Upgrade to remove ads
Ch 8 Sec+
Terms in this set (27)
Helps an organization identify and categorize threats. It attempts to predict the threats against an organizations assets and the likelihood a threat will occur. Attempts to identify the potential impact from these threats.
Flaw or weakness in software or hardware that a threat can expose.
Practice of identifying, monitoring, and limiting risks to a manageable level. Doesn't eliminate risks but provides methods to mitigate them.
Risk Assessment (analysis)
Quantifies or qualifies risks based on different values or judgment.
Quantitative Risk Assessment
Measures the risk using a specific money amount.
SLE (Single Loss Expectancy)
ARO (Annual Rate of Occurrence)
ALE (Annual Loss Expectancy)
SLE - Cost of a single loss. ALE/ARO
ARO - Indicates how many times the loss will occur in a YEAR. ALE/SLE
ALE - Value of SLE x ARO.
Qualitative Risk Assessment
Uses judgment to categorize risks based on likelihood of occurrence (probability) and impact.
Supply Chain Assessment
Evaluates everything needed to produce and sell a product. Evaluates these elements; the raw materials supply sources and all the processes required to create, sell, and distribute the product.
Comprehensive document listing known information about risks. Typically includes risk scores and recommended security controls to reduce the risk scores.
Attempts to discover a hashed or encrypted password.
Offline - Attempts to discover password by analyzing a database of passwords
Online - Attempts to discover passwords by guessing them in a brute force attack.
Various techniques used to gather information about hosts within a network.
Discovers devices on the network and how they are connected with each other.
Typically use both passive and active scans.
Technique used to gain information about remote systems and many network scanners use it. Often used to identify OS.
Vulnerability Scanner (Passive)
Used to identify which systems are susceptible to attacks. Can identify vulnerabilities, misconfigurations, passively test security controls, identify lack of security controls.
Credentialed vs Non Credentialed vulnerablity scans
Credentialed - Runs a vulnerability scan using the credentials of an account
Non Credentialed - Runs a vulnerability scan without any user credentials
Configuration Compliance Scanner
Verifies that systems are configured correctly.
Actively assesses deployed security controls within a system or network.
Passive vs Active Reconnaissance
Passive - Collects information about a targeted system, network, or organization using open source intelligence. (No interaction with the target)
Active - Using tools to send data to systems and analyzing the responses. (Interacts with the target)
Process of using various tools to gain additional information. Using a system to target other systems.
Include tools used to check for vulnerablities and execute exploits on any discovered vulnerabilties. Has a database of exploits to check against.
Captures and analyzes packets on a network. Can be referred to as sniffing. Useful for troubleshooting communication problems. Can show data sent in clear text, source and destination ip address.
Command line packet analyzer (protocol analyzer). Tcpdump can capture the packets through the command line.
Network scanner. Identifies active hosts, OS. Graphical verision is called Zenmap.
Used to remotely administrator systems and gather information on remote systems.
Linux log commands:
/auth.log - Authenication log contains information related to successful and unsuccessful logins.
/messages - Contains a variety of general system messages.
/boot.log - Log entries created when the system boots
/faillog - Contaings information on failed login attempts.
/kern.log - Information logges by the system kernel
/httpd - Only if the system is created with an apache web server.
utmp - status of the system, who is logged in
wtmp - archive of the utmp logs
btmp - records failed login attempts.
SEIM (Security Information and Event Management)
Provides a centralized solution for collecting, analyzing and managing data from multiple sources. Useful in large organizations. Provides real time monitoring (SEM) and long term data storage (SIM). Automated alerts and triggers.
YOU MIGHT ALSO LIKE...
SY0-501 Chapter 8: Using Risk Management Tools
Sec+ Chapter 8
Cybersecurity Fundamentals - Terms
SEC566 - Critical Security Controls
OTHER SETS BY THIS CREATOR
Sec+ Study Terms
Ch 7 Sec +
Ch 6 Sec +
Ch 5 Sec+