gather data on the current state of the organization 3■ Analyze the data to identify any areas where the organization's current performance falls short of its desired performance 4■ Develop a plan to bridge the gap

5 basic methods used to ensure Confidentiality

1■ Encryption 2■ Access Controls (strong user permissions) 3■ Data Masking 4■ Physical Security Measures 5■ Training and Awareness

What is Non-Repudiation?

1■ Focused on providing undeniable proof in the world of digital transactions 2■ Security measure that ensures individuals or entities involved in a communication or transaction cannot deny their participation or the authenticity of their actions

5 basic methods used to maintain Integrity

1■ Hashing 2■ Digital Signatures 3■ Checksums 4■ Access Controls (only authorized individuals can modify data) 5■ Regular Audits

What does Integrity do?

1■ Helps ensure that information and data remain accurate and unchanged from its original state unless intentionally modified by an authorized individual 2■ Verifies the accuracy and trustworthiness of data over the entire lifecycle

4 Security Control Categories

1■ Managerial 2■ Operational 3■ Technical 4■ Physical

Threats may come from the following 4 factors

1■ Natural Disasters 2■ Cyber-Attacks 3■ Data Integrity Breaches 4■ Disclosure of Confidential Information (CI)

6 Security Control Types

1■ Preventative 2■ Deterrent 3■ Detective 4■ Corrective 5■ Compensating 6■ Directive

What are the 4 types of redundancy you need to consider when designing your systems and networks?

1■ Server Redundancy 2■ Data Redundancy 3■ Network Redundancy 4■ Power Redundancy

Vulnerability may come from the following 5 factors

1■ Software bugs 2■ Misconfigured software 3■ Improperly protected network devices 4■ Missing security patches 5■ Lack of physical security

5 commonly used Authentication methods

1■ Something you know (Knowledge Factor) 2■ Something you have (Possession Factor) 3■ Something you are (Inherence Factor) 4■ Something you do (Action Factor) 5■ Somewhere you are (Location Factor)

Data Plane typically encompasses 4 key elements

1■ Subject/System 2■ Policy Engine 3■ Policy Administrator 4■ Policy Enforcement Point

What technologies are used perform Accounting?

1■ Syslog Servers 2■ Network Analysis Tools 3■ Security Information and Event Management (SIEM) Systems

2 Basic Types of Gap Analysis

1■ Technical Gap Analysis 2■ Business Gap Analysis

Redundancy

1■ The inclusion of extra components so that a system can continue to work even if individual components fail, for example by having more than one path between any two connected devices in a network 2■ Duplication of critical components or functions of a system with the intention of enhancing its reliability

3 main reasons why Non-repudiation is important

1■ To confirm the authenticity of digital transactions 2■ To ensure the integrity of critical communications 3■ To provide accountability in digital processes

3 main reasons why Availability is important

1■ To ensure Business Continuity 2■ To maintain Customer Trust 3■ To uphold Organization's Reputation

3 main reasons why Integrity is important

1■ To ensure Data Accuracy 2■ To maintain Trust 3■ To ensure System Operability

3 reasons why Authentication is important

1■ To prevent unauthorized access 2■ To protect user data and privacy 3■ To ensure that resources are accessed by valid users only

3 main reasons why Confidentiality is important

1■ To protect Personal Privacy 2■ To maintain a Business Advantage 3■ To achieve Regulatory Compliance

3 reasons why Authorization is important

1■ To protect sensitive data 2■ To maintain the system integrity in our organizations 3■ To create a more streamlined user experience

Chief Information Officer (CIO)

A company officer with the primary responsibility for management of information technology assets and procedures.

Chief Technology Officer (CTO)

A company officer with the primary role of making effective use of new and emerging computing platforms and innovations.

Vulnerability

A flaw or weakness in the system design or implementation that allows a threat agent to bypass security

Security Policy

A formalized statement that defines how security will be implemented within a particular organization. It describes the means the organization will take to protect the confidentiality, availability, and integrity of sensitive data and resources. An organization that develops security policies and uses framework-based security controls has a strong security posture.

Cybersecurity Framework (CSF)

A set of industry standards and best practices created by NIST to help organizations manage cybersecurity risks

Information Systems Security

Act of protecting the systems (e.g., computers, servers, network devices) that hold and process our critical data

Compensating Controls

Alternative controls procedures that are implemented when primary security controls are not feasible or effective. This could be substitute for a principal control, as recommended by a security standard, and affords the same (or better) level of protection but uses a different methodology or technology.

Threat

Anything that could cause harm, loss, damage, or compromise to our information technology systems

What are the properties of a secure information processing system?

