Term
|
Definition
uses technology to reduce vulnerablities |
|
|
Term
Technology Control examples |
|
Definition
Least Privilege
Antivirus Software
Intrusion detection systems (IDS)
Firewalls |
|
|
Term
|
Definition
individuals or processes are granted only the rights and permissions needed to perform their assigned tasks or functions, but no more. |
|
|
Term
|
Definition
provies protection against infection |
|
|
Term
Intrusion detection systems |
|
Definition
can monitor a network or host for intrusions and provide ongoing protection against various threats |
|
|
Term
|
Definition
restrict network traffic going in and out of a network |
|
|
Term
|
Definition
are primarily adminstritive in function the use planning and assessment methods to providean ongoing review of the organization's ability to reduce and manage risk |
|
|
Term
Two common management controls are |
|
Definition
Risk Assessments
Vulnerability Assessments |
|
|
Term
|
Definition
These help quantify and qualify risks within an organization so that they can focus on the serious risks.
a quantitative risk assessment uses cost and asset values to quantify risks based monetary values.
A qualitative risk assessment uses judgments to categorize risks based on probability and impact |
|
|
Term
|
Definition
help ensure that day-to-day operations of an organization comply with their overall security plan. |
|
|
Term
Operational Controls include the following families |
|
Definition
Awareness and Training
Configuration Management
Contingency Planning
Media Protection
Physical and Enviromental Protection |
|
|
Term
|
Definition
training helps users maintain password security, follow a clean desk policy, understand threats such as phishing and malware. |
|
|
Term
|
Definition
often uses baselines to ensure that systems start in a secure, hardened state.
change management helps ensure that changes don't result in unintended configuration errors. |
|
|
Term
|
Definition
presents serval different methods that help an organization plan and prepare for potential system outages.
goal to reduce overall impact on the organization if an outage occurs |
|
|
Term
|
Definition
media includes physical media such as USB flash drives, external and internal drives and backup tapes
|
|
|
Term
Physical and enviromental protection |
|
Definition
this includes physical controls such as cameras, door locks, and enviromental controls such as heating and ventilation systems |
|
|
Term
|
Definition
3 primrary functions of controls are: preventative, detective, and corrective |
|
|
Term
|
Definition
example: security guards
change management
account disablement policy
system hardening
|
|
|
Term
|
Definition
guards act as a deterrent and provide a preventative security control |
|
|
Term
|
Definition
ensures that changes dont result in ad-hoc (or as needed) configuration errors.
in another words, instead of adminstrators making changes on the fly, they submit the change to a change management process. |
|
|
Term
Account disablement Policy |
|
Definition
most organatizations ensure that user accounts are disabled when an employee is terminated.
so the employee can get into the system anymore
|
|
|
Term
|
Definition
includes removing and siabling uneede services and protocols, keeping the system up to date, and enabling firewalls |
|
|
Term
|
Definition
a preventative control attempts to prevent an incident from occuring.
security guards can prevent unauthorized personnel from entering a secure area
Change management control helps prevent outages from ad-hoc (or as-needed) configuration mistakes.
An account disablement policy ensures that a terminated employee's account can't be used |
|
|
Term
|
Definition
are designed to detect when a vulnerability has been exploited. can predict when it will occur, and can't prevent it. can discover the event after it's occured. |
|
|
Term
|
Definition
examine the security posture of an organization. example: a password audit can determine if the password policy is ensuring the use of strong passwords. review of user rights can detect if users have more permissions than they should. |
|
|
Term
|
Definition
CCTV can record activity and detect what occured, and can be used as a preventative control. |
|
|
Term
|
Definition
Detective Controls can detect when a vulnerability has been exploited. 2 examples: Security Audits and CCTV systems. |
|
|
Term
|
Definition
attempt to reverse the impact of an incident or problem after it has occurred. |
|
|
Term
|
Definition
active intrusion detection Systems IDS attempt to detect attacks and then modify the enviroment to block the attack from continuing. |
|
|
Term
Backups and system recovery |
|
Definition
a backup ensures that the data can be recovered. when system fails system recovery procedures ensure it can be recovered. |
|
|
Term
|
Definition
Role/rule- based access control RBAC Discretionary access control (DAC) Mandatory access control (MAC) |
|
|