CHAPTER SUMMARY

Information assurance is a guideline for planning, implementing, and assessing a secure IT infrastructure. This chapter examined several models, including the C-I-A triad, five pillars of IA, and Parkerian hexad. An organization should choose the one that most accurately reflects its IA requirements.

Ideally, every component of infrastructure should be evaluated for its contribution to information assurance on critical resources. Staff members, both technical and nontechnical, should participate in regular training on information assurance concepts so they are aware of the security implications of their decisions and are able to recognize important anomalies when they occur. When security incidents do occur, careful analysis and cross-referencing of various audit logs provides key information about the incident. This information is a valuable resource for preventing similar breaches in the future.

KEY CONCEPTS AND TERMS

Audit trail

Blacklist

False negative

False positive

Intrusion detection system (IDS)

Normalization

Parsing

Prioritization

Security information and event management (SIEM) system

Whitelist

CHAPTER 13 ASSESSMENT

  1. According to the C-I-A triad, the three pillars of information assurance are ________, ________, and ________.
  2. Nonrepudiation provides the sender of information with which of the following?
    1. Read receipt
    2. Notification that the message was deleted without being opened
    3. Proof of delivery
    4. Notification that the message was forwarded to a third party by the original recipient
  3. The Parkerian hexad adds which elements to the C-I-A triad? (Select three.)
    1. Possession or control
    2. Nonrepudiation
    3. Authenticity
    4. Utility
    5. Authentication
  4. Only security engineers need training in information assurance.
    1. True
    2. False
  5. Timeliness is an important goal of any access control monitoring system.
    1. True
    2. False
  6. Intrusion detection systems that operate on the principle of misuse detection compare activity with a ________ of known suspicious events.
  7. Intrusion detection systems that operate on the principle of specification detection use a ________ to identify normal ranges of behavior.
  8. Which events in an audit log report user logon attempts and system resource usage?
    1. System-level
    2. Application-level
    3. User-level
    4. Unauthorized access-level
  9. Which events in an audit log report user authentication attempts, commands and applications used, and security violations committed by users?
    1. System-level
    2. Application-level
    3. User-level
    4. Unauthorized access-level
  10. Which events in an audit log report error messages, file modifications, and security alerts generated by individual applications?
    1. System-level
    2. Application-level
    3. User-level
    4. Unauthorized access-level
  11. What is normalization?
    1. The process of rotating older audit logs into long-term storage
    2. The process of translating log files from various systems into a common format
    3. The process of separating normal events from anomalies
    4. The process of analyzing log files
  12. Automated audit log analysis software makes manual log analysis unnecessary.
    1. True
    2. False
  13. An SIEM is which type of tool?
    1. Access control
    2. Risk analysis
    3. Audit log analysis
    4. Training
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.149.239.110