INFOASEC - Module 2

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

Cybersecurity Analyst

SOC job role processes security alerts and forwards tickets to Tier 2 if necessary.

Incident Responder

SOC job role responsible for deep investigation of incidents

SIEM (acronym)

Security Information and Event Management

SOC Acronym

Security operations center

Event collection, correlation, and analysis Security monitoring Security control Log management Vulnerability assessment Vulnerability tracking Threat intelligence

Technologies in a SOC should include the following:

Tier 3 Threat Hunter

These professionals have expert-level skill in network, endpoint, threat intelligence, and malware reverse engineering.

Tier 1 Alert Analyst

These professionals monitor incoming alerts, verify that a true incident has occurred, and forward tickets to Tier 2, if necessary.

SOC services

These services include monitoring threats to network security and managing comprehensive solutions to fight against threats. Ensuring secure routing exchanges and providing secure Internet connections are tasks typically performed by a network operations center (NOC). Responding to facility break-ins is typically the function and responsibility of the local police department.

Tier 3 Threat Hunter

They are also deeply involved in hunting for potential threats and implementing threat detection tools.

Tier 3 Threat Hunter

They are experts at tracing the processes of the malware to determine its impact and how it can be removed.

SOC Manager

This professional manages all the resources of the SOC and serves as the point of contact for the larger organization or customer.

to include predefined playbooks that enable automatic response to specific threats

What is a characteristic of the SOAR security platform?

to analyze all the data that firewalls, network appliances, intrusion detection systems, and other devices generate and institute preventive measures

What is the role of SIEM?

Dwell Time

Which KPI metric does SOAR use to measure the length of time that threat actors have access to a network before they are detected and the access of the threat actors stopped?

MTTD

Which metric is used in SOCs to evaluate the average time that it takes to identify that valid security incidents have occurred in the network?

CompTIA

Which organization offers the vendor-neutral CySA+ certification?

threat intelligence security monitoring vulnerability tracking

Which three technologies should be included in a security information and event management system in a SOC?

1. Monitoring network security threats 2. Managing comprehensive threat solutions

Which two services are provided by security operations centers?

KPI

are devised to measure different aspects of SOC performance

SIEM and security orchestration, automation and response (SOAR)

are often paired together as they have capabilities that complement each other.

SIEM systems

are used for collecting and filtering data, detecting and classifying threats, and analyzing and investigating threats

SIEM (Security Information and Event Management) systems

are used for collecting and filtering data, detecting and classifying threats, and analyzing and investigating threats.

SIEM (as device)

device that integrates security information and event management into a single platform

ticketing system

frequently used to assign alerts to a queue for an analyst to investigate.

Tier 2 Incident Responder

involved in deep investigation of incidents

Tier 1 personnel

personnel in SOC that is assigned the task of verifying whether an alert triggered by monitoring software represents a true security incident

SOAR (acronym)

security orchestration, automation and response

Mean Time to Detect (MTTD)

the average time that it takes for the SOC personnel to identify valid security incidents have occurred in the network.

Mean Time to Respond (MTTR)

the average time that it takes to stop and remediate a security incident.

dwell time

the length of time that threat actors have access to a network before they are detected, and their access is stopped.

Mean Time to Contain (MTTC)

the time required to stop the incident from causing further damage to systems or data.

Time to Control

the time required to stop the spread of malware in the network.

further investigating security incidents

A network security professional has applied for a Tier 2 position in a SOC. What is a typical job function that would be assigned to a new employee?

a SME for further investigation

After a security incident is verified in a SOC, an incident responder reviews the incident but cannot identify the source of the incident and form an effective mitigation procedure. To whom should the incident ticket be escalated?

SOAR Orchestration

Creates a customized platform that integrates and coordinates numerous security tools and resources.

SOC technologies include one or more of the following:

Event collection, correlation, and analysis Security monitoring Security control Log management Vulnerability assessment Vulnerability tracking Threat intelligence

SOAR Automation

Executes security processes with a minimum amount of human intervention. Helps address the shortage in cybersecurity analyst talent and increases efficiency

by collecting and filtering data

How can a security information and event management system in a SOC be used to help personnel fight against security threats?

52.56

If a SOC has a goal of 99.99% uptime, how many minutes of downtime a year would be considered within its goal?

ticketing system

In the operation of a SOC, which system is frequently used to let an analyst select alerts from a pool to investigate?

KPI (acronym)

Key Performance Indicator

SOAR Response

Prescribes and executes security procedures to be followed in response to security events. Can be in the form of a security runbooks that consist of rule-based automated responses that were created to address specific types of events


Kaugnay na mga set ng pag-aaral

REAL ESTATE FINANCE JUNE 24 ( 85 )

View Set

Completing the Application, Underwriting and Delivering the Policy

View Set

PHY 1409 Book MisConceptual Questions Ch 16-30

View Set

GRIZAL: Education Abroad - Jose Rizal's Biography

View Set