1. General Security Concepts

1.1 Compare and contrast various types of security controls.

Categories:

  1. Technical Controls: Implemented through technology, focusing on securing systems, networks, and data.
    • Examples: firewalls, encryption, access controls
  2. Managerial Controls: Policies, procedures, and guidelines to manage security efforts.
    • Examples: security policies, risk management frameworks
  3. Operational Controls: Day-to-day operational activities ensuring security measures are properly implemented.
    • Examples: security audits, system monitoring
  4. Physical Controls: Measures to protect physical assets and facilities. Examples: locks, biometric access controls, surveillance cameras

Control Types:

  1. Preventive Controls: Stop security incidents by preventing unauthorized access or activities.
    • Examples: firewalls, encryption, authentication
  2. Deterrent Controls: Discourage attackers by increasing perceived risk or difficulty.
    • Examples: warning signs, security cameras
  3. Detective Controls: Identify security incidents after they occur. Examples: intrusion detection systems, security audits
  4. Corrective Controls: Mitigate impact of security incidents and restore affected systems.
    • Examples: incident response plans, data backups
  5. Compensating Controls: Address security requirements when primary controls are ineffective.
    • Examples: risk acceptance, business continuity planning
  6. Directive Controls: Provide guidance on compliance with security policies and standards.
  7. Examples: security policies, training

1.2 Summarize fundamental security concepts.

  • Confidentiality, Integrity, and Availability (CIA): Fundamental principles of information security ensuring data is kept confidential, accurate, and available when needed.
  • Non-repudiation: Assurance that a sender cannot deny the authenticity or integrity of a message or transaction.
  • Authentication, Authorization, and Accounting (AAA):
    • Authenticating people: Verifying the identity of users.
    • Authenticating systems: Confirming the identity of devices or systems.
    • Authorization models: Determining what resources users or systems can access.
  • Gap analysis: Assessment of the differences between current security measures and desired security objectives.
  • Zero Trust:
    • Control Plane:
      • Adaptive identity: Dynamic authentication based on context.
      • Threat scope reduction: Limiting the potential impact of security breaches.
      • Policy-driven access control: Access decisions based on defined policies.
      • Policy Administrator: Management of access control policies.
      • Policy Engine: Enforcement of access control policies.
    • Data Plane:
      • Implicit trust zones: Segmentation of network based on trust levels.
      • Subject/System: Entity accessing or being accessed.
      • Policy Enforcement Point: Mechanism enforcing access control policies.

Physical Security:

  • Bollards: Posts used to block vehicular access.
  • Access control vestibule: Enclosed area controlling entry into a secure facility.
  • Fencing: Barrier to prevent unauthorized access.
  • Video surveillance: Monitoring system using cameras.
  • Security guard: Personnel providing physical security.
  • Access badge: Credential granting entry to a secured area.
  • Lighting: Illumination to enhance visibility and deter intruders.
  • Sensors:
    • Infrared: Detects heat signatures.
    • Pressure: Detects physical pressure changes.
    • Microwave: Emits microwaves to detect motion.
    • Ultrasonic: Uses sound waves to detect motion.

Deception and Disruption Technology:

  • Honeypot: Decoy system designed to attract attackers and gather information.
  • Honeynet: Network of honeypots used for monitoring and analysis.
  • Honeyfile: Fictitious file used to detect unauthorized access.
  • Honeytoken: Decoy credential or data item used to detect unauthorized access.

1.3 Explain the importance of change management processes and the impact to security.

Business Processes Impacting Security Operations:

  • Approval Process: Procedure for obtaining authorization for security-related actions or changes.
  • Ownership: Assignment of responsibility for security tasks or assets to specific individuals or teams.
  • Stakeholders: Individuals or groups with an interest or involvement in security-related decisions or activities.
  • Impact Analysis: Assessment of the potential effects of security incidents or changes on business operations.
  • Test Results: Findings from security testing activities such as penetration testing or vulnerability assessments.
  • Backout Plan: Contingency plan for reversing changes or mitigating risks if security measures fail or cause issues.
  • Maintenance Window: Scheduled timeframe during which security updates or maintenance tasks can be performed without disrupting business operations.
  • Standard Operating Procedure: Established protocol or guideline for carrying out security-related tasks or responding to security incidents.

