Domain 1: Threat Management

Get Started. It's Free
or sign up with your email address
Rocket clouds
Domain 1: Threat Management by Mind Map: Domain 1: Threat Management

1. Secure Endpoint Management

1.1. What is secure endpoint management?

1.1.1. Secure endpoint management consists of 5 things. Hardening system controls, patch management, group policies, endpoint security software, and compensating controls.

1.1.2. Utilizing these 5 tools ensures endpoint devices are secure.

1.1.3. Endpoint devices are devices such as laptops, cellphones, and desktops.

1.2. What is hardening system configurations?

1.2.1. Hardening system configurations is when you try to harden a system so that the device is less susceptible to attacks.

1.2.2. Some examples are disabling unnecessary services, disabling unnecessary ports, making sure the configurations are secure, centrally controlling security settings rather than locally (end user).

1.3. What is patch management?

1.3.1. Patch management is released by vendors like Microsoft to patch software vulnerabilities or bugs. Once patches are released, attackers try to find a vulnerability to hack/attack.

1.3.2. Organizations need to make sure they routinely apply patches across their systems to prevent attacks.

1.3.3. Microsoft system center configuration (SCCM) is software that patches systems.

1.4. What is compensating controls?

1.4.1. Compensating controls is when you can't use a security control but you can compensate for it by providing a similar level of security.

1.4.2. For example, if a patch doesn't exist but a vulnerability does you can put a compensating control in front of the vulnerability until a patch can be made.

1.4.3. Compensating controls is used to bring down risk to an acceptable level.

1.5. What is group policies?

1.5.1. Group police allows administrators a way to manage systems and security configurations across a network.

1.5.2. Some examples are requiring the use of a firewall on all hosts, mapping to a share drive on login, setting security restrictions on the pc (can't use Internet Explorer, Microsoft Edge).

1.6. What is endpoint security software?

1.6.1. Endpoint security software is software that secures desktops and laptops from malware and viruses.

1.6.2. The software should report to a central management system for cyber analysts.

1.6.3. Some examples are antivirus, anti-malware, host-based IDS or IPS.

1.7. What is mandatory access control (MAC)?

1.7.1. Mandatory access control sets security permissions centrally and local users are unable to make change.

1.7.2. MAC is not typically used because the end user has less control.

1.7.3. MAC is more secure than discretionary access control.

1.7.4. MAC is typically used in sensitive environments.

1.8. What is discretionary access control (DAC)?