Operation Security
The threat of unauthorized disclosure of sensitive information most likely to go unnoticed in the absence of auditing for Disgruntled employee.
Insiders (employees, contractors, etc.) can have access to information that they should not be allowed to and in the absence of auditing (logging) their actions can go unnoticed.
What provides controlled and un-intercepted interfaces into privileged user functions
Trusted paths
Trusted paths provide trustworthy interfaces into privileged user functions and are intended to provide a way to ensure that any communications over that path cannot be intercepted or corrupted.
The doors of a data center opens up in the event of a fire. Th is is an example of a. Fail-safe
Fail-safe mechanisms focuses on failing with a minimum of harm to personnel while fail-secure focuses on failing in a controlled manner to block access while the systems is in an inconsistent state. For example, data center door systems will fail safe to ensure that personnel can escape the area when the electrical power fails. A fail-secure door would prevent personnel from using the door at all, which could put personnel in jeopardy. Fail-open and fail-closed are fail safe mechanisms.
To ensure constant redundancy and fault-tolerance, which type of spare is recommended ....Hot spare
Hot sites are generally rented While redundant are not rented.
If speed is preferred over resilience, which of the following RAID configuration is the most suited ...RAID 0
In a RAID 0 configuration, fi les are written in stripes across multiple disks without the use of parity information. Th is technique allows for fast reading and writing to disk since all of the disks can typically be accessed in parallel. However, without the parity information, it is not possible to recover from a hard drive failure. Th is technique does not provide redundancy and should not be used for systems with high availability requirements.
Database shadowing: Database shadowing is the technique in which updates are shadowed in multiple locations. It is like copying the entire database on to a remote location. Backups are to be conducted on a regular basis and are useful in recovering information or a system in the event of disaster.
Archiving is the storage of data that is not in continual use for historical purposes.
Data mirroring is a RAID technique that duplicates all disk writes from one disk to another to create two identical drives.
When the backup window is not long enough to backup all of the data and the restoration of backup must be as fast as possible, which type of high-availability backup strategy is recommended...Differential
Full backup would not be possible since the backup window is not long ago for all the data to be backed up. Additionally, it is less likely that the backup window can be increased to allow for a full backup, which is both time consuming and costly from a storage perspective. In an incremental backup, only the files that changed since the last backup will be backed up. In a differential backup, only the files that changed since the last full backup will be backed up. In general, differentials require more space than incremental backups while incremental backups are faster to perform. On the other hand, restoring data from incremental backups requires more time than differential backups. To restore from incremental backups, the last full backup and all of the incremental backups performed are combined. In contrast, restoring from a differential backup requires only the last full backup and the latest differential.
When you approach a restricted facility, you are requested for identification and verified against a pre-approved list by the guard at the front gate before being let in. Th is is an example of checking for the principle of Least privilege.
The major benefit of information classification is to identify the appropriate level of protection needs
Information classification refers to the practice of differentiating between different types of information assets and providing some guidance as to how classified information will need to be protected. Vulnerability scans can be used to map out the computing ecosystem. Threat modeling is used to identify threats and vulnerabilities. Configuration management can be used to determine the software baseline.
When information, once classified highly sensitive, is no longer critical or highly valued, that information must be Declassified.
Information classification also includes the processes and procedures to declassify information. For example, declassification may be used to downgrade the sensitivity of information. Over the course of time, information once considered sensitive may decline in value or criticality. In these instances, declassification efforts should be implemented to ensure that excessive protection controls are not used for nonsensitive information. When declassifying information, marking, handling, and storage requirements will likely be reduced. Organizations should have declassification practices well documented for use by individuals assigned with the task. Information may still be needed and so it cannot be destroyed, degaussed, or deleted.
The main benefit of placing users into groups and roles is .....Ease of user administration
The likelihood of an individual’s compliance to organization’s policy can be determined by their ...Clearance level.
Clearances are a useful tool for determining the trustworthiness of an individual and the likelihood of their compliance with organization policy. Job rank, tile, or role may be tied to a clearance level, but this may not always be the case.
Reports must be specific on both the message and Intended audience
Reporting is also fundamental to successful security operations. It can take a variety of forms depending on the intended audience. Technical reporting tends to be designed for technical specialists or managers with direct responsibility for service delivery. Management reporting will provide summaries of multiple systems as well as key metrics for each of the services covered by the report. Executive dashboards are intended for the executive who is interested in seeing only the highlights across multiple services, and provide simple summaries of current state, usually in a highly visual form such as charts and graphs.
