In-Place Controls
controls
What are countermeasures?
Access Controls (AC)
What is a Control Family?
Procedures performed by people
What are procedural controls?
Technical controls
What are tools that automate protection?
Protects the physical environment
What is a physical control?
Prevent, recover & detect
What are objectives of controls?
NIST Controls
What is NIST SP 800-53?
Written documents that provide guidelines and rules for the organization.
What are policies and procedures?
Session time out
What is an technical control that ensures that an unauthorized user doesn't have access w/out providing their credentials?
Locks
What is the simplest method of physical security?
Installed inside the operating system
In-Place Control
Planned Controls
What is approved but not installed yet?
Backup Policy
What states that backups need to be performed but does not tell you how to perform them.
Log
What record includes who, what, where, when?
Gas system
What is a primary way to fight a Class C fire?
Control does not meet an objective (prevent,recover,detect)
When a control should be replaced?
Controls covering all aspects of security incidents
What are incident response controls?
Vulnerability Scanning Procedures
What are procedures that specify how the scans are to be documented and reported?
Port 80
What is the well-known port for HTTP?
Proximity card
What can an attacker put in a paper bag to gather credit card data by riding up and down the elevator all day long.
Replace the anti-virus software
What action should you take when a system has been infected?
They provide nonrepudiation
What are digital signatures?
Business Continuity Plan
What is a comprehensive plan that helps organizations plan for an emergency?
Changes plaintext data into ciphered data
What is encryption?
Three - barrier protection
What is a main entrance, secure employee area and secure computer area?