MIST 5775 Quiz 1: Fundamental CTI Concepts

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

Threat

A set of circumstances that exploits vulnerabilities to cause loss or harm

Vulneribilities

A weakness in the system These can be exploited to cause loss or harm.

How to recognize them?

Also dubbed indicators of compromise (IOC) or artifacts, these technical telltales (IP addresses, hashes, etc.) provide clear information that can be used to detect and signal a malicious presence.

Control/countermeasure

An action/device/procedure/technique that eliminates or reduces a vulnerability

Who is attacking?

CTI helps defenders attribute attacks/malicious activities to certain groups (cyber criminals, hacktivists, government/national agencies, etc.)

just an automated data feed, waiting for an attack, or cleaning up a breach.

CTI is NOT:

Timely: catching threats and pending attacks as early as possible Informative: improving threat, attack, and threat actor identification to enable decision making Adaptive: customizing and tuning intel for your organization, not just buying intel feeds

CTI is:

Where do they come from?

Correlating an adversary's country of origin with its geopolitical situation can help defenders understand their enemies.

How to mitigate them?

Information about the steps a company can take to protect itself.

CTI Lifecycle

Intelligence Strategy -> Intelligence Aggregation -> Threat Analytics -> Operational Intelligence

Adversary based Risk Focused Process oriented Tailored for diverse consumers

Key characteristics of CTI

Why are they doing it?

Knowing who is behind an attack helps defenders understand their adversary's motivations, how much effort they would put into an attack (advanced persistent threat [APT] vs opportunistic attacks), and how business/industry-specific such attacks could be.

How are they proceeding?

The so-called tactics, techniques, and procedures (TTPs) give insight about the way adversaries typically proceed, the tools and infrastructures they use, and more.

Intelligence Strategy

Threat trending •Asset Identification •Indicators of Compromise •Threat Modeling •Intelligence Buy-in

Confidentiality, Integirty, Avaliability

What do we mean by "protect?"

To protect cyber infastructure

What is the main goal of cybersecurity

What are they after?

With this information defenders can prioritize their actions based on the importance of the asset or assets the attackers are targeting.

Distributed Denial of Service (DDoS)

a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet. Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled.

Decryption

a process that decodes a message or file so that it can be read by the right people

Encryption

a process that encodes a message or file so that it can be only be read by certain people

Advanced Persistent Threat (APT)

a stealthy threat actor, typically a nation state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an

NIST Framework

consists of standards, guidelines and best practices to manage cybersecurity risk

Proper identity and access management

enables the right individuals to access the right resources at the right times and for the right reasons

Cyber Threat Intelligence

knowledge about adversaries and their motivations, intentions, and methods that is collected, analyzed and disseminated in ways that help security and business staff at all levels protect the critical assets of the enterprise

Ransomware

malicious software that infects your computer and displays messages demanding a fee to be paid in order for your system to work again

Threat

often utilize the word _____ to refer to a risk.

Integrity

the ability of a cyber infrastructure to ensure that assets are modifiable only by authorized parties.

Avaliability

the ability of a cyber infrastructure to ensure that assets are usable by and accessible to all authorized parties.

Confidentiality

the ability of a cyber infrastructure to ensure that assets are viewable only by authorized parties.

NICE Framework

the blueprint to categorize, organize, and describe cybersecurity work

Phishing/spoofing

the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.

Social Engineering

the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes.

Structure of CTI Lifecycle

• Focus on understanding the organization first, then collecting relevant data, analyzing, using and disseminating intelligence.

Operational Intelligence

•Actionable intelligence •Course of action •Proactive defense •Intelligence dissemination

Threat Analytics

•Cyber kill chain •Hacker profiling & tracking •Fundamental analytics •Visualization

Intelligence Aggregation

•Intelligence Sources •Internal Intelligence •Open Source Intelligence


Kaugnay na mga set ng pag-aaral

Complete IELTS Bands 6.5-7.5, Unit 1 Word List

View Set

Past Tests Questions: Final review

View Set

Macroeconomics exam 2 study guide

View Set

LSB 3213 Chapter 33: Agency Liability and Termination

View Set

Point of View and Purpose in Informational Texts

View Set

Chapter 1- History of & Trends in Counselling

View Set

Occupational Safety & Health Administration

View Set