Chapter 1.1-1.3

What are the 4 Security Controls?

• Technical

• Managerial

• Operational

• Physical

What are technical controls?

• controls that are implemented through a system

• operational system controls, such as firewalls or anti-virus

What are managerial controls?

• administrative controls associated with security design and implementation

• security policies, standard operating procedures

What are operational controls?

• controls implemented by people instead of systems

• security guards, awareness control

What are physical controls?

• controls that limit physical access

• guard shack, fences, locks, badge readers

What are the different control types?

• Preventative

• Deterrent

• Detective

• Corrective

• Compensating

• Directive

What is preventative control?

• blocks access to a resource

• example: firewall, door lock, guard shack

What is deterrent control?

• discourages an intrusion attempt, makes them think twice

• example: front desk, warning signs, app splash screen

What is detective control?

• identifies and logs an intrusion attempt, may no prevent access

• finds the issue

• examples: siem dashboard, system that collects/reviews logs, motion detectors

What is corrective control?

• applies a control after the detection has been made known and corrects the issues

• potentially reverses the impact of the event

• continues operations with minimal downtime

• examples: restoring backups to mitigate ransomware, using a fire extinguisher

What is compensating control?

• control using other mean when existing controls aren’t sufficient

• usually temporary

• examples: generators after power outage, firewalls to path app

What is the CIA Triad?

• Confidentiality

• Integrity

• Availability

What is confidentiality?

• preventing access of information to unauthorized individuals/system

• example: encryption of data, access control, multi0factor authentication

What is integrity?

• data is accurate, not altered

• examples: hashing, digital signatures, certificates, non-repudiation

What is availability?

• information can be accessed by authorized users

• examples: redundancy, fault tolerance, patching

What is non-repudiation?

• the assurance that someone cannot deny the validity of their involvement in a digital action

• example: digital transaction, agreement, contract, or communication such as an email

What is proof of integrity?

• ensuring data doesn’t change

• example: when data changes, so does the hash

What is proof of origin?

• proving the source

• example: digital signature, private/public keys

What is AAA?

• authentication

• authorization

• accounting

What is authentication?

• proving who you are

• examples: usernames, passwords

What is authorization?

• what do you have access to do?

• examples: acls, group policy

What is accounting?

• what did you do?

• examples: login time, data sent/received, logout time

What is gap analysis?

• comparison between current and future security

• helps plan for future

What are the steps of gap analysis?

• choose a framework

• get a baseline from employees

• examin current process

• compare between baseline and current process

• indentify weaknesses in an analysis

• complete final comparison and create new framework

What is zero trust?

• model that assumes no user/device should be trusted by default without the proper authentication

How is zero trust achived?

• splitting network into planes of operations

• controlling trust

• security zones

• policy enforcement point

What are some examples of physical security?

• barricades/bollards

• access control vestibules

• fencing

• access badge

What are examples of was to deceive attackers?

• honeypot

• honeyfiles

• honeytokens

What is a honeypot?

• attracts attackers to a machine that is not on the network

What are honeyfiles?

• attracts attackers to a file that is filled with fake information

• (password.txt)

• bear traps are set to alert admins when honeyfiles are accessed

What are honeytokens?

• adds traceable data to the honeynet, allows you to tell where data comes from

• example: fake email addresses or credentials

What is change management?

• process for making a change

• common area for mistakes