Security Controls Overview

Questions and Answers

What type of security control is concerned with protecting against logical attacks and exploits?

• Technical (correct)
• Operational
• Managerial
• Physical

Which of the following is a characteristic of corrective security controls?

• Discourages policy violations.
• Returns systems to normal after an incident. (correct)
• Detects unauthorized activity.
• Thwarts unwanted activity from occurring.

What is the primary purpose of physical security controls?

• To establish policies.
• To prevent physical attacks on facilities and devices. (correct)
• To discourage logical intrusions.
• To manage personnel activities.

Which of the following best describes the role of managerial security controls?

Focus on compliance and the implementation of policies. (B)

What are countermeasures primarily designed to achieve?

Minimize consequences after an event occurs. (A)

Which control type is primarily aimed at finding and revealing unauthorized activities?

Detective (C)

What is the primary purpose of auditing logs?

To record user activities for accountability (C)

Which of the following options is an example of an operational control?

Security training (C)

In which access control model do owners grant or deny access to their objects?

Discretionary Access Control (DAC) (D)

What is the function of deterrent controls?

Encourage the user to comply with security measures. (B)

Which access control model is known for enforcing system-wide restrictions?

Role Based Access Control (RBAC) (D)

What is a key characteristic of Mandatory Access Control (MAC)?

Access is predetermined by labels (D)

How does Role Based Access Control (RBAC) manage user permissions?

By placing user accounts into roles (D)

What does Attribute-Based Access Control rely on for restricting access?

Attributes like department or location (D)

What benefit do auditing logs provide in terms of organizational policy?

They promote compliance and good behavior (D)

Which of the following is NOT a characteristic of Role Based Access Control (RBAC)?

Grants permissions directly to user accounts (A)

What is the primary purpose of change management processes in security operations?

To reduce risks associated with changes and prevent security incidents (C)

Which of the following is NOT a component of the change management process?

Training employees on new software (D)

What role does change control play in the change management process?

It evaluates change requests to decide on implementation (A)

How does configuration management benefit security operations?

It ensures systems are uniformly configured and current states are known (C)

What is the significance of an approval process in change management?

It is used to review and clear proposed changes before implementation (A)

What is a common method for establishing a baseline in configuration management?

Imaging systems (D)

Which aspect is essential for minimizing downtime during the change management process?

Maintaining a maintenance window (C)

What is the importance of having a documented backout plan in the change management process?

It provides a clear procedure to reverse changes if needed (C)

What is the primary purpose of defining a backout plan in change management?

To provide a step-by-step guide for rolling back a failed change (C)

Why is it important to conduct an impact analysis before implementing a change?

To review potential impacts and side effects of a change (D)

What is a maintenance window in the context of change management?

A scheduled time when changes can be made with minimal business impact (B)

Which of the following best describes the role of stakeholder analysis in change management?

To identify all individuals and groups affected by the change (A)

What are allow lists and deny lists primarily used for in change management?

To restrict access to systems during changes (A)

Which aspect of technical implications is crucial in change management to prevent service disruptions?

Managing downtime associated with changes (D)

What should teams do if a change causes service interruption?

Execute the backout plan to restore service (D)

How can legacy applications affect the change management process?

They may introduce dependencies that complicate changes (C)

What is a key feature of blockchain data once it is added to the chain?

It is cryptographically secured and immutable. (D)

Which consensus mechanism can be used in blockchain to validate new data?

Proof-of-work or proof-of-stake (B)

In cryptographic terms, which strategy is preferred for low power devices for encryption?

ECC (Elliptic Curve Cryptography) (B)

What is a common use of file hashing in cryptography?

To ensure file integrity. (C)

Which method enhances the security of user authentication in a system?

Multi-factor authentication (MFA) (B)

What does support for non-repudiation in digital communications imply?

A private key is used to verify the sender's identity. (D)

What is commonly used in cryptography to prevent sensitive data from being read by unauthorized parties?

Obfuscation techniques (D)

What is a primary limitation of using encryption algorithms?

