Quiz 1 Study Guide - Chrono's Cyber Chronicles

Consolidated Study Guide for Auditing Quiz 1 1. **Operating System Security**: - _Security environment:_ Tools like User Account Control in Windows for user auth, BitLocker for data encryption, and defenses against malware - _Authentication methods:_ Covers various methods including traditional passwords, security tokens, and biometric systems - *User administration best practices:* Emphasizes practices like regular account reviews, implementing least privilege, and role-based access control - *Strong password policies* Importance of password strength, including length, complexity, and regular updates. - *Vulnerabilities and risks, especially from email services.* Identifies weaknesses like unpatched software, discussing strategies for mitigation. 2. **Information Security Auditing**: - *Government regulations:* Explains laws like GDPR and PIPEDA, focusing on compliance and legal requirements - _Audit strategy and planning._ Details how to create an audit plan aligned with international standards - _Information system audit process._ Describes the auditing steps, including risk assessment and reporting - _Designing and implementing an auditing system._ Outlines the scope, objectives, and tools needed for an effective audit - _Auditing mechanisms: Tools and techniques._ Highlights both automated and manual methods for conducting audits 3. **Access Control Lists in Unix/Linux**: - _Setting up shared directories and managing permissions._ Instructions for creating a shared directory, assigning groups, and setting permissions - _User and group permission management._ Discusses read, write, execute permissions for different user groups using commands like `chmod` and `setfacl` - _Implementing ACLs for security._ Explains setting file ownership and managing access rights - _Case studies and practical examples._ Importance of limiting access to sensitive files and directories 4. **Host Security**: - _End-user awareness and training._ Importance of educating users about security risks and safe practices - _Principle of Least Privilege._ Methods for restricting user access rights to minimize risks - _Updates, patch management._ Strategies for keeping systems updated to mitigate vulnerabilities - _Firewalls, antivirus software._ Role of firewalls and antivirus software in individual system protection - _Auditing and logging for security._ Emphasizes the need for regular audits, vulnerability scans, and logging 5. **Information Security Concepts**: - _Definitions and significance of security._ Definition and importance of the CIA triad - _Challenges in information security._ Addresses the evolving nature of security threats - _Fundamental security principles._ Explains principles like layering, limiting, and diversity in security systems - _Understanding threats, vulnerabilities, and actors._ Types of threats, actors, and system vulnerabilities - _Roles and responsibilities in information security._ Discusses the responsibilities of data owners, custodians, and users