What can help with ensuring that only the needed logs are collected for monitoring....Clipping level
Clipping levels are used to ensure that only needed logs are collected. Th is is mainly used, because even on a single system, logs can get to be very large. An example of a clipping level is that only failed access attempts are logged.
The main difference between a security event management (SEM) system and a log management system is that SEM systems are useful for log collection, collation, and analysis....in real time.
Security event management (SEM) solutions are intended to provide a common platform for log collection, collation, and analysis in real-time to allow for more effective and efficient response.
Log management systems are similar in that, they also collect logs and provide the ability to report against them,although their focus tends to be on the historical analysis of log information, rather than real-time analysis.
They may be combined with SEM solutions to provide both historical and real-time functions.
Normal traffic flagged as an attack, it is an example of False-positive
False-positives occur when the IDS or IPS identifies something as an attack, but it is in fact normal traffic. False-negatives occur when it failed to interpret something as an attack when it should have. In these cases, intrusion systems must be carefully “tuned” to ensure that these are kept to a minimum.
The best way to ensure that there is no data remanence of sensitive information that was once stored on a burn-once DVD media is by Destruction
Optical media such as CDs and DVD must be physically destroyed to make sure that there is no residual data that can be disclosed. Since the media mentioned in this context is a read-only media (burn-once) DVD, the information on it cannot be overwritten or deleted.
Degaussing can reduce or remove data remanence in magnetic non-optical media.
What is Concerned with not only identifying the root cause but also addressing the underlying issue ...Problem management
While incident management is concerned primarily with managing an adverse event, problem management is concerned with tracking that event back to a root cause and addressing the underlying problem. Maintaining system integrity is accomplished through the process of change control management. Configuration management is a process of identifying and documenting hardware components, software, and the associated settings.
Before applying a software update to production systems, it is extremely important that...The production systems are backed up.
Prior to deploying updates to production servers, make certain that a full system backup is conducted. In the regrettable event of a system crash, due to the update, the server and data can be recovered without a signifi cant loss of data. Additionally, if the update involved propriety code, it will be necessary to provide a copy of the server or application image to the media librarian. The presence or absence of full disclosure information is good to have but not a requirement as the patching process will have to be a risk-based decision as it applies to the organization. Documentation of the patching process is the last step in patch management processes. Independent third-party assessments are not usually related to attesting patch validity.
Elements of a physical protection system ....deter, detect, delay, and response
To successfully complete a vulnerability assessment, it is critical that protection systems are well understood. Th is objective includes .....Th reat defi nition, target identifi cation, and facility characterization
At the beginning, a good assessment requires the security professional to determine specifi c protection objectives. Th ese objectives include threat defi nition, target identifi cation, and facility characteristics
Laminated glass is made from two sheets of ordinary glass bonded to a middle layer of resilient plastic. When it is struck it may crack but the pieces of glass tend to stick to the plastic inner material. Th is glass is recommended in what type of locations......Street-level windows, doorways, and other access areas
Th e strategy of forming layers of protection around an asset or facility is
known as....Defense-in-depth
In the concept of defense-in-depth, barriers are arraigned in layers with the level of security growing progressively higher as one comes closer to the center or the highest protective area. Defending an asset with a multiple posture can reduce the likelihood of a successful attack; if one layer of defense fails, another layer of defense will hopefully prevent the attack, and so on.
What crime reduction technique which is used by architects, city planners,
landscapers, interior designers, and security professionals with the objective of
creating a physical environment that positively infl uences human behavior?........Crime prevention through environmental design
Crime prevention through environmental design (CPTED) is
a crime reduction technique that has several key elements applicable to the analysis
of the building function and site design against physical attack. It is used by architects,
city planners, landscapers, interior designers, and security professionals with
the objective of creating a climate of safety in a community by designing a physical
environment that positively infl uences human behavior.
Th e key to a successful physical protection system is the integration of
........people, procedures, and equipment
Th e key to a successful system is the integration of people, procedures and equipment into a system that protects the targets from the threat. A well-designed system provides protection-in-depth, minimizes the consequences of component failures and exhibits balanced protection.
