IT Security: Asset Inventory and Employee ID

Security Benefits of Asset Inventory Stickers

• Labeling laptops with asset inventory stickers and associating them with employee IDs provides security benefits, including:
  • Notifying the correct employee in case of a security incident, enabling quick containment and minimization of damage
  • Accounting for company data when an employee leaves the organization

Data Exfiltration

• Data exfiltration is a technique used in advanced persistent threat (APT) attacks to steal sensitive data by transmitting it through DNS queries and responses
• A large number of unusual DNS queries to systems on the internet over short periods of time during non-business hours is a strong indicator of data exfiltration

Principle of Least Privilege

• The principle of least privilege ensures data is protected from unauthorized access or disclosure, which is a key concept in confidentiality
• Permissions on a human resources file share should follow the principle of least privilege to ensure confidentiality

Memory Injection Vulnerabilities

• Memory injection vulnerabilities allow unauthorized code or commands to be executed within a software program, leading to abnormal behavior
• This can be exploited by attackers to inject malicious code, and can be detected by unusual behavior such as generating outbound traffic over random high ports

Security Awareness Program

• Factors to address when formulating a training curriculum plan for a security awareness program include:
  • User-based training and awareness
  • Prioritizing training based on job functions and roles

Risk Measurement

• A full inventory of all hardware and software is essential for measuring the overall risk to an organization when a new vulnerability is disclosed
• This allows the security analyst to identify which systems are affected by the vulnerability and prioritize remediation efforts

Code Signing

• Code signing is a technique that uses cryptography to verify the authenticity and integrity of code created by a company
• This ensures the authenticity of the code and can be used to verify the code's origin and integrity

Impersonation Attacks

• Whaling is a type of phishing attack that targets high-profile individuals, such as executives, celebrities, or politicians
• An attacker impersonating someone with authority or influence can trick the victim into performing an action, such as transferring money, revealing sensitive information, or clicking on a malicious link

File Integrity Monitoring

• File Integrity Monitoring (FIM) is a method to secure data by detecting any changes or modifications to files, directories, or registry keys
• FIM can help track any unauthorized or malicious changes to the data and verify the integrity and compliance of the data

Business Email Compromise Attack

• A business email compromise (BEC) attack is a type of phishing attack that targets employees who have access to company funds or sensitive information
• The attacker impersonates a trusted person, such as an executive, a vendor, or a client, and requests a fraudulent payment, a wire transfer, or confidential data