CSSLP Chapter 7 - Software Deployment, Operations, Maintenance, Disposal

0.0(0)
Studied by 0 people
call kaiCall Kai
Locked
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
GameKnowt Play
Card Sorting

1/52

flashcard set

Earn XP

Description and Tags

CSSLP Chapter 7 - Software Deployment, Operations, Maintenance, Disposal

Last updated 9:27 AM on 7/6/26
Name
Mastery
Learn
Test
Matching
Spaced
Call with Kai
Chat

No analytics yet

Send a link to your students to track their progress

53 Terms

1
New cards
What do you need to do with software to ensure it continues to function as expected after deployment?
Monitor it. Address incidents that impact the software. Patch vulnerabilities. Identify the conditions under which the software should be replaced.
2
New cards
What is the goal of configuration management according to ITIL?
To enable the control of the infrastructure by monitoring and maintaining information on all the resources that are necessary to deliver services.
3
New cards
What are the pre and post installation security configuration management considerations?
Hardening, Enforcement of security principles, Environment configuration, Bootstrapping and secure startup
4
New cards
What is hardening?
The process of securing the host hardware and operating system, securing it to the most appropriate level for its purpose.
5
New cards
What is a MSB?
Minimum Security Baseline.
6
New cards
What are some common security misconfigurations?
Hard coded credentials or keys, especially in plain text. Allowing directory listings in a web server. Installing software with default accounts or settings. Installing an administrative console with default configuration settings. Unneeded services, ports, protocols, unused pages, unprotected directories. Missing software patches. No perimeter controls, such as firewalls and filters. Enabling tracing and debugging, which can reveal sensitive state information to an attacker.
7
New cards
What are some methods for hardening software?
Remove maintenance hooks. Remove debugging code and flags. Remove unneeded comments and sensitive information from code.
8
New cards
Why shouldn't developers install software on production systems?
It violates the principle of separation of duties.
9
New cards
Why is granting administrative rights to software during installation a problem?
It violates least privilege.
10
New cards
Describe defense in depth violations in software installation.
Enabling disabled services, ports, and protocols so software can run.
11
New cards
What is the pdb file?
The Program Database File holds debugging and project state information. It is used to link the debug configuration of the program incrementally, but can be used to discover the internal workings of the software.
12
New cards
What is a CMDB?
Configuration Management Database. It records all the assets in the organization. ISO/IEC 15408 (Common Criteria) requires that the implementation, documentation, tests, project-related documentation, and tools, including build tools, are maintained in a configuration management system (CMS).
13
New cards
What is booting or bootstrapping?
The sequence of events and processes that self-start the system to a preset state. Also called IPL.
14
New cards
What is IPL?
Initial Program Load. Synonymous with bootstrapping.
15
New cards
What is POST?
Power On Self Test. The first step in bootstrapping/IPL. Needs to be protected so the TCB is maintained.
16
New cards
What is secure startup?
The collection of processes and mechanisms that assure the environment's TCB integrity when the system or software running on the system starts. It is usually implemented using the hardware's trusted platform module (TPM) chip, which provides heightened tamperproof data protection during startup.
17
New cards
What is TPM?
Trusted Platform Module. The chip can be used for storing cryptographic keys and providing identification information on mobile devices for authentication and access management. Physically, the TPM chip is located on the motherboard and is commonly used to create a unique system fingerprint within the boot process.
18
New cards
Describe how acceptable risk and residual risk should interplay.
The level of residual risk in an installation should be below the level of acceptable risk, unless that risk has been formally accepted.
19
New cards
What are detective controls?
Controls that build historical evidence of user and system/process actions. Auditing and IDS.
20
New cards
What are preventive controls?
Controls that make the success of the attacker difficult. Input validation, output encoding, bounds checking, patching, and intrusion prevention systems (IPS).
21
New cards
What are deterrent controls?
Controls that dissuade an attacker without actually preventing the action. Auditing.
22
New cards
What are corrective controls?
Controls that return the system to its correct state in the event of a failure. Load balancing, clustering, and failover of data and systems.
23
New cards
What are compensating controls?
Controls that are implemented when the prescribed software controls (by policy or requirement) can't be met due to legitimate constraints.
24
New cards
What are the PCI DSS requirements for compensating controls?
Meet the intent and rigor of the original requirement. Provide a similar level of defense as the original requirement. Be part of a defense in depth implementation so that other requirements are not adversely impacted. Be commensurate with additional risk imposed by not adhering to the requirement.
25
New cards
What should be monitored?
