Term
| System Development Life Cycle |
|
Definition
- Initiation
- Acquisition and development
- Implementation
- Operations and maintenance
- Disposition
|
|
|
Term
|
Definition
Security categorization - categorizes severity of a security breach on a particular network component.
Example - a newly added network device might be categorized as having either a high, medium or low security level
Preliminary risk assessment - offers a high-level overview of a system's security requirements |
|
|
Term
| Acquisition and Development |
|
Definition
Risk assessment
Security functional req's analysis
Security assurance requirements analysis
Cost considerations and reporting
Security planning
Security control development
Developmental security test and evaluation |
|
|
Term
Acquistion and Development
Risk Assessment |
|
Definition
- specifies protection requirements that initiation risk assessment didn't cover
|
|
|
Term
Acquisition and Development
Security functional requirement analysis |
|
Definition
- what's required to properly secure a system so that it can function in its intended capacity.
|
|
|
Term
Acquisition and Development
Security Assurance requirements analysis |
|
Definition
- based on legal and functional security reqs, analysis provides evidence that the network resource in question will be protected at the desired level
|
|
|
Term
Acquisition and Development
Cost Consideration and reporting |
|
Definition
- costs of securing a system - including hardware, applications, personnel and training
|
|
|
Term
Acquisition and Development
Security Planning |
|
Definition
- report that details what security controls are to be used
|
|
|
Term
Acquisition and Development
Security Control Development |
|
Definition
- report created detailing how the previously determined security controls are to be designed, developed and implemented
|
|
|
Term
Acquisition and Development
Developmental Security test and evaluation |
|
Definition
- testing is performed to validate the operation of the implemented security controls
|
|
|
Term
|
Definition
- Inspection and acceptance - installation of a system and its functional requirements are verified
- System integration - integrated with all required components at its operational site, and its operation is verified
- Security Certification - operation of the previously specified security controls is verified
- Security accreditation - system is given appropriate administrative privileges to process, store and/or transmit specific data
|
|
|
Term
| Operations and Maintenance |
|
Definition
Configuration management and control - before a configuration change is made to one part of a network, the potential impact on other parts of the network is considered
Continuous monitoring - it should be routinely monitored and tested to validate its operations |
|
|
Term
|
Definition
Information preservation - some info needs to be preserved because of legal restrictions - archived info should periodically be transferred to more modern storage technologies to ensure the medium used to store the archived info is not an obsolete technology
Media sanitation - storage media that contains sensitive info should be sanitized so no one can retrieve the info
Hardware and software disposal - hardware and software components are retired, formalized disposal procedure should be used |
|
|
Term
|
Definition
information security personnel should be assigned responsibilities such that no single employee can compromise a system's security.
Could be accomplished by
- dual operator system - specific tasks require two people
- two-man control - two employees have to approve one another's work
|
|
|
Term
|
Definition
potential for a single employee to cause an ongoing security breach is lessened by having multiple employees periodically rotate duties.
Rotation results in peer review process where employees check one another's work
smaller organizations with limited staff might have difficulty implementing this recommendation |
|
|
Term
|
Definition
implies making perparations for a system failure and having a plan to recover data in the event of a failure.
Recovery procedures should ensure that data is secured during the backup process.
Data should be restored such that its original permissions are in effect |
|
|
Term
| Configuration and Change Control |
|
Definition
when making changes to an information system, multiple personnel should review the changes beforehand to anticipate any issues that could result
Example
- change in one system could open a security hole in another
Primary goals are minimizing system disruptions, being able to quickly back out of a change, and using network resources more efficiently and effectively. |
|
|
Term
| Goals of Business Continuity Planning |
|
Definition
moving critical business operations to another facility while the original facility is under repair
using alternative forms of internal and external communications |
|
|
Term
|
Definition
Emergency response phase
Recovery phase
Return to normal operations phase |
|
|
Term
Disruption Categories
Nondisaster |
|
Definition
| normal business operations are briefly interrupted |
|
|
Term
Disruption Categories
Disaster |
|
Definition
normal business operations are interrupted for one or more days.
Not all critical resources at a site are destroyed |
|
|
Term
Disruption Categories
Catastrophe |
|
Definition
| all resources at a site are destroyed and normal business operations must be moved to an alternative site |
|
|
Term
|
Definition
completely redundant site with very similar equipment to the original site
Data is routinely copied from the primary site to the hot site.
Hot site can be up and functioning within a few minutes (or even seconds) after a catastrophe at primary site |
|
|
Term
|
Definition
Facility that is very similar equipment to the original site. Warm site is unlikely to have current data because of lack of frequent replication with the original site
DR personnel typically need to physically go and manually bring systems online.
Critical business operations might be restored for days |
|
|
Term
|
Definition
offers an alternative site where business operations can be conducted, but does not typically contain redundant computing equipment (such as servers and routers)
Data network would need to be rebuilt from scratch, which could take weeks.
