pt.25

avatar
Created by
Corn

Cards (52)

  • A forensic artifact is an unintentional trace of an attacker's activity that can be identified on a host or network.
  • Forensic artifacts are valuable digital evidence in cybersecurity and digital forensics investigations, as they can provide insights into an attacker's actions and help in reconstructing the timeline of events during a security incident.
  • Hashing involves generating a unique hash value (a fixed-size string of characters) based on the content of digital evidence.
  • By comparing the hash value of the original evidence to the hash value of the potentially tampered evidence, investigators can determine whether the evidence has been altered.
  • Metadata is data that provides information about other data.
  • In the context of digital evidence, metadata can include information such as timestamps, file properties, and other attributes.
  • E-discovery (Electronic Discovery) is the process of identifying, collecting, preserving, and producing electronically stored information in response to a legal request.
  • Non-repudiation is the ability to prove that a message has not been altered or deleted. And describes the ability to prove that a message has not been altered or deleted.
  • Category of managerial security controls is physical security, technical security, and administrative security.
  • Administrative controls is the use of administrative controls to prevent or reduce the risk of a security incident. Focused on managing the day-to-day activities of an organization. Risk management. Involve the oversight of the organization's activities to ensure that they are carried out in accordance with the organization's policies and procedures.
  • Operation security controls are designed to protect the organization from threats and vulnerabilities. Focused on the physical security of the organization and its assets.
  • Configuration management is the process of managing the configuration of a system or software to ensure that it is in a known and acceptable state.
  • Data backups are used to protect data from accidental or malicious damage, loss or theft.
  • Security Awareness programs are designed to educate users about security threats and how to protect themselves. It also trains employees to recognize and report security incidents.
  • Technical Managerial controls focus on the technical aspects of the business, such as the production process, the quality of the product, and the efficiency of the operations.
  • Technical security controls are implemented to manage and mitigate security risks by protecting systems and data.
  • Technical controls are often referred to as logical security controls because they involve the use of technology to enforce security policies.
  • Technical controls are automated and executed by computer systems to enforce security measures.
  • Encryption protocols are used to secure data in transit and at rest.
  • Firewall ACLs (Access Control Lists) are used to control access to a network by defining which IP addresses are allowed to access a network.
  • Authentication Protocols are used to verify the identity of the user and the device.
  • System Hardening involves the use of security controls to reduce the impact of a security incident. This includes securing computer systems, networks, and software to reduce vulnerabilities and make them less susceptible to attacks.
  • Separation of duties is a policy that requires that different people perform different tasks in a business, reducing the possibility of fraud.
  • Preventive security controls are measures put in place to proactively prevent security incidents and protect assets from potential threats.
  • Detective security controls involve monitoring and detecting security events or anomalies within an organization's IT infrastructure.
  • Corrective security controls aim to mitigate the effects of security incidents once they have occurred.
  • Log monitoring is the process of monitoring the log files of a system to detect and respond to problems.
  • Security audits are performed to ensure that the security controls are in place and working properly.
  • IDS (Intrusion Detection System) is a software program that monitors network traffic for suspicious activity.
  • IPS (Intrusion Prevention System) is similar to IDS but can also take action against detected intrusions, such as blocking access to specific IP addresses.
  • Backing up data and having a system recovery plan in place allows an organization to restore its systems and data in the event of a security incident or data loss.
  • Having an alternate site or a disaster recovery location where essential business operations can continue in case of a disruption or security incident.
  • Fire suppression systems are designed to control or extinguish fires in data centers or critical infrastructure to prevent damage to equipment and data.
  • Deterrent Security Controls are designed to deter, deny, or delay an attacker from gaining access to a system.
  • Warning signs indicating the presence of security measures, such as surveillance cameras or alarms, to deter potential intruders.
  • Adequate lighting in and around a facility to discourage unauthorized access or suspicious activities.
  • Displaying banners or messages during the login process to remind users of security policies and legal restrictions, acting as a deterrent against unauthorized actions.
  • Compensating Security Controls are used to reduce the risk of a security breach.
  • Sandboxing is a technique that isolates a program from the rest of the operating system and prevents it from accessing the rest of the system
  • A backup power system is a power source that is used to provide power to the building in the event of a power outage