Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
53 Cards in this Set
- Front
- Back
|
Why use APA standard for documenting?
|
APA is the most popular style of reference for technical writing in the Science, Business, and Management fields and provides continuity among these technical documents. It provides a quick reference to the author and date of publication.
|
|
|
What is plagiarizing?
|
Plagiarizing is using someone else’s work and not acknowledging it, basically theft of intellectual property.
|
|
|
When formulating a security report, what 6 questions should be asked?
|
The six questions that should be asked when formulating a security report are: who, what, when, where, why, and how.
|
|
|
What is meant by the term “chain of custody”?
|
“Chain of custody” is the written record of possession, handling, and location of an item or items. The chain of custody includes the names, times, and dates each person was in possession of these items arranged in chronological order.
|
|
|
When can it be said that something is in “your custody”?
|
Something is in “your custody” when it is in your physical possession, when it is in your view after being in your physical possession, when it is in your physical possession then secured by you to prevent tampering, and when it is kept in a secured area with restricted access to authorized personnel.
|
|
|
What are the three steps for chain of custody procedures when dealing with data?
|
Three steps for chain of custody procedures when dealing with data include: (1) keeping records, including the name of the preparer, the preparation date, and location of the preparation; (2) starting the chain of custody process by documenting all exchanges; and (3) securing information pertaining to data, as well as the data itself.
|
|
|
When should you prepare for an incident?
|
You should prepare beforehand for an incident. This will reduce stress, costs, and time, as well as expedite execution.
|
|
|
What are the 5 steps for quick incident handling?
|
The five steps for quick incident handling include: identification and categorization – determining what is occurring and its investigation worth, then examining the nature of the incident; containment – deploying the incident team, collecting evidence, and assessment; eradication – finding the root cause and eradicating the issue; recovery – returning to operations and loss recovery; and follow-up – rating and critiquing how the incident was managed.
|
|
|
When is a good time to test an incident plan?
|
The best time to test an incident plan is after preparation but before an actual incident occurs. This provides feedback to the efficiency of the response and could alleviate potential issues in the plan. Planning, re-planning, education, and testing should be an ongoing cycle.
|
|
|
Is Information Security a Process or a Project? Explain.
|
Information Security is a process, not a project. A process is something that evolves over time, whereas a project typically allows for a point of termination. Information Security should always be evolving because there will always be new vulnerabilities that will need to be addressed.
|
|
|
Explain the 90/10 rule in Information Security.
|
The 90/10 rule in Information Security is that 90% of Information Security is composed of people and processes and 10% is the actual technology. People are responsible for implementing, configuring, maintaining, and monitoring the technology. People are also responsible for establishing policy and compliance. And lastly, people comprise the collection of users the Information Security will affect.
|
|
|
Explain the concept of Security Awareness.
|
Security Awareness is the level at which a person is knowledgeable of the potential of risk of information being compromised accidentally, deliberately, through damage, or misuse and also the knowledge, skill, and attitude addressing the need to protect this information.
|
|
|
Explain the term “Defense in Depth”.
|
“Defense in Depth” is the layers of defense in place against information vulnerability. Defenses include anti-spyware, anti-virus, encrypted communication, session controls, limitations of usage, strong passwords, keeping software updated (via patches), and physical security. In most instances, it is not necessary to have the “Fort Knox” level of protection, especially for home use – it’s important to be a more difficult candidate for attack than the next guy.
|
|
|
What is Access Control?
|
Access control is the allowance and/or restriction of what a system will do, what resources can be accessed, and what operations can be performed. These permissions are controlled by a systems manager.
|
|
|
What are the three main principles pertaining to Access Controls? Explain each
|
The three main principles that pertain to Access Controls are availability, integrity, and confidentiality. Availability refers to the timely access to resources, operations, and system functions. Integrity is the level of protection from unauthorized access and alteration. Confidentiality is the guarantee of non-disclosure by unauthorized persons, programs, and processes.
|
|
|
What are some methods for verifying Authentication?
|
Authentication is the method of proving one’s identity. Various methods include passwords, passphrases, tokens, and biometrics.
|
|
|
What are some examples of Biometric systems?
|
Examples of biometric systems are iris scan, fingerprint reading, palm scan, hand geometry, voice print, and facial scan
|
|
|
Explain Single Sign-On. List at least one strength and one weakness.
