SSCP All Domains

Flashcards covering all Domains

CIA Triad

Confidentiality, Integrity, Availability

Least Privilege

Users should only have the minimum access necessary to perform their duties.

Need to Know

Access to information is granted only if required to perform a specific task.

Separation of Duties

Splitting critical tasks among different people to prevent fraud or error.

Job Rotation

Reduces collusion risk and helps discover fraud.

Mandatory Vacation

To detect irregularities or fraud during employee absence.

Security Through Obscurity

Relying on secrecy as a defense. It's discouraged because it doesn't provide real security.

Due Care

Taking reasonable steps to protect assets.

Due Diligence

Ongoing process of identifying and managing risks.

Privacy vs. Security

Privacy is about data rights and usage; security is about protecting data from threats.

Types of Security Controls

Administrative, Physical, and Technical

Preventive Controls

Controls that stop an incident from occurring.

Detective Controls

Controls that identify and report incidents.

Corrective Controls

Controls that fix issues after an incident.

Compensating Controls

Alternative measures when primary controls can't be used.

Deterrent Control

Discourages potential attackers.

Recovery Control

Restores systems to normal operation after an incident.

Audit Trail

A chronological record of system activities.

Review Access Logs

To identify unauthorized or unusual access.

Security Baseline

A predefined set of security settings.

Configuration Management

Tracking and controlling changes in software/hardware.

Tools That Support Monitoring

SIEM, IDS/IPS, log analyzers.

Phases of Incident Response

Preparation, detection, containment, eradication, recovery, lessons learned.

Business Continuity

Ensuring key functions continue during disruption.

Disaster Recovery

Restoring IT operations after an outage.

Backup Strategies

Full, incremental, differential, and offsite backups.

Incident Escalation

Raising the priority level of an incident to the appropriate authority.

Change Management

Structured process for handling system changes.

Rollback Plan

Strategy to undo changes if something goes wrong.

Document System Changes

Ensures accountability and tracking.

Discretionary Access Control (DAC)

Access is determined by the resource owner.

Mandatory Access Control (MAC)

Access is determined by system-enforced policies based on classification labels.

Role-Based Access Control (RBAC)

Access is based on a user's role in the organization.

Attribute-Based Access Control (ABAC)

Access decisions are based on user, resource, and environment attributes.

Single Sign-On (SSO)

Authentication process allowing access to multiple systems with one login.

Multi-Factor Authentication (MFA)

Authentication using two or more factors: something you know, have, or are.

Crossover Error Rate (CER) in Biometrics

The point where false acceptance rate equals false rejection rate.

Purpose of a Risk Assessment

To identify, quantify, and prioritize risks to organizational assets.

Qualitative Risk Analysis

Subjective assessment of risks based on probability and impact ratings.

Quantitative Risk Analysis

Numerical evaluation of risks using statistical methods and data.

Threat Intelligence Feed

A source of data about known threats, actors, and vulnerabilities.

Continuous Monitoring

Ongoing observation and analysis of systems and networks to detect changes.

Phases of the Incident Response Lifecycle

Preparation, Detection & Analysis, Containment, Eradication, Recovery, Post- Incident Activity.

Goal of Containment

To limit the spread and impact of a security incident.

Playbook

A predefined set of procedures for responding to specific incident types.

Business Continuity Planning

Ensuring critical business functions remain available during and after a disruption.

RPO and RTO

RPO: Recovery Point Objective (maximum tolerable data loss). RTO: Recovery Time Objective (target time to restore service).

Symmetric Encryption

Encryption where the same key is used for both encryption and decryption.

Asymmetric Encryption

Encryption using a public key for encryption and a private key for decryption.

Hash Function

A one-way mathematical function that produces a fixed-size output from input data.

Digital Signature

A cryptographic value that validates the authenticity and integrity of data.

Public Key Infrastructure (PKI)

A framework for managing digital certificates and public-key encryption.

OSI Model

A seven-layer framework: Physical, Data Link, Network, Transport, Session, Presentation, Application.

Difference Between IDS and IPS

IDS (Intrusion Detection System) detects attacks; IPS (Intrusion Prevention System) blocks them.

DMZ

A network segment that separates an internal network from untrusted external networks.

VLANs

Virtual LANs that segment network traffic logically.

SSL/TLS

Protocols for encrypting data in transit over networks.

TCP/IP Suite

Core protocols for internet and network communications (TCP, UDP, IP).

Secure Coding

Practices aimed at preventing vulnerabilities in software development.

Input Validation

Checking user-supplied data to prevent injection and other attacks.

Buffer Overflow

A condition where a program writes more data to a buffer than it can hold.

Containerization

Using lightweight, isolated environments for running applications.

Endpoint Security

Protecting end-user devices such as PCs, laptops, and mobile devices.

Patch Management

Process of identifying, acquiring, installing, and verifying software updates.

Change Management in Application Security

Ensuring controlled and documented changes to software and systems.

Threat Modeling

Identifying potential threats, vulnerabilities, and mitigating controls during design.

What is the best method for dealing with data remanence on SSDs?

Physical destruction

A list of company-restricted websites would best be handled in the first instance by what type of control?

Administrative