CIA triad: Confidentiality, Integrity and Availability

An organization changes its security posture after a breach and wants to enhance encryption by putting measures in place to mitigate risk exposures that cannot be directly eliminated by the cyber security team. What type of control is being observed in this situation?

Compensating control

Why conduct Gap Analysis?

Conducting a gap analysis can be a valuable tool for organizations looking to improve their operations, processes, performance, or overall security posture

What does Confidentiality do?

Confidentiality ensure that private or sensitive information is not available or disclosed to unauthorized individuals, entities, or processes

Detective Controls

Controls designed to monitor and alert organizations to malicious activities as they occur or shortly thereafter. A detective control operates during an attack. Logs provide one of the best examples of detective-type controls.

Deterrent Controls

Controls designed to psychologically discourage those who might seek to violate our security controls. This could include signs and warnings of legal penalties against trespass or intrusion. Controls designed to discourage potential attackers causing any security incidents.

Directive Controls

Controls designed to specify acceptable rules of behavior, such as a policy, best practice standard, or standard operating procedure (SOP) within an organization. For example, an employee's contract will set out disciplinary procedures or causes for dismissal if they do not comply with policies and procedures. Training and awareness programs can also be considered as directive controls.

Corrective Controls

Controls implemented to remedy circumstance, or mitigate any potential damage and restore our systems to their normal state. A corrective control is used after an attack. A good example is a backup system that restores data that was damaged during an intrusion. Another example is a patch management system that eliminates the vulnerability exploited during the attack.

Preventive Controls

Controls that deter security threats or breaches before they arise. A preventive control operates before an attack can take place. Access control lists (ACL) configured on firewalls and file system objects are preventive-type technical controls. Antimalware software acts as a preventive control by blocking malicious processes from executing.

A user in a company wants a new USB flash drive. Rather than requesting one through the proper channel, the user obtains one from one of the company's storage closets. Upon approaching the closet door, the user notices a warning sign indicating cameras are in use. What is the control objective of the observed sign?

Deterrent control

What does Availability do?

Ensure that information, systems, and resources are accessible and operational when needed by authorized users

Integrity

Ensures data remains accurate and unaltered (e.g., checksums)

Availability

Ensures information and resources are accessible when needed (e.g., redundancy measures)

Network Redundancy

Ensures that if one network path fails, the data can travel through another route

Data Plane

Ensures the policies are properly executed

Policy-Driven Access Control

Entails developing, managing, and enforcing user access policies based on their roles and responsibilities

An IT security manager at a technical college wants to increase the use of controls that generate alerts where ongoing attacks are suspected in the organization's network infrastructure. Which of the following is a suitable illustration of this type of control?

Implementing an intrusion detection system

Information Security

Information Security safeguards valuable data from intruders, ensuring that only authorized individuals can access, modify, or disclose it, while preventing any disruption or destruction.

NIST (National Institute of Standards and Technology)

Information security and cybersecurity tasks can be classified as 6 functions, following the framework developed by the National Institute of Standards and Technology (NIST): 1■ Govern 2■ Identify 3■ Protect 4■ Detect 5■ Respond 6■ Recover

Physical Controls

Information security controls related to the safeguarding of assets

Technical Controls

Information security safeguards (i.e., controls or countermeasures) for an information system that are primarily implemented and executed by the information system through mechanisms contained in the hardware, software or firmware components of the system.

Operational Controls

Information security safeguards focusing on lower-level planning that deals with the functionality of the organization's security. These safeguards include disaster recovery and incident response planning.

Managerial Controls

Information security safeguards that focus on administrative planning, organizing, leading, and controlling, and that are designed by strategic planners and implemented by the organization's security administration. These safeguards include governance and risk management.

The chief security officer (CSO) at a financial organization wants to implement additional detective security controls. Which of the following would BEST represent this type of control?

Installation of surveillance cameras

Technical Gap Analysis

Involves evaluating an organization's current technical infrastructure and identifying any areas where it falls short of the technical capabilities required to fully utilize their security solutions

Business Gap Analysis

Involves evaluating an organizations current business processes and identifying any areas where they fall short of the capabilities required to fully utilize cloud based solutions

Threat Scope Reduction

Limit the users' access to only what they need for their work tasks because this drastically reduces the network's potential attack surface

What term is used to describe the property of a secure network where a sender cannot deny having sent a message?

Non-Repudiation

Information Systems Security Officer (ISSO)

Organizational role with technical responsibilities for implementation of security policies, frameworks, and controls.

Plan of Action and Milestones (POA&M)

Outlines the specific measures to address each Vulnerability, allocate resources, and set up timelines for each remediation task that is needed

A manufacturing company is looking to enhance its security measures by implementing deterrent controls in its facility, specifically the server room. Which of the following options would be MOST effective?