|
Single sign-on is the requirement of only one method of authentication for access. One strength is that the user has quick access, especially in emergency situations. One weakness is that there is less security, resulting in an easier target for unauthorized access.
|
|
|
What is a Buffer Overflow?
|
A buffer overflow is when more data is sent to an application than it can handle causing the application memory to be corrupted and the application to malfunction, resulting in otherwise prohibited access
|
|
|
What is an Intrusion Detection System (IDS)?
|
An IDS is a system designed to be similar to a firewall but to detect any breaches in security. An IDS can react to a breach by sending a signal to end the packet connection (sending and receiving sides), blocking users from specific resources, sending an alert, or reconfigure itself to perform some other action.
|
|
|
What is an Intrusion Prevention System?
|
An Intrusion Prevention System is an extension of an IDS that will not only detect breaches but will attempt to block or stop the unauthorized access.
|
|
|
What is Identity Theft?
|
Identity theft is the unauthorized use of one’s personal information – name, social security number, credit card number, etc., to commit fraud and/or a crime.
|
|
|
What are Spyware and Adware?
|
Spyware is software that is installed unknowingly by the user to gather specific information about the user and relay it to advertisers or other third parties without the permission of the user. Adware is advertising software that automatically triggers ads to display and/or download to a computer
|
|
|
Why are log files important?
|
Log files are important because they are a digital record of activity that can be used to detect attempted intrusions and track suspicious activity
|
|
|
What is Security Administration?
|
Security Administration is the development and ongoing management of policies, procedures, guidelines, and standards relating to the security of information
|
|
|
What is AIC? (Describe each)
|
AIC is the basis of information security – Availability, Integrity, and Confidentiality. Availability is providing the access of those authorized users when information is needed. Integrity is guarantee that information has not been destroyed or altered in any way -- inadvertently or maliciously. Confidentiality is the restriction of access to those with authorization.
|
|
|
List at least five Security Operation concepts and describe each
|
“Need to know” – users only have access to the information required to perform their tasks, restricting access to information that does not pertain to their position. “Least Privilege” – each user has an independent security clearance and has the lowest and/or fewest privileges required to complete his/her tasks. “Job Rotation” – circulating employees throughout company to minimize risk by alluding that their replacement in the next rotation will discover illegal or inappropriate actions. “Separation of Duties” – high-risk and/or high-value tasks require 2 or more different individuals to complete. “Monitoring of Special Privileges” – record activities of administrators (systems, network, database, and applications).
|
|
|
What are the four data classifications (list highest to lowest)?
|
The four data classifications are (from highest to lowest): restricted, confidential, internal use only, and public.
|
|
|
What are the five government data classifications (list highest to lowest)?
|
The five government data classifications are (from highest to lowest): top secret, secret, confidential, sensitive but unclassified, and unclassified
|
|
|
What is Access Management?
|
Access Management is the collection of policies, procedures, and controls that determine how and by whom information is accessed
|
|
|
Why backup data?
|
It is important to backup data to protect against loss. Loss can occur when a system malfunctions, fails, mistakes, or is affected by a disaster, such as fire or flood
|
|
|
What is a security incident?
|
A security incident is an event in which a security policy has been violated, including unauthorized access to information or when there is an occurrence of improper restriction to information by an appropriately authorized user
|
|
|
What is configuration management?
|
Configuration management is the control of a system, including configuration of hardware and software components, to ensure proper operation and implementation of correct security policies. The hardware and software need to be configured to protect the information, as well as the hardware and software components need to be protected against unauthorized changes.
|
|
|
List some reasons for software attacks?
|
Some reasons for software attacks are industrial espionage, vandalism or disruption, denial of service, and political/religious reasons.
|
|
|
What are some types of attacks (explain)?
|
“Buffer overflow attack” – disrupts the software by sending more data to the application than it can handle. “Malicious software” – viruses, worms, Trojan horses, rootkits, bots, spam, pharming, spyware, keyloggers – these are designed to steal, corrupt, and/or destroy information. They are remotely controlled.
|
|
|
What is an SDLC?
|
SDLC is the software development life cycle that is naturally occurring. It is the collection of processes used to design, develop, test, implement, and maintain software.
|
|
|
What is the purpose of an SDLC?
