Shared Flashcard Set

Details

cards
cards
31
Advertising
Kindergarten
04/01/2014

Additional Advertising Flashcards

 


 

Cards

Term
Technical Control
Definition
uses technology to reduce vulnerablities
Term
Technology Control examples
Definition

Least Privilege

Antivirus Software

Intrusion detection systems (IDS)

Firewalls

Term
Least Privilege
Definition
individuals or processes are granted only the rights and permissions needed to perform their assigned tasks or functions, but no more.
Term
Antivirus Software
Definition
provies protection against infection
Term
Intrusion detection systems
Definition
can monitor a network or host for intrusions and provide ongoing protection against various threats
Term
Firewalls
Definition
restrict network traffic going in and out of a network
Term
Management Controls
Definition
are primarily adminstritive in function the use planning and assessment methods to providean ongoing review of the organization's ability to reduce and manage risk
Term
Two common management controls are
Definition

Risk Assessments

Vulnerability Assessments

Term
Risk Assessments
Definition

These help quantify and qualify risks within an organization so that they can focus on the serious risks.  

 

a quantitative risk assessment uses cost and asset values to quantify risks based monetary values.  

 

A qualitative risk assessment uses judgments to categorize risks based on probability and impact

Term
Operational Controls
Definition
help ensure that day-to-day operations of an organization comply with their overall security plan.
Term
Operational Controls include the following families
Definition

Awareness and Training

Configuration Management

Contingency Planning

Media Protection

Physical and Enviromental Protection

Term
Awareness and training
Definition
training helps users maintain password security, follow a clean desk policy, understand threats such as phishing and malware.
Term
Configuration management
Definition

often uses baselines to ensure that systems start in a secure, hardened state.  

 

change management helps ensure that changes don't result in unintended configuration errors.

Term
Contingency Planning
Definition

presents serval different methods that help an organization plan and prepare for potential system outages.

 

goal to reduce overall impact on the organization if an outage occurs

Term
Media Protection
Definition

media includes physical media such as USB flash drives, external and internal drives and backup tapes

 

Term
Physical and enviromental protection
Definition
this includes physical controls such as cameras, door locks, and enviromental controls such as heating and ventilation systems
Term
Control Based Functions
Definition
3 primrary functions of controls are: preventative, detective, and corrective
Term
Preventative Controls
Definition

example: security guards

change management

account disablement policy

system hardening

 

Term
Security Guards
Definition
guards act as a deterrent and provide a preventative security control
Term
Change management
Definition

ensures that changes dont result in ad-hoc (or as needed) configuration errors.  

 

in another words, instead of adminstrators making changes on the fly, they submit the change to a change management process.  

Term
Account disablement Policy
Definition

most organatizations ensure that user accounts are disabled when an employee is terminated.

so the employee can get into the system anymore

 

Term
system hardening
Definition
includes removing and siabling uneede services and protocols, keeping the system up to date, and enabling firewalls
Term
Remember this
Definition

a preventative control attempts to prevent an incident from occuring.  

 

security guards can prevent unauthorized personnel from entering a secure area

 

Change management control helps prevent outages from ad-hoc (or as-needed) configuration mistakes.  

 

An account disablement policy ensures that a terminated employee's account can't be used

Term
Detective Controls
Definition
are designed to detect when a vulnerability has been exploited.  can predict when it will occur, and can't prevent it.  can discover the event after it's occured.
Term
Security Audit
Definition
examine the security posture of an organization. example: a password audit can determine if the password policy is ensuring the use of strong passwords. review of user rights can detect if users have more permissions than they should.
Term
Video Surveillance
Definition
CCTV can record activity and detect what occured, and can be used as a preventative control.
Term
Remember this
Definition
Detective Controls can detect when a vulnerability has been exploited. 2 examples: Security Audits and CCTV systems.
Term
Corrective Controls
Definition
attempt to reverse the impact of an incident or problem after it has occurred.
Term
Active IDS
Definition
active intrusion detection Systems IDS attempt to detect attacks and then modify the enviroment to block the attack from continuing.
Term
Backups and system recovery
Definition
a backup ensures that the data can be recovered. when system fails system recovery procedures ensure it can be recovered.
Term
Access Control Models
Definition
Role/rule- based access control RBAC
Discretionary access control (DAC)
Mandatory access control (MAC)
Supporting users have an ad free experience!