What is the primary objective of controlling entry into a facility or area
Ensure that only authorized persons are allowed to enter
Th e primary function of an access control system (ACS) is to
ensure that only authorized personnel are permitted inside the controlled area. Th is
can also include the regulation and fl ow of materials into and out of specifi c areas.
Persons subject to control can include employees, visitors, customers, vendors, and
the public. Access control measures should be diff erent for each application to fulfill
specifi c security, cost, and operational objectives
Security lighting for CCTV monitoring generally requires at least 1 to 2 footcandles
(fc) of illumination. What is the required lighting needed for safety
considerations in perimeter areas such as parking lots or garages? 5 fc
Lights used for CCTV monitoring generally requires at least
one to two footcandles of illumination, whereas the lighting needed for safety considerations
in exterior areas such as parking lots or garages substantially greater
(at least 5 fc).
What would be the most appropriate interior sensor used for a building that
has windows along the ground fl oor .........Acoustic and shock wave glass-break sensors
Glass-break sensors are a good intrusion detection device
for buildings with a lot of glass windows and doors with glass panes.Th e use of dual-technology glass break sensors—acoustic and shock wave—is most eff ective.
Th e reason is that if only acoustic is used and an employee pulls the window blinds
up, it can set off a false alarm; but if it is set to a dual-alarm system both acoustic
and shock sensors will need to be activated before an alarm is triggered.
CCTV technologies make possible four distinct yet complementary functions.
Th e fi rst is visual assessment of an alarm or other event. Th is permits
the operator to assess the nature of the alarm before initiating a response.
What are the other three functions of CCTV.........Surveillance, deterrence, and evidentiary archives
Uses of CCTV systems for security services include several
diff erent functions: surveillance, assessment, deterrence, and evidentiary archives
Businesses face new and complex physical security challenges across the full
spectrum of operations. Although security technologies are not the answer
to all organizational security problem, if applied appropriately what will they
provide?
Th ey can enhance the security envelope and in the majority of cases will save the organization money.
Th ese days, all businesses face new and complex physical
security challenges across the full spectrum of operations. Although security
technologies are not the answer to all organizational security problems, if applied
appropriately, they can enhance the security envelope and in the majority of cases
will save the organization money
The threat of unauthorized disclosure of sensitive information most likely to go unnoticed in the absence of auditing for Disgruntled employee.
Insiders (employees, contractors, etc.) can have access to information that they should not be allowed to and in the absence of auditing (logging) their actions can go unnoticed.
What provides controlled and un-intercepted interfaces into privileged user functions
Trusted paths
Trusted paths provide trustworthy interfaces into privileged user functions and are intended to provide a way to ensure that any communications over that path cannot be intercepted or corrupted.
The doors of a data center opens up in the event of a fire. Th is is an example of a. Fail-safe
Fail-safe mechanisms focuses on failing with a minimum of harm to personnel while fail-secure focuses on failing in a controlled manner to block access while the systems is in an inconsistent state. For example, data center door systems will fail safe to ensure that personnel can escape the area when the electrical power fails. A fail-secure door would prevent personnel from using the door at all, which could put personnel in jeopardy. Fail-open and fail-closed are fail safe mechanisms.
To ensure constant redundancy and fault-tolerance, which type of spare is recommended ....Hot spare
Hot sites are generally rented While redundant are not rented.
If speed is preferred over resilience, which of the following RAID configuration is the most suited ...RAID 0
In a RAID 0 configuration, fi les are written in stripes across multiple disks without the use of parity information. Th is technique allows for fast reading and writing to disk since all of the disks can typically be accessed in parallel. However, without the parity information, it is not possible to recover from a hard drive failure. Th is technique does not provide redundancy and should not be used for systems with high availability requirements.
Database shadowing: Database shadowing is the technique in which updates are shadowed in multiple locations. It is like copying the entire database on to a remote location. Backups are to be conducted on a regular basis and are useful in recovering information or a system in the event of disaster.
Archiving is the storage of data that is not in continual use for historical purposes.
Data mirroring is a RAID technique that duplicates all disk writes from one disk to another to create two identical drives.
