1.0 (43/46) OF TERMS

Flashcards for Security Concepts

1.1 Compare and Contrast Various Types of Security Controls

Categories of Security Controls:

Technical:

• Definition: Hardware or software systems designed to monitor and control security.

• Examples: Network IDS, biometric security devices, firewalls, antivirus software.

Administrative (Managerial):

• Definition: Policies, procedures, and guidelines for managing security.

• Examples: Risk identification tools, security awareness training, incident response plans.

Operational:

• Definition: Human-centric, focusing on procedures and responsibilities to maintain security.

• Examples: Cybersecurity training, password policy, disaster recovery planning.

Physical:

• Definition: Manages access to premises and hardware, often more expensive than technical controls.

• Examples: Building access control systems, security cameras, fencing, gates.

Control Types:

Preventive:

• Definition: Restricts unauthorized access physically or logically.

• Examples: System passwords, door locks, firewalls.

Deterrent:

• Definition: Discourages attacks psychologically.

• Examples: Warning signs, security cameras.

Detective:

• Definition: Identifies and records attempted or successful intrusions.

• Examples: Intrusion detection systems (IDS), security cameras, log monitoring.

Corrective:

• Definition: Responds to and fixes incidents.

• Examples: Antivirus software, patch management.

Compensating:

• Definition: Provides alternative means when primary controls are insufficient.

• Examples: Temporary firewalls, manual processes.

Directive:

• Definition: Guides behavior with policies, procedures, and guidelines.

• Examples: Security policies, compliance regulations.

1.2 Summarize Fundamental Security Concepts

Core Principles:

CIA Triad:

• Confidentiality: Ensures data is accessible only to authorized personnel.

• Integrity: Ensures data remains unaltered during storage and transfer.

• Availability: Guarantees data accessibility.

Non-repudiation:

• Ensures authenticity of data through mechanisms like digital signatures.

AAA (Authentication, Authorization, Accounting):

• Authentication: Verifies users or systems.

• Authorization: Grants appropriate access.

• Accounting: Tracks user actions.

Threats and Risks:

Threat Actor Types:

• Hacktivists,

  • Definition: Hacktivists are individuals or groups that use hacking techniques to promote political, social, or ideological causes. They often target governments, corporations, or organizations they oppose.
    Example: A hacktivist group defaces a government website to protest internet censorship.

• nation-states,

  • Definition: Nation-states refer to governments or state-sponsored groups that conduct cyberattacks for espionage, disruption, or warfare. They have significant resources and advanced hacking capabilities.
    Example: A country's intelligence agency hacks another nation's power grid to disrupt its infrastructure.

• insider threats,

  • Definition: Insider threats come from employees, contractors, or business partners who misuse their access to harm an organization, either intentionally or accidentally.
    Example: A disgruntled employee leaks confidential company data to a competitor before quitting.

• organized crime.

  • Definition: Organized crime groups use hacking for financial gain, often engaging in cyber fraud, identity theft, or ransomware attacks. They operate like businesses but focus on illegal activities.
    Example: A cybercrime gang infects a hospital’s network with ransomware and demands payment to restore patient records.

Attack Vectors:

• Paths or means by which an attacker gains unauthorized access (e.g., phishing, malware).

Risk Assessment/Management:

• Identifying, analyzing, and prioritizing risks to mitigate potential impacts.

Principle of Least Privilege:

• Providing the minimum level of access necessary.

Security Posture:

• Overall security readiness of an organization.

Zero Trust:

• Definition: No implicit trust; continuous verification required.

Adaptive Identity:

• Definition: Adjusts user access dynamically based on behavior.

Policy-driven Access Control:

• Definition: Uses policies to maintain security.

1.3 Importance of Change Management Processes

Business Processes Impacting Security Operations:

Approval Process:

• Evaluates and authorizes changes.

Ownership:

• Assigns responsibility for overseeing changes.

Stakeholders:

• Individuals/groups affected by changes.

Backout Plan:

• Strategy for reverting to previous system state.

Technical Implications:

Configuration Management:

• Tracking and controlling changes in the system.

Version Control:

• Managing changes in documentation, configurations, and source code.

Continuous Monitoring:

• Tracking ongoing changes to ensure security.

Allow/Deny Lists:

• Defines what is permitted or restricted.

Downtime:

• Scheduled service unavailability for updates.

Service/Application Restart:

• Stops and restarts services or applications for updates.

1.4 Appropriate Cryptographic Solutions

Cryptographic Components:

Public Key Infrastructure (PKI):

• Framework for managing digital certificates.

Public/Private Keys:

• Public key encrypts; private key decrypts.

Encryption Levels:

Data at Rest:

• Full-disk, partition, file, and database encryption.

Data in Transit:

• Uses transport encryption like HTTPS or VPNs.

Encryption Types:

Symmetric Encryption:

• Uses a single shared key.

Asymmetric Encryption:

• Uses a pair of public and private keys.

Hybrid Encryption:

• Combines symmetric and asymmetric encryption.

Cryptographic Tools:

Hashing:

• Ensures data integrity. Examples: MD5, SHA-256.

Digital Signatures:

• Used for verifying authenticity and integrity.

TLS/SSL:

• Secures web communication.

Block vs. Stream Ciphers:

• Characteristics and use cases.

Trusted Platform Module (TPM):

• Built-in cryptoprocessor for secure operations.

Hardware Security Module (HSM):

• External cryptoprocessor for key management.

Quantum Cryptography:

• Emerging technology for encryption.

Physical Security Measures

Perimeter Security:

• Gates, fences, guard patrols.

Bollards:

• Steel posts to prevent vehicular access.

Access Control Vestibule (Mantrap):

• Small enclosed space with interlocking doors.

Video Surveillance:

• CCTV for monitoring activities.

Lighting:

• Enhances visibility and deters unauthorized access.

Access Badges:

• Physical credentials that allow entry to secure areas, often integrated with electronic access control systems.

Biometric Systems:

• Fingerprint, iris, and facial recognition as access methods.

Environmental Controls:

• Fire suppression, HVAC systems for physical equipment protection.

Deception and Disruption Technologies

Honeypot:

• Mimics real systems to lure attackers.

Honeynet:

• Network of interconnected honeypots.

Honeyfile:

• Fake sensitive files to detect unauthorized access.

Honeytoken:

• False credentials to distract and alert on intrusions.