CYSA+: Topic 1B

Ace your homework & exams now with Quizwiz!

threat data

OSINT techniques can also be a source of ____, as researchers use them to discover more about adversary groups & malicious actors

open-source

_____ repositories include threat feeds similar to the commercial providers, but also reputation lists & malware signature databases

automated detection & monitoring systems

acquiring accurate & relevant information about attacks suffered by organizations working in similar industries will improve ____ & _____, though there will be some increased risk of false positive alerts & notifications

collection/processing

another consideration for the _____ phase is to keep security data secure

incorporated

as part of the requirements phase of the life cycle, it is important to assess sources as they are ____ within the data set this is particularly important when considering threat intelligence, as this data is likely to derive from external sources

proactive threat modeling & threat hunting

as well as improving operational capabilities, threat intelligence promotes new strategies to information assurance, such as ____ & ____ techniques

strategic level

at a _____, threat intelligence can identify previously unrecognized sources of vulnerabilities, such as embedded systems, IoT home automation devices, deep fakes, or AI-facilitated fuzzing to discover zero-day vulnerabilities

operational level

at a _____, threat intelligence can identify priorities for remediation, such as campaign targeting a vulnerability in web server software

goals & tactics

by linking the 2 sources of intelligence, you can identify what 2 things associated with that group & use controls to mitigate further attacks?

use case

each ____ should be supported by filter or query strings to extract relevant data

embedded & industrial control

one of the primary area of focus for cybersecurity in industries that support critical infrastructure is with what 2 types of systems?

16

the DHS identifies how many critical infrastructure sectors? each sector is supported by its own ISAC

requirements

the ____ phase of the security intelligence cycle sets out the goals for the intelligence gathering effort?

dissemination

the ____ phase refers to publishing information produced by analysis to consumers who need to act on the insights developed can take many forms, from status alerts sent to incident responders to analyst reports circulated to C-suite executives

fraud, terrorists, & nation-state actors

the aviation industry is targeted for/by what 3 things?

explicit knowledge

threat feeds contribute to what? (insights that can be directly applied to a security process)

Meltdown & Spectre

threat intelligence can also provide ongoing monitoring & analysis of vulnerabilities such as ____ & _____, which could pose lasting risks well past the impact of their initial announcement

commercial

threat intelligence is widely provided as a ____ service offering, where access to updates & research is subject to a subscription fee some of these ____ sources primarily repackage information coming from free public registries, while others provide proprietary or closed-source data that may not be found in the free public registries

network & application operational

threat intelligence should be shared with ___ & ____ security teams so that they can apply best practices to the controls that they responsibility for

requirements & processing/collection

what 2 phases establish a normalized, searchable data set that can be analyzed to produce useful information, or actionable intelligence, for dissemination to information consumers, such as incident response staff, software development teams, & IT operations teams?

strategic intelligence

what addresses broad themes & objectives, affecting projects & business priorities over weeks & months?

operational intelligence

what addresses the day-to-day priorities of managers & specialists?

interference in the electoral process & the security of electronic voting mechanisms

what are 2 key cybersecurity concerns for governments?

IBM X-Force Exchange, FireEye, & Recorded Future

what are 3 examples of commercial providers?

lessons learned, measurable success, & address evolving security threats

what are 3 things the feedback phase might address?

timeliness, relevancy, accuracy, & confidence levels

what are 4 factors that identify the value of threat intelligence?

AT&T Security (previously OTX), MISP, Spamhaus, SANS ISC Suspicious Domains, & VirusTotal

what are 5 examples of open-source providers?

use cases

what are developed from threat analysis to provide a working model of what to look for within a data set?

data feeds

what are lists of known bad indicators, such as domain names or IP addresses associated with spam or DDoS attacks, or hashes of exploit code known as? this provides tactical or operational intelligence that can be used within an automated system to inform real-time decisions & analysis as part of incident response or digital forensics

narrative reports & data feeds

what are the 2 formats that CTI typically products?

requirements (planning & direction), collection (& processing), analysis, dissemination, & feedback

what are the 5 steps involved in the security intelligence cycle?

intelligence distribution

what can be thought of as occurring at strategic, operational, & tactical levels?

threat intelligence

what can be used to improve capabilities across different security functions?

Security Engineering

what focuses on the design & architecture of hardware, software, & network platforms to reduce their attack surface?

risk management

what identifies, evaluates, & prioritizes threats & vulnerabilities to reduce their negative impact?

tactical intelligence

what informs the real-time decisions made by staff as they encounter alerts & status indicators?

security intelligence cycle

what involves various steps you perform to not only collect data, but also to process & analyze it so you can obtain actionable insights, which are formatted & organized to provide decision makers with relevant & useful information?

OSINT

what is an example of a reconnaissance technique?

narrative reports

what is analysis of certain adversary groups or a malware sample provided as a written document known as? these provide valuable information & knowledge, but in a format that must be assimilated manually by analysts. this is most useful at providing strategic intelligence to influence security control selection & configuration

closed-source data

what is derived from the provider's own research & analysis efforts, such as data from honeynets that they operate, plus information mined from its customers' systems, suitably anonymized?

strategic threat intelligence

what is important for establishing an up-to-date model of threat sources & actors, & their motivations, capabilities, & tactics?

security intelligence

what is the process through which data generated in the ongoing use of information systems is collected, processed, integrated, evaluated, analyzed, & interpreted to provide insights into the security status of those systems?

planning & direction

what is the requirements phase of the security intelligence cycle also known as?

collection

what is usually implemented by software suites, such as SIEM?

analysis

what needs to be performed in the context of use cases?

requirements

what phase should also consider any special factors & constraints that will ultimately determine it?

feedback

what phase utilizes the input of both intelligence producers & intelligence consumers? the goal of this phase is to improve the implementation of the other phases as the life cycle develops

cyber threat intelligence (CTI)

what provides data about the external threat landscape, such as active hacker groups, malware outbreaks, zero-day exploits, & so on? typically produced in one of two formats: narrative reports & data feeds

processing

what puts data into a consistent format so that analysis tools can operate on it effectively? it ensures that the data point is referenced consistently, can be searched/indexed, & can be correlated across multiple sources

admiralty scale

what rates sources with letters from a (reliable) to g (purposefully deceptive) & information credibility from 1 (confirmed by multiple sources) to 6 (cannot be validated)?

multi-state ISAC

what serves non-federal governments in the US, such as state, local, tribal & territorial governments?

Information Sharing & Analysis Centers (ISACs)

where a generic open-source or commercial threat intelligence provider might use corporate or academic networks to gather data, ____ produce data from their members' systems, so the data is highly industry-specific & relevant information shared within an ____ is given legal protections by the PCII program operated by the DHS

incident response

where risk management & security engineering make best use of strategic insights, ____ is better served by operational & tactical insights

government agencies

who represents one source of public threat information?


Related study sets

DPT 770: Module 4 - Cultural Competence

View Set

Negotiations in Management - CH 5

View Set

Chinese III 我的一天 Quizlet

View Set

Foundations of the Industrial Revolution Vocab

View Set

Chapter 12 - Marketing Channels: Delivering Customer Value

View Set

Connect 1 Which two of the following are true about system software

View Set