When the backup window is not long enough to backup all of the data and the restoration of backup must be as fast as possible, which type of high-availability backup strategy is recommended...Differential
Full backup would not be possible since the backup window is not long ago for all the data to be backed up. Additionally, it is less likely that the backup window can be increased to allow for a full backup, which is both time consuming and costly from a storage perspective. In an incremental backup, only the files that changed since the last backup will be backed up. In a differential backup, only the files that changed since the last full backup will be backed up. In general, differentials require more space than incremental backups while incremental backups are faster to perform. On the other hand, restoring data from incremental backups requires more time than differential backups. To restore from incremental backups, the last full backup and all of the incremental backups performed are combined. In contrast, restoring from a differential backup requires only the last full backup and the latest differential.
When you approach a restricted facility, you are requested for identification and verified against a pre-approved list by the guard at the front gate before being let in. Th is is an example of checking for the principle of Least privilege.
The major benefit of information classification is to identify the appropriate level of protection needs
Information classification refers to the practice of differentiating between different types of information assets and providing some guidance as to how classified information will need to be protected. Vulnerability scans can be used to map out the computing ecosystem. Threat modeling is used to identify threats and vulnerabilities. Configuration management can be used to determine the software baseline.
When information, once classified highly sensitive, is no longer critical or highly valued, that information must be Declassified.
Information classification also includes the processes and procedures to declassify information. For example, declassification may be used to downgrade the sensitivity of information. Over the course of time, information once considered sensitive may decline in value or criticality. In these instances, declassification efforts should be implemented to ensure that excessive protection controls are not used for nonsensitive information. When declassifying information, marking, handling, and storage requirements will likely be reduced. Organizations should have declassification practices well documented for use by individuals assigned with the task. Information may still be needed and so it cannot be destroyed, degaussed, or deleted.
The main benefit of placing users into groups and roles is .....Ease of user administration
The likelihood of an individual’s compliance to organization’s policy can be determined by their ...Clearance level.
Clearances are a useful tool for determining the trustworthiness of an individual and the likelihood of their compliance with organization policy. Job rank, tile, or role may be tied to a clearance level, but this may not always be the case.
Reports must be specific on both the message and Intended audience
Reporting is also fundamental to successful security operations. It can take a variety of forms depending on the intended audience. Technical reporting tends to be designed for technical specialists or managers with direct responsibility for service delivery. Management reporting will provide summaries of multiple systems as well as key metrics for each of the services covered by the report. Executive dashboards are intended for the executive who is interested in seeing only the highlights across multiple services, and provide simple summaries of current state, usually in a highly visual form such as charts and graphs.
What can help with ensuring that only the needed logs are collected for monitoring....Clipping level
Clipping levels are used to ensure that only needed logs are collected. Th is is mainly used, because even on a single system, logs can get to be very large. An example of a clipping level is that only failed access attempts are logged.
The main difference between a security event management (SEM) system and a log management system is that SEM systems are useful for log collection, collation, and analysis....in real time.
Security event management (SEM) solutions are intended to provide a common platform for log collection, collation, and analysis in real-time to allow for more effective and efficient response.
Log management systems are similar in that, they also collect logs and provide the ability to report against them,although their focus tends to be on the historical analysis of log information, rather than real-time analysis.
They may be combined with SEM solutions to provide both historical and real-time functions.
Normal traffic flagged as an attack, it is an example of False-positive
False-positives occur when the IDS or IPS identifies something as an attack, but it is in fact normal traffic. False-negatives occur when it failed to interpret something as an attack when it should have. In these cases, intrusion systems must be carefully “tuned” to ensure that these are kept to a minimum.
The best way to ensure that there is no data remanence of sensitive information that was once stored on a burn-once DVD media is by Destruction
Optical media such as CDs and DVD must be physically destroyed to make sure that there is no residual data that can be disclosed. Since the media mentioned in this context is a read-only media (burn-once) DVD, the information on it cannot be overwritten or deleted.
Degaussing can reduce or remove data remanence in magnetic non-optical media.
What is Concerned with not only identifying the root cause but also addressing the underlying issue ...Problem management
While incident management is concerned primarily with managing an adverse event, problem management is concerned with tracking that event back to a root cause and addressing the underlying problem. Maintaining system integrity is accomplished through the process of change control management. Configuration management is a process of identifying and documenting hardware components, software, and the associated settings.
Before applying a software update to production systems, it is extremely important that...The production systems are backed up.
