Chapter 8

Ethics in the security profession are extremely important because of the sensitivity of the data and assets. Compliance to government and state

requirements is needed in order to make good judgments.

Chapter 8 - Slides 13 - Private Cloud (WAN) Domain
Organizations can manage threats to the private cloud using the following methods:
1) Disable ping, probing, and port scanning.
2) Implement intrusion detection and prevention systems.
3) Monitor inbound IP traffic anomalies.
4) Update devices with security fixes and patches.
5) Conduct penetration tests post configuration.
6) Test inbound and outbound traffic.
7) Implement a data classification standard.
8) Implement file transfer monitoring and scanning for unknown file type.

Chapter 8 - Slides 56 - Exploring the Cybersecurity Profession
Information security positions can be categorized as::
- definers
- builders
- monitors

Chapter 8 - Slides 15 - Public Cloud Domain

Software as a service (SaaS) provides access to software that is centrally hosted and accessed by users via a web browser on the cloud.

Three different service models exist from which an organization may choose:

1) Software as a service (SaaS) – a subscription-based model that provides access to software that is centrally hosted and accessed by users via a web browser.

2) Platform as a service (PaaS) – provides a platform that allows an organization to develop, run, and manage its applications on the service’s hardware using tools that the service provides.

3) Infrastructure as a service (IaaS) – provides virtualized computing resources such as hardware, software, servers, storage and other infrastructure components over the Internet.

Chapter 8 - Slides 19 - Application Domain
Threats to applications can include the following:
1) Unauthorized access to data centers, computer rooms, and wiring closets
2) Server downtime for maintenance purposes
3) Network operating system software vulnerability
4) Unauthorized access to systems
5) Data loss
6) Downtime of IT systems for an extended period
7) Client/server or web application development vulnerabilities

Chapter 8 - Slides 41/42 - Cybersecurity Information Websites
CERT provides multiple services, including:
1) helps to resolve software vulnerabilities

2) develops tools, products, and methods to conduct forensic examinations

3) develops tools, products, and methods to analyze vulnerabilities

4) develops tools, products, and methods to monitor large networks

5) helps organizations determine how effective their security-related practices are

Chapter 8 - Slides 34 - Cyber Laws and Liability

The Family Education Records and Privacy Act (FERPA) prohibits the improper disclosure of personal education records

Chapter 8 - Slides 48 - Cybersecurity Weapons (In Notes Pane)

Vulnerability scanners are commonly used to scan for the following vulnerabilities:

1) Use of default passwords or common passwords

2) Missing patches

3) Open ports

4) Misconfiguration of operating systems and software

5) Active IP addresses

Chapter 8 - Slides 28 - Cyber Laws and Liability
The Payment Card Industry Data Security Standard (PCI DSS) governs how to protect credit card data as merchants and banks exchange transactions.

Chapter 8 - Slides 52 - Cybersecurity Weapons
Kali is an open source Linux security distribution. IT professionals use Kali Linux to test the security of their networks. Kali Linux incorporates more than 300 penetration testing and security auditing programs on a Linux platform.