|
The purpose of an SDLC is to follow a set of naturally occurring processes in attempt to define and address all needs in a systematic order.
|
|
|
What is the difference between Redundancy and Failover?
|
Redundancy is keeping at least one backup available to switch to should failure occur. Failover is the ability to automatically switch from a main server to a redundant server should failure occur.
|
|
|
What is software diversity?
|
Software diversity is providing the same functionality in different ways to prevent similar software failures
|
|
|
What is Brooke’s law?
|
Brooke’s law states that as you add personnel after the start of a project, the later the project delivery will be.
|
|
|
• What is the difference between SDLC and a methodology?
|
The difference between SDLC and methodology is that SDLC is naturally occurring, whereas methodology is a human-invented approach to manage the events of SDLC.
|
|
|
• What benefits can following SDLC bring to designing an architecture?
|
By following SDLC, many issues with the existing system can be identified and modified before the software production phase. Also when using SDLC, all aspects of hardware, operating systems, programming, communications, and security are planned out instead of being added at a later time – this typically produces an end product that has greater functionality and fewer bugs.
|
|
|
• Explain why the cost to identify and remove a defect in the early stages of software development might be as much as 100 times less than removing a defect in a piece of software that has been distributed to hundreds of customers.
|
After software has been distributed, the cost can be astronomical to correct any defects. This cost can be in the form corrected software being mailed to each customer (disks) or the usage of bandwidth to provide a patch or new software version on the company’s website. Also, once the software has been finalized, there may be other software conflicts that arise, leading to additional man hours that could have been minimized in the early stages of development.
|
|
|
• Why is it important for software manufacturers to follow a rigorous software development methodology?
|
Methodology provides for consistency and continuity within software development. By the manufacturer defining the management of the SDLC, they can establish guidelines for efficiency and maximum productivity, as well as having a system of checks and balances to meet industry standards.
|
|
|
• Explain why an organization may elect to use a separate, independent testing team rather than the group of people who originally developed the software to conduct quality tests.
|
When a separate testing team is utilized, the team will have fewer biases and be more likely to test the software extensively. When the developers test their own software, they can consciously or subconsciously skip over aspects of the software because of their familiarity to it.
|
|
|
• What is physical security (what does it involve)?
|
Physical security is the protection of personnel, equipment, and property – protecting all assets – against anticipated threats. It involves design of the environment, access control (mechanical, electronic, and procedural), maintaining a security perimeter, and protecting equipment.
|
|
|
• What are the three security roles and responsibilities relating to security convergence?
|
The three security roles and responsibilities relating to security convergence are operational security, facilities management, and information security. Operational security is responsible for creating policies and procedures and establishing controls to access sensitive data. Facilities management is responsible for running and maintaining environmental and mechanical systems, such as HVAC and fire alarms. Information security is responsible for protecting the confidentiality, integrity, and availability of data, form accidental or intentional misuse.
|
|
|
• What is the purpose of a risk assessment?
|
The purpose of a risk assessment is to assess a system’s use of resources and eliminate and/or manage vulnerabilities. A risk assessment should define the scope of the assessment, identify all assets to be protected, and identify all threats.
|
|
|
• What is the most important part of maintaining the security of a computer system?
|
Physical security is the most important part of maintaining the security of a computer system. Physical security is often overlooked because of the system administrators’ proximity to the system.
|
|
|
• What is a firewall?
|
A firewall is a device or series of components that polices traffic between the two networks it resides.
|
|
|
• Explain the concept of Deny versus Allow in Firewall rules?
|
Using the option to “deny” in the Firewall rules will only prevent those listed from accessing the network. This list will not keep out all potential attacks because it is impossible to predict who will attack one’s network without a previous attempt. Using the option to “allow” in the Firewall rules limits access to only those provided on the list, preventing all unwanted connections.
|
|
|
• Why would hiring an ex-hacker not be wise for a security position?
|
An ex-hacker could see a security position as an invitation to unethically access the system he should be protecting. Although he may have experience hacking systems, he may be deficient in the knowledge and training to prevent other vulnerabilities and attacks.
|
|
|
• Why should you ask permission or alert fellow personnel before running Penetration tests?
|
If you do not ask permission or alert fellow personnel, your Penetration test could be misconstrued as an attack and a violation of the company’s security policy, resulting in loss of employment and legal prosecution.
|
