House of Common Techniques
This establishes what normal operations look like, should be compared against to understand if something is happening on your network or system
What is a Baseline?
The idea that a product or service or data set belongs to someone in particular with an organization
What is Ownership?
These are automated tools that look for known weaknesses in security on services and devices present on your network
What are Vulnerability Scanners?
This is the term for collecting logs from multiple sources on a network
What is Log Aggregation?
This enforces security policies to a network by inspecting devices that attempt to connect beyond their MAC address and will block devices that do not meet security requirements
What is Network Access Control NAC?
We disable unused ports, use VLAN segments, and port security on these devices to do this? (2 part answer)
What is Switch Hardening?
This involves identifying devices, services, and software within an environment, used to detect unknown assets within a network
What is Enumeration?
This may involve running an application in a sandbox to test how an application is running in real-time and see what it is doing and how it reacts to inputs while looking at it's code
What is Dynamic Code Analysis?
This protocol defines standards for the format and exchange of security information and automate vulnerability management, compliance checking, and policy enforcement
What is SCAP Security Content Automation Protocol?
These tools focus on detecting, investigating, and responding to threats on an end point and then can be linked together to get a broader view of threats to your network (2 tools for the answer)
What is Endpoint/Extended Detection and Response EDR/XDR?
We put these into separate network segments due to the security risks they pose due to being cheaper, weaker devices, even though they are becoming commonplace in all parts of life
What is Internet of Things?
You do this to data when you are disposing or reusing a device, this term covers any type of removal effort short of destroying the device completely
What is Sanitization?
This activity simulates an attack on a network or resource to help understand the potential damage a real attack could do and help inform decisions to better prevent future attacks
What is Penetration Testing?
This type of tool collects logs from end points and devices to give you a single-pane-of-glass view of your network's health, only shows statuses and alerts, does not take any actions itself
What is a SIEM Security Information and Event Management system?
This allows organizations to leverage the authentication and identity structures of other organizations to provide authentication services to them, think using a "Log In with Google" button to login to another website
What is Federation?
You do one of these to understand the radio environment of your site, generates a heat map when done
What is a Site Survey?
Considered the BEST way to guarantee the destruction of data on a device
What is Fire?
This kind of program encourages outside developers and users to discover and turn in flaws found in hardware and software to their manufacturer's, often with a monetary reward included as an incentive
What is a Bug Bounty Program?
This system monitors network devices and send notifications about events occurring on the network using traps
What is Simple Network Management Protocol SNMP?
This system restricts authorizations from strict policies defined by a central authority, which users cannot change
What is a MAC Mandatory Access Control?
This involves running applications in an isolated environment to analyze it's behavior and validate that it functions as expected
What is Sandboxing?
These are issued when a device is destroyed securely, required for some regulatory compliance depending on the nature of the device and data held on it
What is Certification?
This is the term for what a company determines is an acceptable loss in time, money, reputation, or other resources before mitigating factors must be applied
What is Risk Tolerance?
These system monitor and control the movement of sensitive data across networks and devices by inspecting and applying an allow/deny list to the content that it can read
What is a Data Loss Prevention DLP system?
This is the biggest security benefit to automation
What is Reaction Time?