sset set11

The three main goals of information security are…

Confidentiality, Integrity, Availability

Seek to prevent fraudulent activity by uncovering malfeasance

Mandatory vacations/job rotation

Law regulating educational records

FERPA

Law regulating Financial services

GLBA

Law regulating Information held by federal agencies

Privacy Act of 1974

Law regulating EU PII

GDPR

Law regulating Canadian PII

PIPEDA

Law regulating Asian PII

APEC CPEA

The four canons of the (ISC)2 code of ethics

Protect society, Act honorably, Provide diligent service, Advance and protect the profession

Control to seek to dissuade an attacker from attempting to violate a security policy in the first place

Deterrent Controls

Control to Seek to block an attempt to violate a security policy from succeeding

Preventative Controls

Seek to address a gap created by the absence of another required control. Should go above and beyond other control requirements

Compensating Controls

Seek to restore normal service after a disruption. Examples include backups and redundant sites

Corrective Controls

Seek to identify attack attempts that do occur. Examples include burglar alarms, intrusion detection systems, and file integrity monitoring systems.

Detective Controls

track hardware, software, and data assets throughout their lifecycle

Asset management

Security Frameworks

COBIT, ISO 2700, NIST, CSF

Due care

taking reasonable steps to protect the interest of the organization

Due diligence

ensures protective steps are carried out

We evaluate the effectiveness of an authentication technology using the

crossover error rate (cer)

allows browser-based single sign on across a variety of systems.

Security Assertion Markup Language (SAML)

The SAML’s end user

principal

standard that allows users to log into applications using signatures provided by other identity providers

OAuth

implementation of OAuth used by Google and other cloud service providers

OpenID Connect

Access control delegated to the owners of objects

DAC (Discretionary)

Access control determined by labels on subjects

MAC (Mandatory)

Network shared with trusted partners, such as vendors, contractors, and consultants

Extranet networks

___ a risk through insurance or contract

Transfer

___ a risk by implementing controls

Mitigate

document used to track information about risks facing an organization

Risk register

identifies and prioritizes threats through a structured approach

Threat modeling

Report that provides a description of the controls in place and if they are sufficient

Type 1 Report

Auditor tests controls and provides an opinion on their effectiveness

Type 2 report

commonly used standards for cybersecurity audits

COBIT, ISO 27001,2

software testing technique that ensures it meets business requirements

Validation

software testing technique that ensures it functions correctly

Verification

software testing technique that tests system capacity

stress test

software testing technique that test if it works for users

UAT

software testing technique that checks for side effects

regression testing

software testing technique that tests other inputs for bugs

fuzz testing

software testing technique that evaluates from an attackers perspective

misuse testing

provides a standard framework for vulnerability assessment

Security Content Automation Protocol (SCAP)

Network scanning technique that sends a single packet with the SYN flag set

TCP SYN

Network scanning technique that attempts to complete the three way handshake

TCP Connect

Network scanning technique that attempts to to impersonate an established connection

TCP ACK

scans set the FIN, PSH, and URG flags

Xmas

The vulnerability management lifecycle includes three basic steps

detection, remediation, validation

provides a centralized point for event aggregation, correlation, and analysis

SIEMs

when using a document as evidence, the original document must be used unless there are exceptional circumstances

best evidence rule

Fact that a written agreement is assumed to be the complete agreement

parol evidence rule

System that serves as a decoy to attract attackers.

Honeypot

Unused network designed to capture probing traffic

Honeynet

Copies all files on a system that have changed since the most recent full backup

Differential Backup

Copies all files on a system that have changed since the most recent full or incremental backup

Incremental Backup

Site that has only support systems

cold site

Site that has support systems and configured servers

warm site

Site that has support systems, configured servers and real time data

hot site

Type of disaster recovery where they review the plan and their specific roles

Read-through/tabletop

Type of disaster recovery where they activate alternate processing capabilities without taking down the primary site

Parallel

updated service that uses public key to exchange secret key used to secure web traffic

TLS

secure core of a system that has a secure perimeter with access enforced by a reference monitor

Trusted Computing Base (TCB)

CA verifies that the certificate subject controls the domain name. Weakest form of validation

Domain validation (DV)

CA verifies the name of the business purchasing the certificate in addition to domain ownership

Organization validation (OV)

CA performs additional checks to verify the physical presence of the organization at a registered address

Extended validation (EV)

Collecting only data that is necessary for legitimate business purposes

data minimization

OSI Model in reverse order (top to bottom)

Application, Presentation, Session, Transport, Network, Data Link, Physical

connection-oriented transport protocol

TCP

connectionless transport protocol that does not guarantee delivery

UDP

converts between IP addresses and domain names

DNS

OSI Layer that Serves as the point of integration for user applications with the network

Application

OSI Layer that Transforms user-friendly data into machine-friendly data; encryption

Presentation

OSI Layer that Establishes, maintains, and terminates sessions

Session

OSI Layer that Manages connection integrity

Transport

OSI Layer that manages Routing packets over the network

Network

OSI Layer that Formats packets for transmission

Data Link

OSI Layer that Encodes data into bits for transmission over wire, fiber, or radio

Physical

converts between MAC addresses and IP addresses

ARP

converts between public and private IP addresses

NAT

Used by enterprise wireless networks to implement authentication for wireless clients

EAP

distribute connection requests among many identical servers

Load balancers

20, 21

FTP Port #

22

SSH Port #

23

Telnet Port #

SMTP Port #s (Plain & TLS encrypted)

25 & 465

53

DNS Port #

80

HTTP Port #

110

POP3 Port #

123

NTP Port #

135, 137-139, 445

Windows File Sharing Port #

143

IMAP Port #

161/162

SNMP Port #

443

HTTPS Port #

1433/1434

SQL Server Port #

1521

Oracle Port #

1720

H.323 Port #

1723

PPTP Port #

3389

RDP Port #

9100

HP JetDirect Printing Port #

separates the network control plane from the data plane, allowing networks to be dynamically reprogrammed

Software-defined networking (SDN)

only send traffic destined for the corporate network through the VPN

Split tunnel VPNs

Makes requests to other servers on behalf of an end user, providing anonymization and performance enhancement

Proxy Server