Podcast
Questions and Answers
What is an Information System according to ISO/IEC 27000:2018?
What is an Information System according to ISO/IEC 27000:2018?
What is involved in developing and operating an Information System?
What is involved in developing and operating an Information System?
What is a fundamental question in managing information security?
What is a fundamental question in managing information security?
What is a critical component of an Information System?
What is a critical component of an Information System?
Signup and view all the answers
What is the primary goal of software whitelisting?
What is the primary goal of software whitelisting?
Signup and view all the answers
What is necessary to ensure an Information System is secure and stays secure?
What is necessary to ensure an Information System is secure and stays secure?
Signup and view all the answers
What is essential for maintaining the security of an Information System?
What is essential for maintaining the security of an Information System?
Signup and view all the answers
Which of the following is a potential risk associated with employees installing software from third parties?
Which of the following is a potential risk associated with employees installing software from third parties?
Signup and view all the answers
What is the purpose of deploying a software inventory tool?
What is the purpose of deploying a software inventory tool?
Signup and view all the answers
What is a critical aspect of Network Infrastructure Security?
What is a critical aspect of Network Infrastructure Security?
Signup and view all the answers
What is a potential attack vector mentioned in the text?
What is a potential attack vector mentioned in the text?
Signup and view all the answers
What is essential for ensuring the security of an Information System?
What is essential for ensuring the security of an Information System?
Signup and view all the answers
What is the purpose of creating a whitelist of authorized software?
What is the purpose of creating a whitelist of authorized software?
Signup and view all the answers
What is the potential consequence of not implementing software whitelisting?
What is the potential consequence of not implementing software whitelisting?
Signup and view all the answers
What is the primary objective of the analytics system mentioned in the text?
What is the primary objective of the analytics system mentioned in the text?
Signup and view all the answers
What is the role of Enforce!Access in the context of software whitelisting?
What is the role of Enforce!Access in the context of software whitelisting?
Signup and view all the answers
What is the primary goal of actively managing hardware devices on a network?
What is the primary goal of actively managing hardware devices on a network?
Signup and view all the answers
What is the main reason why attackers continuously scan address spaces for new systems?
What is the main reason why attackers continuously scan address spaces for new systems?
Signup and view all the answers
What is the purpose of a Public Key Infrastructure (PKI) in network security?
What is the purpose of a Public Key Infrastructure (PKI) in network security?
Signup and view all the answers
What is the function of an Analytics System in network security?
What is the function of an Analytics System in network security?
Signup and view all the answers
What is the purpose of passive device discovery in network security?
What is the purpose of passive device discovery in network security?
Signup and view all the answers
What is the main benefit of using 802.1x authentication in network security?
What is the main benefit of using 802.1x authentication in network security?
Signup and view all the answers
What is the primary purpose of an Asset Inventory in network security?
What is the primary purpose of an Asset Inventory in network security?
Signup and view all the answers
What is the main risk associated with unauthorized devices on a network?
What is the main risk associated with unauthorized devices on a network?
Signup and view all the answers
Study Notes
Inventory and Control of Enterprise Assets
- Goal: Actively manage all hardware devices on the network to ensure only authorized devices have access, and unauthorized devices are found and prevented from accessing the network.
- Rationale: Attackers continuously scan address spaces for new systems that might be unprotected.
- Components involved:
- Asset Inventory Database
- Network Level Authentication (NLA)
- Public Key Infrastructure (PKI)
- 802.1x
- Passive Device Discovery
- Active Device Discovery
- Analytics System (Alerting/Reporting)
Information System
- Definition: A set of applications, services, information technology assets, or other information-handling components.
- Includes:
- Methods and procedures
- Data
- Technology (software/hardware)
- People
Fundamental Questions
- How do we manage information security to ensure an information system (or an entire organization) is secure and stays secure?
- How do we know that we are secure?
Software Whitelisting
- Goal: Actively manage all software on the network to ensure only authorized software is installed and can execute, and unauthorized software is found and prevented from installation/execution.
- Rationale: Attackers continuously try to find vulnerable software versions, and employees install/run software from third parties that might cause problems.
- Implementation:
- Devise a white-list of authorized software and versions required in the enterprise.
- Deploy a software inventory tool to track the operating system and applications installed on each asset.
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
Description
This quiz covers the concepts and principles of inventory and control of enterprise assets in the context of Computer Systems and Communications.