Technical Implications:

  • Allow Lists/Deny Lists: Lists of permitted or prohibited entities, actions, or resources within a system or network.
  • Restricted Activities: Actions or operations that are limited or prohibited due to security considerations.
  • Downtime: Period during which a system or service is unavailable due to maintenance, security updates, or security incidents.
  • Service Restart: Process of stopping and restarting a service to apply changes or address security issues.
  • Application Restart: Reloading or restarting an application to implement security changes or address issues.
  • Legacy Applications: Older software or systems with potential security vulnerabilities or compatibility issues.
  • Dependencies: Relationships or connections between systems, applications, or components that may impact security.

Documentation:

  • Updating Diagrams: Updating visual representations of systems, networks, or processes to reflect changes or security configurations.
  • Updating Policies/Procedures: Revising written guidelines or protocols to align with changes in security practices or requirements.

Version Control: Managing and tracking changes to documents, policies, procedures, or software to ensure accuracy, accountability, and compliance.

1.4 Explain the importance of using appropriate cryptographic solutions.

Public Key Infrastructure (PKI):

  • Public Key: A cryptographic key that is shared openly and used for encryption or verifying signatures.
  • Private Key: A secret key that is kept confidential and used for decrypting data or creating digital signatures.
  • Key Escrow: A process where cryptographic keys are stored by a trusted third party for emergency access.

Encryption:

  • Level: Various levels of encryption applied to different aspects of data storage and communication.
    • Full-disk Partition File
    • Volume
    • Database Record
  • Transport/Communication: Securing data during transmission between devices or networks.
  • Asymmetric Encryption: Encryption method using pairs of keys: public and private keys.
  • Symmetric Encryption: Encryption method using a single key for both encryption and decryption.
  • Key Exchange: Process of securely sharing cryptographic keys between parties.
  • Algorithms: Mathematical formulas used for encryption and decryption.
  • Key Length: The size of the cryptographic key, influencing the strength of encryption.

Tools:

  • Trusted Platform Module (TPM): Hardware component for securely storing cryptographic keys and performing cryptographic operations.
  • Hardware Security Module (HSM): Dedicated hardware device for managing, storing, and processing cryptographic keys securely.
  • Key Management System: Software or hardware solution for generating, storing, and distributing cryptographic keys.
  • Secure Enclave: Isolated hardware or software environment for secure processing of sensitive data.

Obfuscation:

  • Steganography: Concealing data within other data to hide its existence.
  • Tokenization: Substituting sensitive data with non-sensitive placeholders.
  • Data Masking: Concealing or anonymizing specific data elements within a dataset.

Hashing:

  • Generating a fixed-size, unique hash value from input data using cryptographic algorithms.

Salting:

  • Adding random data to input before hashing to prevent identical inputs from producing the same hash.

Digital Signatures:

  • Cryptographic signatures that verify the authenticity and integrity of digital messages or documents.

Key Stretching:

  • Technique to increase the computational effort required to derive keys from passwords.

Blockchain:

  • Distributed, decentralized ledger technology used for secure and transparent record-keeping.

Open Public Ledger:

  • Transparent and publicly accessible record of transactions or data entries.

Certificates:

  • Digital documents used to authenticate the identity of users, devices, or organizations.
    • Certificate Authorities: Entities that issue and manage digital certificates.
    • Certificate Revocation Lists (CRLs): Lists of revoked or compromised digital certificates.
    • Online Certificate Status Protocol (OCSP): Protocol for checking the revocation status of digital certificates in real-time.
    • Self-signed: Digital certificates signed by their own issuer.
    • Third-party: Digital certificates issued by a trusted third-party CA.
    • Root of Trust: A trusted entity or component from which cryptographic operations and trust relationships originate.
    • Certificate Signing Request (CSR) Generation: Process of requesting a digital certificate from a CA.
    • Wildcard: A digital certificate that can secure multiple subdomains of a domain.
Previous Next
Subscribe To Our Newsletter

We’ll share with you test preparation tips, exam updates, and exclusive deals.

About Us
Contact Us
Blog
Privacy Policy
FAQs
Terms of Use