1.0 General Security Concepts

1.1 Compare and contrast various types of security controls

🟠 Categories:

1. Technical Controls → Implemented through technology, focusing on securing systems, networks, and data.

⚪ Examples: Firewalls, encryption, access controls

2. Managerial Controls → Policies, procedures, and guidelines to manage security efforts.

⚪ Examples: Security policies, risk management frameworks

3. Operational Controls → Day-to-day operational activities ensuring security measures are properly implemented.

⚪ Examples: Security audits, system monitoring

4. Physical Controls → Measures to protect physical assets and facilities.

⚪ Examples: Locks, biometric access controls, surveillance cameras

🟠 Control Types:

1. Preventive Controls → Stop security incidents by preventing unauthorized access or activities.

⚪ Examples: Firewalls, encryption, authentication

2. Deterrent Controls → Discourage attackers by increasing perceived risk or difficulty.

⚪ Examples: Warning signs, security cameras

3. Detective Controls → Identify security incidents after they occur.

⚪ Examples: Intrusion detection systems, security audits

4. Corrective Controls → Mitigate impact of security incidents and restore affected systems.

⚪ Examples: Incident response plans, data backups

5. Compensating Controls → Address security requirements when primary controls are ineffective.

⚪ Examples: Risk acceptance, business continuity planning

6. Directive Controls → Provide guidance on compliance with security policies and standards.

⚪ Examples: Security policies, training

1.2 Summarize fundamental security concepts

🟠 Confidentiality, Integrity, and Availability (CIA)

• Fundamental principles of information security ensuring data is kept confidential, accurate, and available when needed.

🟠 Non-repudiation

• Assurance that a sender cannot deny the authenticity or integrity of a message or transaction.

🟠 Authentication, Authorization, and Accounting (AAA)

• Authenticating people → Verifying the identity of users

• Authenticating systems → Confirming the identity of devices or systems

• Authorization models → Determining what resources users or systems can access

🟠 Gap analysis

• Assessment of the differences between current security measures and desired security objectives.

🟠 Zero Trust

🔹 Control Plane:

• Adaptive identity → Dynamic authentication based on context

• Threat scope reduction → Limiting the potential impact of security breaches

• Policy-driven access control → Access decisions based on defined policies

• Policy Administrator → Management of access control policies

• Policy Engine → Enforcement of access control policies

🔹 Data Plane:

• Implicit trust zones → Segmentation of network based on trust levels

• Subject/System → Entity accessing or being accessed

• Policy Enforcement Point → Mechanism enforcing access control policies

🟠 Physical Security

• Bollards → Posts used to block vehicular access

• Access control vestibule → Enclosed area controlling entry into a secure facility

• Fencing → Barrier to prevent unauthorized access

• Video surveillance → Monitoring system using cameras

• Security guard → Personnel providing physical security

• Access badge → Credential granting entry to a secured area

• Lighting → Illumination to enhance visibility and deter intruders

• Sensors:

⚪ Infrared → Detects heat signatures

⚪ Pressure → Detects physical pressure changes

⚪ Microwave → Emits microwaves to detect motion

⚪ Ultrasonic → Uses sound waves to detect motion

🟠 Deception and Disruption Technology

• Honeypot → Decoy system designed to attract attackers and gather information

• Honeynet → Network of honeypots used for monitoring and analysis

• Honeyfile → Fictitious file used to detect unauthorized access

• Honeytoken → Decoy credential or data item used to detect unauthorized access

1.3 Explain the importance of change management processes and the impact to security

🟠 Business Processes Impacting Security Operations

• Approval Process → Procedure for obtaining authorization for security-related actions or changes

• Ownership → Assignment of responsibility for security tasks or assets to specific individuals or teams

• Stakeholders → Individuals or groups with an interest or involvement in security-related decisions or activities

• Impact Analysis → Assessment of the potential effects of security incidents or changes on business operations

• Test Results → Findings from security testing activities such as penetration testing or vulnerability assessments

• Backout Plan → Contingency plan for reversing changes or mitigating risks if security measures fail or cause issues