Placing visible signs indicating surveillance and severe penalties for unauthorized entry

After an unauthorized access incident in the server room over the weekend, the IT department of a company decides to implement new security controls to deter similar future incidents. Which of the following should they implement?

Placing visible signs indicating surveillance and severe penalties for unauthorized entry

A company installed a new locking cabinet in the computer room to hold extra flash drives and other supplies. Which type of security control did the company configure?

Preventive control

Security Information and Event Management (SIEM) Systems

Provides us with a real-time analysis of security alerts generated by various hardware and software infrastructure in an organization

What is the best Strategy is to use in your systems and network designs to overcome the challenges associated with maintaining Availability?

Redundancy

Subject/System

Refers to the individual or entity attempting to gain access

Control Plane

Refers to the overarching framework and set of components responsible for defining, managing, and enforcing the policies related to user and system access within an organization

Adaptive Identity

Relies on real-time validation that takes into account the user's behavior, device, location, and more

Multi-Factor Authentication System (MFA)

Security process that requires users to provide multiple methods of identification to verify their identity

As part of enhancing its data protection strategy, a corporation's IT manager aims to ensure defense-in-depth by integrating a technical control alongside existing managerial and operational controls. Which measure BEST exemplifies a technical security control according to the classification scheme?

Setting up a network intrusion detection system

Given the need to prioritize cost-effective solutions for enhancing the company's cybersecurity posture, a global corporation's chief security officer (CSO) considers implementing technical controls over physical controls. Which of the following options is a technical control?

Setting up a network intrusion detection system

A company finds that employees are accessing streaming websites that are not being monitored for malware or viruses. Which type of control can the network administrator implement to protect the system and keep the employees from viewing unapproved sites?

Technical control

The security manager at a financial technology company seeks to enforce a control that enhances user behavior to mitigate cybersecurity risks. What type of control should an analyst recommend the security manager put in place?

The analyst should recommend the enforcement of a strict password policy.

Confidentiality

The assurance that messages and information are available only to those who are authorized to view them (e.g., encryption)

A crypto exchange company is revising its security policies and is concentrating on implementing effective operational security controls. Which of the following should the company's security manager recommend executing?

The enforcement of a strict password policy

Non-Repudiation

The inability to deny taking an action such as creating information, approving information and sending or receiving a message. OR Non-Repudiation - Guarantees that an action or event cannot be denied by the involved parties (e.g., digital signatures)

Authorization

The process of providing an authenticated user with permission including access levels and abilities such as file access, hours of access, and amount of allocated storage space

Accounting

The process of tracking or recording user activities and resource usage for audit or billing purposes

Power Redundancy

The provision of a backup power source, such as a generator or UPS systems

Where does the risk to an enterprise systems and networks usually lies?

The risk to an enterprise systems and networks usually lies where Threats and Vulnerabilities intersect

How do you achieve or implement zero trust model/architecture?

To achieve zero architecture, we need to use two different planes: Control Plane and the Data Plane planes

If you have a Vulnerability but there's no Threat against it, there would be no risk

True. Imagine a house with a weak lock (vulnerability) but no burglars around (no threat), so there's no risk of a break-in. Just like in real life, if there's no potential harm, there's no risk.

If you have a Threat, but there is no matching Vulnerability to it, then you have no risk

True. Think of a threat as a hungry wolf and a vulnerability as an open door. If there's no open door, the wolf can't get in - that's like having no risk.

Chief Security Officer (CSO)

Typically the job title of the person with overall responsibility for information assurance and systems security

Syslog Servers

Used to aggregate logs from various network devices and systems so that system administrators can analyze them to detect patterns or anomalies in the organization's systems

Network Analysis Tools

Used to capture and analyze network traffic so that network administrators can gain detailed insights into all the data moving within a network

Policy Administrator

Used to establish and manage the access policies

Authentication

Verifying the identity of the person or device attempting to access the system (e.g., password checks)

Policy Enforcement Point

Where the decision to grant or deny access is actually execute

Gap Analysis

■ A method for examining and evaluating the current state of a process in order to identify opportunities for improvement in the future OR ■ Process of evaluating the differences between an organization's current performance and its desired performance

CIANA Pentagon

An extension of the CIA triad with the addition of Non-Repudiation and Authentication

After encountering a cyber attack, an organization uses a monitoring solution that automatically restarts services after it has detected the system has crashed. What type of functional security control is the company implementing?

Corrective control

Policy Engine

Cross-references the access request with its predefined policies

Data Redundancy

Involves storing data in multiple places

Server Redundancy

Involves using multiple servers in a load balanced or failover configuration so that if one is overloaded or fails, the other servers can take over the load to continue supporting your end users

Secured Zones

Isolated environments within a network that are designed to house sensitive data