< All CompTIA Security+ Notes

Raul | CompTIA Security+ | Module 2

By: Raul Pop | Related Course: CompTIA Security+ | Published: May 28, 2017 | Modified: May 28, 2017
Join Cybrary

NotepadAppropriate Risk Mitigation

Change Management

Incident management

User rights and Permissions Reviews

Perform Routine Audits

Enforce Policies to prevent Data Loss of theft

Data loss Prevention

 


NotepadBasic Forensic Procedures

-Order of volatility

Registers,cache,RAM

Network cache,virtual memory

Hard drivers,flash drivers

CD Coms ,DVD Coms

 

-Capture System Image

Take has of original media

Capture image

Take hash of image

 

-Network Logs

See traffic network,logs

Record time off set

Capture Screen Shot

Collect Review Witnesses

Capture video

Track man hows and expenses

Chain of custody

Big data analysis

 


NotepadControl Types

Control Types

-Control is what we put in place a component to implement and enforce the security requirements of the organization

Deterrent controls-discourage potential attackers

Preventive controls-avoid incident from occurring

Detective controls- identify incidents

Compensating controls-alternative controls

Technical controls-password,encryption smart cards

Administrative controls-policies,procedures


NotepadGoals of Security

CIA

1)Confidentiality

2)Integrity

3)Availability

 

1)Confidentiality

-Encryption

-Access controls

-Steganography=>least significant bit

 

2)Integrity

-Digital Signatures

-Certificates

-Non reputation

 

3)Availability

-Redundancy

-Fault tolerance

-Patching

 

4)Safety

-Fencing

-lighting

-locks

-CCTV

-Escape Plans

-Drills

-Escape Routes

-Testing Controls

 

 


NotepadImportance of Security

A policy is a high leveled statement dictated by management. It is simply a set of rules management will put these rules together and we call it a policy. Whatever the policy addresses is how we name the policy. So if we say security policy; this policy is addressing how rules that govern security for the organization.

 

The security policies are broken down into procedures for users to carry out their activities within their environment


NotepadImportance of Security Awareness

Tail gating

Personally Owned devices

Phishing attacks

Social Engineering

Zero Day exploits(upgrade the device)

Social network/Peer to peer

-data leakage (sn)

-controls could be lading(p2p)

-what is on the other side.(sn)

-data confidentiality(sn)

-accidentally disclose information(sn)

 

As a continuation of our discussion on the Importance of Security, we look at why security awareness training is essential for both the technical professional and the end user.

For example, if there is a policy in place that users are constantly breaching, a security or IT professional must be able to identify this and training users on what the policy is, why a give procedure is in place, what they subject themselves and the company to by the explore they engage it and how they can still achieve what they need with proper guidance on how to do that in a safe and secure manner.


NotepadIncident Response Procedures

Incident Response Procedures

-Preparation

-Incident Identification

-Escalation and notification

-Mitigating Steps

-Lessons learned

-Reporting

-Recovery Procedures

-First Responder

-Data breach

-Damage and loss control

 

 


NotepadPhysical Security and Environemental

HVAC(heating, ventilation and air conditioning)

-independent power source

-positive air pressure

-protect intake vents

-emergency cut offs

 

Fire suppression

-reduce the oxygen,fuel,heat

 

EMI Shielding(Electromagnetic Interface)

-cables with pairs

-coax cable

-twisted pairs cable

 

Cold tiles and hot tiles

-arrange the servers 

 

Environmental monitoring

-air monitor

-water monitor

-humidity

-temperature

 

Physical Security

-Hardware locks

-Man traps

-Video Surveilance

-Fencing

-Access lists

-Proper lighting

-Guards

-Barricades

-Biometric

-Proximity readers(Card readers ID)

-Alarms

 


NotepadRisk Management Best Practice

BIA-Business Impact Analysis

-Identify critical systems and components

-Automated

-Ensure multiple people

 

Remove Single Point of failure

Risk asessement 


NotepadRisk Related

Control could be hardware or software to implement and enforce  a policy.It is a solution we put in place to implement and enforce the policy.

Control types:

-Technical(password,encryption)

-Management(Policies,Procedures,best practices)

-Operational(Procedures,Standards,best practices)

 

If you are lax or tight controls it becomes:

-False Positives

-False Negatives

 

Importance of Policies to reduce list:

-Privacy policy

-Acceptable use Policy

-Security Policy

-Mandatory Vacation

-Job rotation

-Separation of duties

-least Privileges


NotepadRisk Related

Risk Calculation

-MTTR -Mean Time to Repair

include the time fix and test

-MTBF- Mean Time Between Failure

how long will be used this device and then failure to repair

-MTTF- Mean Time to Failure

the device which you are using and its failure and dont repair

 

Analyzed loss expectancy

ALE- Annualized Loss Expectancy(SLE x ARO)

SLE- Single Loss Expectancy

ARO- Annualized Rate of Occurrence

 

Risk calculations

Quantitative analysis->numeric values

Qualitative analysis->experience,subjective

 

Valunerabilities

-Threat factors

-Risk/Probability

 

Risk Response

-Mitagate->Put controls in place

-Transfer->Buy insurance

-Avoidance->Back out

-Deterrence->Deter threats

-Acceptance->Accept risks

 

Risk with cloud computing

-Confidentiality

-Availability-Server availability,backups

-Control in other people’s hands

 

Risk with virtualization

Orphan VM

VM Escape

Prohibited Software

Best practices and standards

 

Malicious person can attack the hyper visor through virtual machine then host PC

 

RTO-Recovery Time Objective

-measure of time with which we can recover a device that is down

 

RPO-Recovery Point Objective

do a recovery point,you must give a point at which you want to recover something.

 

 


NotepadSecurity Implications of Integrating

On boarding/Off boarding business Partners

Social media networks and applications

Interoperability Agreements

Service Level Agreements

Business Partner Agreements

Memorandum of Agreement

Interconnection Security Agreement

 

 


NotepadSecurity Implications of Integrating Systems (part 2)

Privacy considerations

Risk awareness

Unauthorized data sharing

Data ownership

Data backups

Follow Security policies and Procedures

Preview agreement requirements to verify compliance

-Performance standards

 


NotepadThe Principle of Least Privilege

The principle of least privilege that our users get only the exact permissions they need to get their job done.

Separation of duties dictates that critical job functions be broken down into multiple roles.We don’t want one person alone carrying out critical job functions from the start to the finish.You need to watch for collusion to ensure that people work to those tasks do not rub their minds together to defeat the principles

 


< All CompTIA Security+ Notes
Join Cybrary

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel