CSC 1: Inventory and Control of Enterprise Assets

Podcast Beta

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What is an Information System according to ISO/IEC 27000:2018?

A set of networks and devices

A set of applications, services, information technology assets or other information-handling components (correct)

A set of people and procedures

A set of software and hardware

What is involved in developing and operating an Information System?

Methods and procedures, data, technology (software/hardware), and people (correct)

Only technology (software/hardware)

Only data

Only methods and procedures

What is a fundamental question in managing information security?

How do we know that we are secure? (correct)

What is ISO/IEC 27000:2018?

How do we manage information security?

What is an Information System?

What is a critical component of an Information System?

People Signup and view all the answers

What is the primary goal of software whitelisting?

To actively manage all software on the network Signup and view all the answers

What is necessary to ensure an Information System is secure and stays secure?

Managing information security Signup and view all the answers

What is essential for maintaining the security of an Information System?

All of the above Signup and view all the answers

Which of the following is a potential risk associated with employees installing software from third parties?

Malware infection Signup and view all the answers

What is the purpose of deploying a software inventory tool?

To track operating system and application installations Signup and view all the answers

What is a critical aspect of Network Infrastructure Security?

Implementing Firewalls Signup and view all the answers

What is a potential attack vector mentioned in the text?

Vulnerability scanning Signup and view all the answers

What is essential for ensuring the security of an Information System?

All of the above Signup and view all the answers

What is the purpose of creating a whitelist of authorized software?

To prevent unauthorized software installation Signup and view all the answers

What is the potential consequence of not implementing software whitelisting?

Unmanaged software installation and execution Signup and view all the answers

What is the primary objective of the analytics system mentioned in the text?

To generate alerts and reports Signup and view all the answers

What is the role of Enforce!Access in the context of software whitelisting?

To enforce access control policies Signup and view all the answers

What is the primary goal of actively managing hardware devices on a network?

To ensure only authorized devices have access to the network Signup and view all the answers

What is the main reason why attackers continuously scan address spaces for new systems?

To exploit unprotected systems for malicious activities Signup and view all the answers

What is the purpose of a Public Key Infrastructure (PKI) in network security?

To provide authentication for network devices Signup and view all the answers

What is the function of an Analytics System in network security?

To monitor and analyze network traffic for security threats Signup and view all the answers

What is the purpose of passive device discovery in network security?

To identify and manage assets on the network Signup and view all the answers

What is the main benefit of using 802.1x authentication in network security?

It ensures that only authorized devices have access to the network Signup and view all the answers

What is the primary purpose of an Asset Inventory in network security?

To manage and track devices on the network Signup and view all the answers

What is the main risk associated with unauthorized devices on a network?

All of the above Signup and view all the answers

Study Notes

Inventory and Control of Enterprise Assets

Goal: Actively manage all hardware devices on the network to ensure only authorized devices have access, and unauthorized devices are found and prevented from accessing the network.
Rationale: Attackers continuously scan address spaces for new systems that might be unprotected.
Components involved:
- Asset Inventory Database
- Network Level Authentication (NLA)
- Public Key Infrastructure (PKI)
- 802.1x
- Passive Device Discovery
- Active Device Discovery
- Analytics System (Alerting/Reporting)

Information System

Definition: A set of applications, services, information technology assets, or other information-handling components.
Includes:
- Methods and procedures
- Data
- Technology (software/hardware)
- People

Fundamental Questions

How do we manage information security to ensure an information system (or an entire organization) is secure and stays secure?
How do we know that we are secure?

Software Whitelisting

Goal: Actively manage all software on the network to ensure only authorized software is installed and can execute, and unauthorized software is found and prevented from installation/execution.
Rationale: Attackers continuously try to find vulnerable software versions, and employees install/run software from third parties that might cause problems.
Implementation:
- Devise a white-list of authorized software and versions required in the enterprise.
- Deploy a software inventory tool to track the operating system and applications installed on each asset.