Prior to deploying updates to production servers, make certain that a full system backup is conducted. In the regrettable event of a system crash, due to the update, the server and data can be recovered without a signifi cant loss of data. Additionally, if the update involved propriety code, it will be necessary to provide a copy of the server or application image to the media librarian. The presence or absence of full disclosure information is good to have but not a requirement as the patching process will have to be a risk-based decision as it applies to the organization. Documentation of the patching process is the last step in patch management processes. Independent third-party assessments are not usually related to attesting patch validity.
Elements of a physical protection system ....deter, detect, delay, and response
To successfully complete a vulnerability assessment, it is critical that protection systems are well understood. Th is objective includes .....Th reat defi nition, target identifi cation, and facility characterization
At the beginning, a good assessment requires the security professional to determine specifi c protection objectives. Th ese objectives include threat defi nition, target identifi cation, and facility characteristics
Laminated glass is made from two sheets of ordinary glass bonded to a middle layer of resilient plastic. When it is struck it may crack but the pieces of glass tend to stick to the plastic inner material. Th is glass is recommended in what type of locations......Street-level windows, doorways, and other access areas
Th e strategy of forming layers of protection around an asset or facility is
known as....Defense-in-depth
In the concept of defense-in-depth, barriers are arraigned in layers with the level of security growing progressively higher as one comes closer to the center or the highest protective area. Defending an asset with a multiple posture can reduce the likelihood of a successful attack; if one layer of defense fails, another layer of defense will hopefully prevent the attack, and so on.
What crime reduction technique which is used by architects, city planners,
landscapers, interior designers, and security professionals with the objective of
creating a physical environment that positively infl uences human behavior?........Crime prevention through environmental design
Crime prevention through environmental design (CPTED) is
a crime reduction technique that has several key elements applicable to the analysis
of the building function and site design against physical attack. It is used by architects,
city planners, landscapers, interior designers, and security professionals with
the objective of creating a climate of safety in a community by designing a physical
environment that positively infl uences human behavior.
Th e key to a successful physical protection system is the integration of
........people, procedures, and equipment
Th e key to a successful system is the integration of people, procedures and equipment into a system that protects the targets from the threat. A well-designed system provides protection-in-depth, minimizes the consequences of component failures and exhibits balanced protection.
What is the primary objective of controlling entry into a facility or area
Ensure that only authorized persons are allowed to enter
Th e primary function of an access control system (ACS) is to
ensure that only authorized personnel are permitted inside the controlled area. Th is
can also include the regulation and fl ow of materials into and out of specifi c areas.
Persons subject to control can include employees, visitors, customers, vendors, and
the public. Access control measures should be diff erent for each application to fulfill
specifi c security, cost, and operational objectives
Security lighting for CCTV monitoring generally requires at least 1 to 2 footcandles
(fc) of illumination. What is the required lighting needed for safety
considerations in perimeter areas such as parking lots or garages? 5 fc
Lights used for CCTV monitoring generally requires at least
one to two footcandles of illumination, whereas the lighting needed for safety considerations
in exterior areas such as parking lots or garages substantially greater
(at least 5 fc).
What would be the most appropriate interior sensor used for a building that
has windows along the ground fl oor .........Acoustic and shock wave glass-break sensors
Glass-break sensors are a good intrusion detection device
for buildings with a lot of glass windows and doors with glass panes.Th e use of dual-technology glass break sensors—acoustic and shock wave—is most eff ective.
Th e reason is that if only acoustic is used and an employee pulls the window blinds
up, it can set off a false alarm; but if it is set to a dual-alarm system both acoustic
and shock sensors will need to be activated before an alarm is triggered.
CCTV technologies make possible four distinct yet complementary functions.
Th e fi rst is visual assessment of an alarm or other event. Th is permits
the operator to assess the nature of the alarm before initiating a response.
What are the other three functions of CCTV.........Surveillance, deterrence, and evidentiary archives
Uses of CCTV systems for security services include several
diff erent functions: surveillance, assessment, deterrence, and evidentiary archives
Businesses face new and complex physical security challenges across the full
spectrum of operations. Although security technologies are not the answer
to all organizational security problem, if applied appropriately what will they
provide?
Th ey can enhance the security envelope and in the majority of cases will save the organization money.
Th ese days, all businesses face new and complex physical
security challenges across the full spectrum of operations. Although security
technologies are not the answer to all organizational security problems, if applied
appropriately, they can enhance the security envelope and in the majority of cases
will save the organization money
No comments:
Post a Comment