Encryption slows down processing time. (D)

Study Notes

Security Controls

• Security controls are safeguards or countermeasures that address and minimize the loss or unavailability of services, apps, or data due to security vulnerabilities.
• Safeguards are proactive and aim to reduce the likelihood of security incidents.
• Countermeasures are reactive and are deployed to reduce the impact of a security incident after it occurs.
• Control Types include:
  • Deterrent: Discourages violation of security policies.
  • Preventive: Thwarts or stops unauthorized activities.
  • Detective: Discovers or detects unwanted or unauthorized activity.
  • Compensating: Aids in enforcing security policies when other controls are not sufficient.
  • Corrective: Modifies the environment to return systems to normal after an incident.
  • Directive: Imposes a specific action after authentication.
• Accountability establishes proof of action, including the identity of the user who performed it. This is achieved through authentication, identification, and auditing.
• Auditing Logs and Audit Trails record events and user activities.

Authorization Models

• Non-Discretionary Access Control: Enforces system-wide restrictions, overriding object-specific access control. An example is Role-Based Access Control (RBAC).
• Discretionary Access Control (DAC): Grants or denies access based on the owner of an object. The owner can grant access to any other subject. An example is New Technology File System (NTFS).
• Role-Based Access Control (RBAC): Assigns privileges to roles instead of users, associating user accounts with specific roles. This is typically map to job roles.
• Rule Based Access Control (RBAC): Applies global rules to all subjects. Examples include firewall rules that allow or block traffic equally to all users.
• Mandatory Access Control (MAC): Defines access based on predefined labels assigned to objects and subjects. The system determines access based on these labels. This model commonly seen in military security.
• Attribute-Based Access Control: Restricts access based on attributes associated with the account, such as department, location, or functional designation.

Change Management

• Change Management Processes are critical for ensuring system security and stability. They address business processes and technical implications, and require detailed documentation.
• Change Management addresses:
  • Approval Process: Ensures that proposed changes are reviewed and approved by management.
  • Ownership: Clearly defines responsibility for each change, designating a primary owner.
  • Stakeholder Analysis: Identifies and coordinates with all individuals and groups affected by the change.
  • Impact Analysis: Evaluates potential impacts, including side effects.
  • Testing: Validates the change in a test environment before production rollout.
  • Backout Plan: Outlines the process for reversing a change if it fails.
  • Maintenance Windows: Defines specific times for implementing changes, minimizing impact to the business.
• Technical Implications of change management include:
  • Allow Lists/Deny Lists: Firewall rules, application access lists, and Access Control Lists (ACLs) may need to be updated.
  • Restricted Activities: Certain activities, such as data updates during database replication, may need to be restricted.
  • Downtime: Changes may disrupt services, requiring careful planning to minimize impact.

Cryptographic Concepts

• Cryptographic Choices depend on specific use cases, such as:
  • Low-Power Devices: Frequently use ECC for encryption due to its small key size.
  • Low Latency: Employs specialized encryption hardware or accelerators for efficient encryption and decryption.
  • High Resiliency: Uses the most secure algorithms to prevent key compromise by attackers.
• Cryptography is used to support various security objectives:
  • Confidentiality: Encryption protects sensitive data, ensuring only authorized parties can access it.
  • Integrity: Ensures data has not been tampered with and communications are not altered in transit.
  • Obfuscation: Obscures data, making it unintelligible to unauthorized individuals.
  • Authentication: Verifies user identities and device authenticity.
  • Non-Repudiation: Prevents parties from denying their involvement in a transaction.

Cryptographic Concepts: Limitations

• Speed: Cryptography can impact system performance and resources.

• Key Management: Managing cryptographic keys is crucial for security.

• Algorithm Development: New cryptographic algorithms are constantly being developed.

• Hardware & Software Support: Compatibility between cryptographic algorithms, hardware, and software is essential.

• Blockchains:

  • Public vs. Private Ledgers: Public ledgers allow for more easily changing data, whereas data on a blockchain is immutable and cryptographically secured.
  • Validation: Blockchains uses consensus mechanisms (e.g., Proof-of-Work, Proof-of-Stake) to validate new data. Public ledgers rely on the integrity of a central authority.
  • Transparency: Blockchain transactions are typically pseudonymous for privacy, while public ledger transactions are fully transparent.

Description

This quiz covers the fundamental concepts of security controls, including their types and purposes. Learn about safeguards, countermeasures, and the different control types used to enhance security. Test your knowledge on how these elements work together to protect systems and data.