Broadly, anything that poses a reputational risk to the business. This could include any operations that can cause a disruption to the business (business continuity operations) and/or operations that are administrative, critical, and privileged in nature. Additionally, systems and software that operate in environments that are of low trust, such as in a demilitarized zone (DMZ), must be monitored.
26
New cards
What are the primary ways in which monitoring is accomplished?
Scanning, Logging, Intrusion detection
27
New cards
What are the primary ways in which monitoring is accomplished?
Scanning, Logging, Intrusion detection
28
New cards
What are the core security objectives of auditing?
(Original card refers only to a page/section citation "7.4.1.3" without a full answer recorded.)
29
New cards
What is a bastion host?
(Original card refers only to a page/section citation "7.4.1.3" without a full answer recorded.)
30
New cards
What is a honeypot?
(Original card refers only to a page/section citation "7.4.1.3" without a full answer recorded.)
31
New cards
What are the characteristics of good metrics?
Consistency. Quantitative: a number or percentage, not a vague "high, medium, low". Objective. Contextually specific. Inexpensive.
32
New cards
What is the difference between an event, an alert, and an incident?
An event is any action that is directed at an object that attempts to change its state. An alert is generated for an event that matches a preset condition or pattern, typically because the event can be expected to have negative consequences. An incident violates or threatens to violate the security policy of the network, system, or software applications.
33
New cards
What are the major incident types?
DoS, Malicious code, Unauthorized access, Inappropriate usage, Multiple component (encompasses more than one incident)
34
New cards
Describe the Incident Response Process.
1. Preparation. 2. Detection and analysis. 3. Containment, eradication, and recovery. 4. Postincident activity.
35
New cards
What are the 5 Ws of postincident analysis?
What happened? When did it happen? Where did it happen? Who was involved? Why did it happen? (Why is most important.)
36
New cards
What is the difference between incident management and problem management?
Incident management aims at restoring service and business operations as quickly as possible, whereas problem management is focused on improving the service and business operations.
37
New cards
What is the difference between a problem and a known error?
When the cause of an incident is unknown, it is said to be a problem. A known error is an identified root cause of a problem.
38
New cards
What are the two CSFs of problem management?
Avoiding repeated incidents. Minimize the adverse impacts of incidents and problems on the business.
39
New cards
What is the Problem Management Process Flow?
1. Incident Notification. 2. Root cause analysis. 3. Solution determination. 4. Request for change. 5. Implement solution. 6. Monitor and report.
40
New cards
Describe RCA.
Root Cause Analysis. Asking "Why did the problem happen?" repeatedly and systematically until there are no more reasons. Litmus test: when you identify the root cause and fix it, the problem no longer exists. If that's not true, you haven't found the root cause.
41
New cards
What is a fishbone diagram?
A tool used in Root Cause Analysis.
42
New cards
What's the difference between incident management and problem management?
Incident management treats symptoms (reboot it). Problem management addresses the core of the problem.
43
New cards
What is the difference between a Hotfix and a Service Pack?
A hotfix is a functional or security patch that is provided by the software vendor or developer. It usually includes no new functionality or features and makes no changes to the hardware or software. Also called a QFE (Quick Fix Engineering). A Service Pack is usually a rollup of multiple hotfixes and may also provide additional enhancements and functionality.
44
New cards
What is disposal?
Discarding media without giving any considerations to sanitization.
45
New cards
What is sanitization?
The catchall term for removing data from media.
46
New cards
What is clearing?
Sanitizing by overwriting logical and addressable storage with nonsensitive random data. Data remanence can be an issue, and it doesn't work on damaged or write-once media.
47
New cards
What is purging?
Sanitizing media by rendering the data into an unrecoverable state. Degaussing. ATA Secure Erase.
48
New cards
What is destruction?
A method of ensuring that the media can no longer be reused and the recovery of data is virtually impossible. Disintegration, pulverization, melting, incineration, shredding.
49
New cards
What is cause mapping?
A problem solving method that draws out, visually, the multiple chains of interconnecting causes that lead to an incident. The method, which breaks problems down into specific cause-and-effect relationships, can be applied to a variety of problems and situations.
50
New cards
What is an Ishikawa diagram?
Also known as the fishbone diagram or cause and effect diagram.
51
New cards
What are KPIs?
Metrics used by organizations to measure their progress toward their goals.
52
New cards
Occurs when there are significant changes to the information system affecting the security of the system or when a specified time period has elapsed in accordance with federal or agency policy.
Reaccreditation
53
New cards
What is included in Software Configuration Management?
Versioning, backups, check-in and check-out practices, and management of software configuration.