This chapter covers the following topics:
Describe the principles of the defense-in-depth strategy.
What are threats, vulnerabilities, and exploits?
Describe Confidentiality, Integrity, and Availability.
Describe risk and risk analysis.
Define what personally identifiable information (PII) and protected health information (PHI) are.
What are the principles of least privilege and separation of duties?
What are security operation centers (SOCs)?
Describe cyber forensics.
This chapter covers the principles of the defense-in-depth strategy and compares and contrasts the concepts of risk, threats, vulnerabilities, and exploits. This chapter also defines what are threat actors, run book automation (RBA), chain of custody (evidentiary), reverse engineering, sliding window anomaly detection, Personally Identifiable Information (PII), Protected Health Information (PHI), as well as what is the principle of least privilege, and how to perform separation of duties. It also covers concepts of risk scoring, risk weighting, risk reduction, and how to perform overall risk assessments.
“Do I Know This Already?” Quiz
The “Do I Know This Already?” quiz helps you identify your strengths and deficiencies in this chapter’s topics. The 11-question quiz, derived from the major sections in the “Foundation Topics” portion of the chapter, helps you determine how to spend your limited study time. You can find the answers in Appendix A Answers to the “Do I Know This Already?” Quizzes and Q&A Questions.
Table 3-1 outlines the major topics discussed in this chapter and the “Do I Know This Already?” quiz questions that correspond to those topics.
Table 3-1 “Do I Know This Already?” Foundation Topics Section-to-Question Mapping
Foundation Topics Section
Questions Covered in This Section
The Principles of the Defense-in-Depth Strategy
What Are Threats, Vulnerabilities, and Exploits?
Risk and Risk Analysis
Personally Identifiable Information and Protected Health Information
Principle of Least Privilege and Separation of Duties
Security Operation Centers
What is one of the primary benefits of a defense-in-depth strategy?
You can deploy advanced malware protection to detect and block advanced persistent threats.
You can configure firewall failover in a scalable way.
Even if a single control (such as a firewall or IPS) fails, other controls can still protect your environment and assets.
You can configure intrusion prevention systems (IPSs) with custom signatures and auto-tuning to be more effective in the network.
Which of the following planes is important to understand for defense in depth?
Which of the following are examples of vulnerabilities?
Cross-site scripting (XSS)
Cross-site request forgery (CSRF)
What is the Common Vulnerabilities and Exposures (CVE)?
An identifier of threats
A standard to score vulnerabilities
A standard maintained by OASIS
A standard for identifying vulnerabilities to make it easier to share data across tools, vulnerability repositories, and security services
Which of the following is true when describing threat intelligence?
Threat intelligence’s primary purpose is to make money by exploiting threats.
Threat intelligence’s primary purpose is to inform business decisions regarding the risks and implications associated with threats.
With threat intelligence, threat actors can become more efficient to carry out attacks.
Threat intelligence is too difficult to obtain.
Which of the following is an open source feed for threat data?
Cyber Squad ThreatConnect
BAE Detica CyberReveal
Cisco AMP Threat Grid
What is the Common Vulnerability Scoring System (CVSS)?
A scoring system for exploits.
A tool to automatically mitigate vulnerabilities.
A scoring method that conveys vulnerability severity and helps determine the urgency and priority of response.
A vulnerability-mitigation risk analysis tool.
Which of the following are examples of personally identifiable information (PII)?
Social security number
Biological or personal characteristics, such as an image of distinguishing features, fingerprints, x-rays, voice signature, retina scan, and geometry of the face
Date of birth
Which of the following statements are true about the principle of least privilege?
Principle of least privilege and separation of duties can be considered to be the same thing.
The principle of least privilege states that all users—whether they are individual contributors, managers, directors, or executives—should be granted only the level of privilege they need to do their job, and no more.
Programs or processes running on a system should have the capabilities they need to “get their job done,” but no root access to the system.
The principle of least privilege only applies to people.
What is a runbook?
A runbook is a collection of processes running on a system.
A runbook is a configuration guide for network security devices.
A runbook is a collection of best practices for configuring access control lists on a firewall and other network infrastructure devices.
A runbook is a collection of procedures and operations performed by system administrators, security professionals, or network operators.
Chain of custody is the way you document and preserve evidence from the time you started the cyber forensics investigation to the time the evidence is presented at court. Which of the following is important when handling evidence?
Documentation about how and when the evidence was collected
Documentation about how evidence was transported
Documentation about who had access to the evidence and how it was accessed
Documentation about the CVSS score of a given CVE