Deck 12: Information Security Maintenance

Over time,policies and procedures may become inadequate because of changes in agency mission and operational requirements,threats,or the environment.

Often,US-CERT is viewed as the definitive authority for computer emergency response teams.

A maintenance model such as the ISO model deals with methods to manage and operate systems.

An effective security program demands comprehensive and continuous understanding of program and system configuration.

Documentation procedures are not required for configuration and change management processes.

When the amount of data stored on a particular hard drive averages 30-40% of available capacity for a prolonged period,consider an upgrade for the hard drive.

Remediation of vulnerabilities can be accomplished by accepting or transferring the risk,removing the threat,or repairing the vulnerability.

Over time,external monitoring processes should capture information about the external environment in a format that can be referenced both across the organization as threats emerge and for historical use.

All systems that are mission critical should be enrolled in PSV measurement.

Court decisions generally do not impact agency policy.

The value of internal monitoring is low when the resulting knowledge of the network and systems configuration is fed into the vulnerability assessment and remediation maintenance domain.

All telephone numbers controlled by an organization should be tested for modem vulnerability,unless the configuration of the phone equipment on premises can assure that no number can be dialed from the worldwide telephone system.

Many publicly accessible information sources,both mailing lists and Web sites,are available to those organizations and individuals who have the time,expertise,and finances to make use of them.

The characteristics concerned with manufacturer and software versions are about technical functionality,and they should be kept highly accurate and up-to-date.

Digital forensics helps the organization understand what happened and how.

External monitoring entails collecting intelligence from various data sources and then giving that intelligence context and meaning for use by decision makers within the organization.

If an organization deals successfully with change and has created procedures and systems that can be adjusted to the environment,the existing security improvement program will probably continue to work well.

An intranet scan starts with an Internet search engine.

The vulnerability database,like the risk,threat,and attack database,both stores and tracks information.

Organizations should have a carefully planned and fully populated inventory of all their network devices,communication channels,and computing devices._________________________

The primary goal of the external monitoring domain is to maintain an informed awareness of the state of all of the organization's networks,information systems,and information security defenses._________________________

Specific routine bulletins are issued when developing threats and specific attacks pose a measurable risk to the organization._________________________

Major planning components should be reviewed on a periodic basis to ensure that they are current,accurate,and appropriate.

UN-CERT is a set of moderated mailing lists full of detailed,full-disclosure discussions and announcements about computer security vulnerabilities._________________________

CM assists in streamlining change management processes and prevents changes that could detrimentally affect the security posture of a system before they happen._________________________

Each phase of the SDLC includes a(n)maximum set of information security-related activities required to effectively incorporate security into a system._________________________

ISO 27001 Information Security Handbook: A Guide for Managers provides managerial guidance for the establishment and implementation of an information security program._________________________

Tracking awareness involves assessing the status of the program as indicated by the database information and mapping it to standards established by the agency._________________________

To be put to the most effective use,the information that comes from the IDPS must be integrated into the inventory process._________________________

Threats cannot be removed without requiring a repair of the vulnerability.

Policy needs to be reviewed and refreshed from time to time to ensure that it's sound.

For configuration management (CM)and control,it is important to document the proposed or actual changes in the security plan of the system._________________________

Rehearsal adds value by exercising the procedures,identifying shortcomings,and providing security personnel the opportunity to improve the security plan before it is needed.

In some organizations,facilities management is the identification,inventory,and documentation of the current information systems status-hardware,software,and networking configurations._________________________

The basic function of the external monitoring process is to monitor activity,report results,and escalate warnings._________________________

CERTs stands for computer emergency recovery teams._________________________

A trouble ticket is closed when a user calls about an issue._________________________

An effective information security governance program requires constant change._________________________

In some instances,risk is acknowledged as being part of an organization's business process.

The CISO uses the results of maintenance activities and the review of the information security program to determine if the status quo can adequately meet the threats at hand._________________________

The final process in the vulnerability assessment and remediation domain is the exit phase._________________________

WLAN stands for wide local area network._________________________

A(n)war game puts a subset of plans in place to create a realistic test environment._________________________

When possible,major plan elements should be rehearsed._________________________

The internal vulnerability assessment is usually performed against all public-facing addresses,using every possible penetration testing approach._________________________

You can document the results of the verification by saving a(n)profile._________________________

The optimum solution in most cases is to repair a(n)vulnerability._________________________

An example of the type of vulnerability exposed via traffic analysis occurs when an organization is trying to determine if all its device signatures have been adequately masked._________________________

The process of identifying and documenting specific and provable flaws in the organization's information asset environment is called VA._________________________

A performance ____________________ is an expected level of performance against which all subsequent levels of performance are compared.

____________________ is the process of reviewing the use of a system,not to check performance,but rather to determine if misuse or malfeasance has occurred.

As the help desk personnel screen problems,they must also track the activities involved in resolving each complaint in a help desk ____________________ system.

Virtually all aspects of a company's environment are ____________________.

Organizations should perform a(n)____________________ assessment of their information security programs.