Cold site is less expensive initially, could create more long term consequences and the financial cost could be more in the long run. |
|
|
Term
|
Definition
support consistency within a network
Example
- specify limited number of OSs to be supported in organization
- could apply to configuring devices, such as routers (having a standard routing protocol)
|
|
|
Term
|
Definition
tend to be suggestions
Example
|
|
|
Term
|
Definition
support consistency in a network
security policy might include a collection of procedures
very detailed documents providing step-by-step instructions for completing specific tasks. |
|
|
Term
|
Definition
Chief Security Officer (CSO)
Chief Information Officer (CIO)
Chief Information Security Officer (CISO) |
|
|
Term
|
Definition
| identify threats facing the network |
|
|
Term
|
Definition
| key design decision revolves around analyzing the probability that a threat will occur and the severity of the consequences if that threat does occur |
|
|
Term
|
Definition
|
|
Term
|
Definition
Annualized Loss Expectancy (ALE)
produces a monetary value that can be used to help justify the expense of security solutions |
|
|
Term
|
Definition
Asset Value (AV)
total cost of an asset, including purchase price, recurring maintenance expenses, and all other costs associated with acquiring an asset |
|
|
Term
|
Definition
Exposure Factor (EF)
percentage that represents the percentage of loss that an asset experiences if an anticipated threat occurs |
|
|
Term
|
Definition
Annualized Rate of Occurence (ARO)
represents how many times per year a specific threat occurs
|
|
|
Term
|
Definition
Single Loss Expectancy (SLE)
represents the expected monetary loss from a single occurence of an anticipated risk
SLE = AV * EF |
|
|
Term
|
Definition
| often more appropriate than quantitative because of the large scale of the network being analyzed |
|
|
Term
|
Definition
assumes that not all potential threats can be eliminated
attempts to reduce the anticipated damage from risks to an acceptable level |
|
|
Term
|
Definition
can eliminate the identified risks by not exposing a system to end users
Would be impractical for an e-commerce application |
|
|
Term
|
Definition
reduces potential system vulnerabilities resulting from a user being assigned too many privileges
can expedite the identification of security weaknesses in a system |
|
|
Term
|
Definition
| makes the end-user community conscious of security issues, without necessarily any in-depth procedural training |
|
|
Term
|
Definition
creates competence on the part of the end user to perfrom a specific task or serve in a specific role
conducting a class to educate network admins about features on an ASA is an example |
|
|
Term
|
Definition
more comprehensive training, in that it covers a larger body of knowledge
obtaining a college degree focusing on IT security is an example of comprehensive security education |
|
|
Term
| Cisco Self Defending Network Core Characteristics |
|
Definition
Integrated
Collaborative
Adaptive |
|
|
Term
|
Definition
Cisco Self-Defending Network
security is built into the network, as opposed to being added to an exisiting network |
|
|
Term
|
Definition
Cisco Self-Defending Network
IT personnel focusing on security collaborate with IT personnel focusing on network operations |
|
|
Term
|
Definition
Cisco Self-Defending Network
Security solutions can adapt to evolving threats |
|
|
Term
| Cisco Self-Defending Network Hierarchical Structure |
|
Definition
Secure Network Platform
Threat Containment
Protected Communications
Management |
|
|
Term
Cisco Self-Defending Network Hierarchical Structure
Threat control |
|
Definition
strategies to contain and control threats include:
- endpoint threat control defends endpoints against threats
- infrastructure threat control protects servers and shared apps from internal and external threats
- E-mail threat control blocks security threats sourced from e-mail, such as malicious attachments
|
|
|
Term
Cisco Self-Defending Network Hierarchical Structure
Confidential and authenticated communication |
|
Definition
technologies such as IPsec and SSL VPNs can provide confidential and authenticated communications channels
- Remote-access communications security secures transmission to an org's network and applications via a secure tunnel formed across the Internet as needed
- Site-to-site communications security secures transmission between an org's primary site and other sites via an Internet-based WAN infrastructure
|
|
|
Term
Cisco Self-Defending Network Hierarchical Structure
Management solutions |
|
Definition
products that provide system-wide control of policies and configuration offer a variety of benefits
- efficiency of rolling out a new policy to multiple devices while maintaining consistency of the configuration
- comprehensive view of a network's end-to-end security status
- quick response to attacks
- improved congruity with an organizational security policy
|
|
|
Term
|
Definition
Cisco Security Monitoring, Analysis, and Response System
- uses event correlation to collect events from multiple devices in the network, thereby reducing false positives
- identifies appropriate mitigation strategies for specific security challenges
- uses Cisco NetFlow technology to more readily identify network anomalies
|
|
|
Term
|
Definition
| many routers can be configured with IPS, VPN and firewall features |
|
|
Term
| Cisco ASA 5500 Series security appliance |
|
Definition
| offers wide variety of security solutions, such as Firewall, IPS, VPN, antispyware, antivirus, and antiphishing |
|
|
Term
| Cisco PIX 500 series security appliance |
|
Definition
| offer Firewall and VPN-termination features |
|
|
Term
| Cisco 4200 series IPS appliances |
|
Definition
can analyze traffic inline to identify traffic believed to be malicious
appliance can perform operations such as, drop traffic, send alert, instruct another network device (such as Cisco PIX) to block connections from the offending host |
|
|
Term
| Cisco Security Agent (CSA) |
|
Definition
applications that provides IPS services on host
Host-based Intrustion Detection System (HIPS) application |
|
|
Term
| Cisco Secure Access Control Server |
|
Definition
| can provide an autentication, authorization, and accounting (AAA) function, thus allowing different sets of permissions to be applied to different users |
|
|
Term
Cisco Catalyst 6500 series switch
and
Cisco 7600 series router modules |
|
Definition
use a modular chassis with multiple interchangeable modules; some modules provide security features to the chassis
Can insert FWSM into a chassis to provide firewall services between various VLANs defined on 6500s |
|
|
