SEARCH
🇬🇧
MEM
O
RY
.COM
4.37.48
Guest
Log In
Â
Homepage
0
0
0
0
0
Create Course
Courses
Last Played
Dashboard
Notifications
Classrooms
Folders
Exams
Custom Exams
Help
Leaderboard
Shop
Awards
Forum
Friends
Subjects
Dark mode
User ID: 999999
Version: 4.37.48
www.memory.com
You are in browse mode. You must login to use
MEM
O
RY
  Log in to start
Index
 »Â
Security +
 »Â
Chapter 1
 »Â
Ch 2: Frameworks, Best Practices, and Configuration Guides
level: Ch 2: Frameworks, Best Practices, and Configuration Guides
Questions and Answers List
level questions: Ch 2: Frameworks, Best Practices, and Configuration Guides
Question
Answer
the de facto source for international standards
International Organization for Standardization (ISO)
specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization.
ISO/IEC 27001: 2013
guidance for cloud security
ISO 27017
publishes electrical power companies
North American Electric Reliability Corporation (NERC)
provides a broad overview of computer security. Primarily deals with areas of security controls
NIST Special Publication 800-12
describes common security principles that should be addressed within security policies. Describes 8 principles and 14 practices that can be used to develop security policies. Significant: dedicated to auditing user activity on a network.
Special Publication 800-14
organizes security measures into families of controls, such as assessment, access control, incident response, and others.
NIST SP 800-53
guide to industrial control system (ICS) security, is specific to industrial control systems.
Special Publication 800-82, Rev. 2
U.S standard for how to conduct risk assessments.
NIST 800-30
overview of information security
NIST 800-35
a series of standards that define procedures for implementing electronically secure industrial automation and control systems (IACSs).
ISA/IEC-62443
the security controls and objectives that companies that process credit cards should implement. Used by Visa, MasterCard, and Discover
Payment Card Industry Data Security Standard
The most sensitive systems, with mission-critical data
Secure Zone
These are computers, network segments, and systems that have no highly sensitive info, and the breach of these systems would have minimal impact.
Low Security Zone
These are standard workstations and servers, with typical business data and functionality.
General Work Zone
area where you can place a public server for access by people whom you might not trust otherwise.
demilitarized zone (DMZ)
are only assessable within the organization's network.
intranets
you are now allowing an outside entity.
Extranets are risky because?
an approach to cybersecurity in which a series of defensive mechanisms are layered in order to protect valuable data and information.
Defense in depth
is created when you configure a set of ports on switch to behave like a separate network.
Virtual Local Area Networks (VLANs)
the occurs when one or more systems are literally not connected to a network.
air-gap
blocking of suspicious websites, security policies that address attachments and downloads, limited user privileges --- All of these help alleviate the threat of malware.
control diversity
administrative, technical, and physical
When implementing controls to mitigate any security issue, controls can be classified into one of 3 categories:.....
a separate system that appears to be an attractive target but is in reality a trap for attackers (internal or external)
honeypot
extension of honeypot there is a fake network segment that appears to be a very enticing target.
honeynet
a private network connection that occurs through a public network. Provides a security over an otherwise insecure environment.
virtual private network (VPN)
encryption
Major security concern when using a VPN is
hardware device used to create remote access VPNs.
VPN concentrator
firewall
The easiest security device to place is...
freestanding devices that operate in a largely self-contained manner, requiring less maintenance and support than a server-based product.
Appliances
passes or blocks traffic to specific address based on the type of application.
Packet filter
process requests from an outside network. An intermediary between your network and any other network.
Proxy firewall
make decisions based on the data that comes in the packet
Stateless firewalls
the entire network is virtualized.
Software-defined networking (SDN)
an IDS that reacts to the intrusion that has been detected, most often by blocking communication from the offending IP address.
intrusion prevention systems (IPS)
