Week 12

Questions and Answers

What is the primary purpose of data destruction?

To ensure discarded information is truly destroyed (correct)

To free up storage space

To improve remote access

To protect against malware

What is degaussing used for?

To encrypt data

To scan for malware

To shred physical documents

To destroy sensitive data on magnetic media (correct)

What are the consequences of uncontrolled malware?

Improved remote access and faster networks

Loss of business information and disruption of business processes (correct)

Increased productivity and improved security

Enhanced data encryption and stronger authentication

What is the main advantage of remote access?

Increased productivity by permitting employees to access business information from any location

What is central anti-malware management used for?

To detect and respond to malware threats

What is the purpose of defense in depth?

To protect assets by layering multiple security controls

What are the three types of controls?

Technical, administrative, and physical

What is encryption used for in remote access?

To encrypt data in transit

What is the primary goal of data classification?

To establish sensitivity levels and handling procedures

What is a key aspect of access management?

Privilege management

What is the primary purpose of records retention policies?

To specify how long different types of records must be retained

What is a key benefit of training users on data classification?

To ensure that users understand handling procedures for each level

What is a risk related to business records that records retention policies help to manage?

All of the above

What is an aspect of access management that helps to ensure secure access to information?

Secure log on

What is a key aspect of data classification?

Establishing handling procedures for each level

What is a benefit of implementing records management controls?

Better management of sensitive information

What is the primary objective of applying security concepts to computer and business operations?

To protect resources and ensure confidentiality, integrity, and availability

What is the main purpose of records management security controls?

To manage and protect records

What is the primary principle of need-to-know?

Restricting access to sensitive information based on job duties

What is the main goal of incident management?

To manage and respond to security incidents

What is the purpose of job rotation in security operations?

To rotate personnel through different job roles to reduce the risk of fraud

What is the main objective of remote access security controls?

To ensure secure remote access to organizational resources

What is the primary goal of administrative management and control of information security?

To manage and oversee the overall information security program

What is the main objective of vulnerability management?

To identify and mitigate vulnerabilities in organizational systems

What type of information may be contained in documentation?

Trade secrets and sensitive information

What is the first step in incident management?

Incident declaration

What is the purpose of fault tolerance?

To make devices less prone to failure

What is RAID?

Redundant Array of Inexpensive Disks

What is clustering in high-availability architectures?

A group of servers operating as a single logical server

What is the purpose of replication in high-availability architectures?

To ensure data availability

What is a geo-cluster?

A cluster of servers located at great distances from one another

What happens during failover in a clustering system?

The passive server becomes active

What is the main function of replication in a clustering system?

To make current data available to all cluster nodes

What is the primary benefit of virtualization?

Ability to logically and physically move systems between servers

What is the focus of business continuity management?

Analyzing risks associated with potential disaster scenarios

Which of the following is NOT a component of vulnerability management?

Data replication and backup

What is the primary goal of replication in a clustering system?

To ensure data availability across all cluster nodes

What is the main advantage of virtualization in a business continuity context?

Flexibility in system management and deployment

What is a key component of business continuity management?

Risk analysis and mitigation strategies

What is the primary focus of vulnerability management?

Identifying and mitigating vulnerabilities

Study Notes

Security Operations Concepts

• Need to know: personnel should have access to only necessary information to perform their duties, independent of security clearance
• Least privilege: personnel should have the minimum level of access required to perform their duties
• Separation of duties: divide tasks and responsibilities to prevent any one person from having too much control
• Job rotation: regularly rotate personnel to different roles to prevent familiarity and reduce risk
• Monitoring of special privileges: regularly monitor and audit access to sensitive information

Records Management Controls

• Data classification: establish sensitivity levels and handling procedures for each level
• Access management: policies, procedures, and controls that determine how information is accessed and by whom
• Records retention: policies that specify how long different types of records must be retained
• Backups: ensuring data is backed up regularly to prevent loss
• Data destruction: ensuring discarded information is truly destroyed and not salvageable by employees or outsiders

Data Classification

• Establish sensitivity levels
• Establish handling procedures for each level
• Train users on classification and handling procedures

Access Management

• Policies, procedures, and controls that determine how information is accessed and by whom
• User account provisioning
• Privilege management
• Password management
• Review of access rights
• Secure logon

Records Retention

• Policies that specify how long different types of records must be retained
• Manage risks related to business records, including:
  • Risk of compromise of sensitive information
  • Risk of loss of important information
  • E-Discovery
  • Regulation

Data Destruction

• Purpose: ensure discarded information is truly destroyed and not salvageable by employees or outsiders
• Methods:
  • Degaussing
  • Shredding
  • Wiping

Anti-Virus and Anti-Malware

• Effects of uncontrolled malware:
  • Loss of business information
  • Disclosure or compromise of business information
  • Corruption of business information
  • Disruption of business information processing
  • Inability to access business information
  • Loss of productivity
• Apply defense in depth to protect assets
• Central anti-malware management

Remote Access

• Connectivity to a network or system from a remote location
• Improves productivity by permitting employees to access business information from any location
• Risk mitigation strategies:
  • Encryption
  • Strong authentication
  • Anti-malware
  • Firewall

Types of Controls

• Technical
• Physical
• Administrative

Resource Protection

• Documentation:
  • May contain trade secrets and sensitive information
  • Processes, procedures, and instructions
  • Version control
  • Access control

Incident Management

• Incident declaration
• Triage
• Investigation
• Analysis
• Containment
• Recovery
• Debriefing

High-Availability Architectures

• Fault tolerance
• Clustering
• Failover
• Replication
• Virtualization

Fault Tolerance

• Makes devices less prone to failure
• Methods:
  • Multiple power supplies
  • Multiple network interfaces
  • Multiple processor units
  • RAID (Redundant Array of Inexpensive / Independent Disks)

Clustering

• A group of two or more servers that operate functionally as a single logical server
• Active-active mode
• Active-passive mode
• Failover: when active status is transferred
• Geo-cluster: servers located at great distances from one another

Replication

• Data changes are transmitted to a counterpart storage system
• An adjunct to clustering, makes current data available to all cluster nodes

Virtualization

• Multiple operating system instances on a single server platform
• Systems can be logically and physically moved from one server platform to another
• Types:
  • Local
  • Long distance

Business Continuity Management

• A management activity where analysis is performed to better understand the risks associated with potential disaster scenarios, and the steps that can be taken to reduce the impact of a disaster should one occur

Vulnerability Management

• Vulnerability scanning
• Application scanning
• Penetration testing
• Source code reviews and scanning
• Threat modeling
• Patch management

Description

This quiz covers security concepts in computer and business operations, including records management, backups, anti-virus software, and remote access. It's based on the CISSP Guide to Security Essentials, Second Edition, Chapter 7.