• Maintenance Window → Scheduled timeframe during which security updates or maintenance tasks can be performed without disrupting business operations

• Standard Operating Procedure → Established protocol or guideline for carrying out security-related tasks or responding to security incidents

🟠 Technical Implications

• Allow Lists/Deny Lists → Lists of permitted or prohibited entities, actions, or resources within a system or network

• Restricted Activities → Actions or operations that are limited or prohibited due to security considerations

• Downtime → Period during which a system or service is unavailable due to maintenance, security updates, or security incidents

• Service Restart → Process of stopping and restarting a service to apply changes or address security issues

• Application Restart → Reloading or restarting an application to implement security changes or address issues

• Legacy Applications → Older software or systems with potential security vulnerabilities or compatibility issues

• Dependencies → Relationships or connections between systems, applications, or components that may impact security

🟠 Documentation

• Updating Diagrams → Updating visual representations of systems, networks, or processes to reflect changes or security configurations

• Updating Policies/Procedures → Revising written guidelines or protocols to align with changes in security practices or requirements

• Version Control → Managing and tracking changes to documents, policies, procedures, or software to ensure accuracy, accountability, and compliance

1.4 Explain the importance of using appropriate cryptographic solutions

🟠 Public Key Infrastructure (PKI)

• Public Key → A cryptographic key that is shared openly and used for encryption or verifying signatures

• Private Key → A secret key that is kept confidential and used for decrypting data or creating digital signatures

• Key Escrow → A process where cryptographic keys are stored by a trusted third party for emergency access

🟠 Encryption

⚪ Level → Various levels of encryption applied to different aspects of data storage and communication:

• Full-disk

• Partition

• File

• Volume

• Database

• Record

• Transport/Communication → Securing data during transmission between devices or networks

⚪ Types:

• Asymmetric Encryption → Encryption method using pairs of keys: public and private keys

• Symmetric Encryption → Encryption method using a single key for both encryption and decryption

⚪ Key Exchange → Process of securely sharing cryptographic keys between parties

⚪ Algorithms → Mathematical formulas used for encryption and decryption

⚪ Key Length → The size of the cryptographic key, influencing the strength of encryption

🟠 Tools

• Trusted Platform Module (TPM) → Hardware component for securely storing cryptographic keys and performing cryptographic operations

• Hardware Security Module (HSM) → Dedicated hardware device for managing, storing, and processing cryptographic keys securely

• Key Management System → Software or hardware solution for generating, storing, and distributing cryptographic keys

• Secure Enclave → Isolated hardware or software environment for secure processing of sensitive data

🟠 Obfuscation

• Steganography → Concealing data within other data to hide its existence

• Tokenization → Substituting sensitive data with non-sensitive placeholders

• Data Masking → Concealing or anonymizing specific data elements within a dataset

🟠 Hashing

• Generating a fixed-size, unique hash value from input data using cryptographic algorithms

🟠 Salting

• Adding random data to input before hashing to prevent identical inputs from producing the same hash

🟠 Digital Signatures

• Cryptographic signatures that verify the authenticity and integrity of digital messages or documents

🟠 Key Stretching

• Technique to increase the computational effort required to derive keys from passwords

🟠 Blockchain

• Distributed, decentralized ledger technology used for secure and transparent record-keeping

⚪ Open Public Ledger → Transparent and publicly accessible record of transactions or data entries

🟠 Certificates

• Digital documents used to authenticate the identity of users, devices, or organizations

⚪ Certificate Authorities → Entities that issue and manage digital certificates

⚪ Certificate Revocation Lists (CRLs) → Lists of revoked or compromised digital certificates

⚪ Online Certificate Status Protocol (OCSP) → Protocol for checking the revocation status of digital certificates in real-time

⚪ Self-signed → Digital certificates signed by their own issuer

⚪ Third-party → Digital certificates issued by a trusted third-party CA

⚪ Root of Trust → A trusted entity or component from which cryptographic operations and trust relationships originate

⚪ Certificate Signing Request (CSR) Generation → Process of requesting a digital certificate from a CA

⚪ Wildcard → A digital certificate that can secure multiple subdomains of a domain