Please enable JavaScript.
Coggle requires JavaScript to display documents.
CHAPTER 8 Controls for Information Security - Coggle Diagram
CHAPTER 8
Controls for Information Security
Protecting Information Resources
People
Creation of a "security-conscious" culture
Training
Process
User Access Controls
authentication controls
process of verifying the identity of the person or device attempting to access the system
To identify one's identity:
something the person knows, such as passwords or personal identification numbers (PINs)
Something the person has, such as smart cards or ID badges
some physical or behavioral characteristics
(biometric identifier)
of the person, such as fingerprints
biometric identifier
a physical or behavioral characteristics that is used as an authentication credential
multimodal authentication
the use of multiple authentication credentials of the same type to achieve a greater level of security
multifactor authentication
the use of two or more types of authentication credentials in conjunction to achieve a greater level of security
authorization controls
the process of restricting access of authentication users to specific portions of the system and limiting what actions they are permitted to perform
access control matrix
a table used to implement authorization controls
compatibility test
matching the user's authentication credentials against the access control matrix to determine whether that employee should be allowed to access that resource and perform the requested action
Penetration Testing
an authorized attempt to break into the organization's information system
Change controls and change management
the formal process used to ensure that modifications to hardware, software or processes do not reduce systems reliability
IT Solutions
Antimalware Controls
malware
(viruses,worms)
malicious software awareness education
installation of antimalware protection tools on all device
centralized management of patches and updates to antimalware software
regular review of new malware threats
filtering of incoming traffic to block potential sources of malware
training employees not to install shared or unapproved software
Network Access Controls
Perimeter defense: routers, firewalls and intrusion prevention systems
border router
a device that connects an organization's information system to the interner
firewall
a special-purpose hardware device or software running a general-purpose computer that controls both inbound and outbound communication between the system behind the firewall and other networks
demilitarized zone (DMZ)
a separate network located outside the organization's internal information system that permits controlled access from the internet
router
special purpose devices that are designated to read the source and destinations address fields in IP packet headers to decide where to send (route) the packet next
access control list (ACL)
a set of IF-THEN rules used to determine what to do with arriving packets
packet filtering
a process that uses various fields in a packet's IP and TCP headers to decide what to do with the packet
deep packet inspection
a process that examines the data in the body of a TCP packet to control traffic, rather than looking only at the information in the IP and TCP headers
1 more item...
Using Defense-in-Depth to Restrict Network Access
Securing Wireless Access
turn of available security features
encrypt all wireless traffic
authenticate all devices attempting to establish wireless access to the network before assigning them an IP address
Device and Software Hardening Controls
Endpoint Configuration
vulnerabilities
flaws in programs that can be exploited to either crash the system or take control of it
vulnerability scanners
automated tools designed to identify whether a given system possesses any unused and unnecessary programs that represent potential security threats
exploit
a program designed to take advantage of a known vulnerability
patch
code released by software developers that fixes a particular vulnerability
patch management
the process of regularly applying patches and updates to software
1 more item...
endpoint
collective term for the workstations servers, printers, and other devices that comprise and organization's network
User Account Management
Software Design
Encryptiion
Physical Security
Access Control
Understanding Targeted Attacks
Steps Criminals use:
Conduct reconnaissance
Attempt social engineering
Scan and map the target
Research
Execute the attack
Cover the tracks
social engineering
using deception to obtain unauthorized access to information resources
Fundamental Information Security Concepts
Security is a management issue, not just a technology issue
The time-based model of information security
time-based model of security
implementing a combination of preventive, detective and corrective controls that protect information assets long enough to enable an organization to recognize that an attack is occurring and take steps to thwart it before any information is lost or compromised
defense-in-depth
employing multiple layers of controls to avoid a single point-of-failure
P>D+R
P = the time it takes an attacker to break through the various controls that protect the organization's info assets
D= the time it takes for the organization to detect that an attack is in progress
R= the time it takes to respond to and to stop the attack
Introduction
Principles:
Security
Confidentiality
Privacy
Processing Integrity
Availability
Detecting Attacks
Log analysis
the process of examining logs to identify evidence of possible attacks
Intrusion detection systems (IDS)
a system that creates logs of all networks traffic that was permitted to pass the firewall then analyzes those logs for signs of attempted or successful intrusions
Continuous Monitoring
Responding to Attacks
Computer Incident Response Team (CIRT)
recognition
containment
recovery
follow-up
Chief Information Security Officer (CISO)
Security Implications of Virtualization, Cloud Computing and the Internet of Things
virtualization
running multiple systems simultaneously on one physical computer
cloud computing
using a browser to remotely access software, data storage, hardware and applications