CATEGORY 1: INFORMATION SECURITY Foundation
What is Information Security?
protection of information from unauthorized access, disclosure, alteration, or destruction and ensures data is secure, accurate, and accessible.
What are the four main security control categories?
The four main categories of security controls are Managerial Controls, Operational Controls, Technical Controls, and Physical Controls.
What are Preventive Controls?
Physically or logically restrict unauthorized access, operate before an attack occurs, attempt to block or stop a security event, and precede an event.
Who is Responsible for overall IT strategy and operations, ensures technology supports business objectives, and is accountable for information systems governance.
The Chief Information Officer (CIO)
What is a Cyber Incident Response Team (CIRT)
A specialized team that manages cyber incidents, investigates attacks, coordinates response efforts, works to minimize damage, and restores operations.
What are the components of information security foundation? and define each
Confidentiality, Integrity, and Availability.
What are Managerial Controls?
These controls provide oversight and governance of systems and focus on policies, planning, and risk management.
What are Detective Controls?
Identify attempted or successful intrusions, operate during an attack, provide alerting and monitoring, and detect and report incidents.
Who is Responsible for the organization’s security strategy, oversees security policies, risk management, and compliance, and focuses on protecting information assets.
Who is the Chief Security Officer (CSO)
List Information Security Competencies
•Risk assessments and testing
•Specifying, sourcing, installing, and configuring secure devices and software
•Access control and user privileges
•Auditing logs and events
•Incident response and reporting
•Business continuity and disaster recovery
•Security training and education programs
What is Non-Repudiation
Individuals cannot deny creating, sending, or modifying data and it provides proof of origin and accountability.
What are Operational Controls?
These controls rely on people for implementation and are executed through processes and procedures.
What are Corrective Controls?
Respond to and fix an incident, may prevent reoccurrence, and operate after an attack.
Who Oversees day-to-day security operations, ensures systems comply with security policies, and coordinates incident response efforts.
Who is the Information Systems Security Officer (ISSO)
What is a Security Operations Center (SOC)
A centralized unit responsible for continuous security monitoring that analyzes alerts and security events and detects and responds to threats in real time.
What is Gap Analysis?
This process evaluates differences between current security posture and desired security standards to identify weaknesses.
What are Technical Controls?
These controls are implemented through operating systems, software, and security appliances and provide automated or system-based protections.
What are Directive Controls?
Enforce a rule of behavior, guide actions to ensure compliance, and are typically implemented through policies and procedures.
What is Due Care / Liability
Organizations must take reasonable steps to protect information, and failure to do so may result in legal or financial liability.
What is Incident Response?
A structured approach to handling security incidents that includes detection, containment, eradication, and recovery.
List and Describe the steps in Access Control
Identification, Authentication, Authorization , Accounting
What are Physical Controls?
These controls include devices that mediate access to premises and hardware and protect facilities and equipment.
What are Deterrent Controls?
discourage intrusions, reduce the likelihood of an attack attempt, and act as a visible warning to potential attackers.
What are Managerial Roles
Provide oversight and governance, develop policies, and enforce compliance
What is DevSecOps?
Integrates Development, Security, and Operations, embeds security into the software development lifecycle, and promotes automation, continuous testing, and secure coding practices.