1. Security Controls and Security Intelligence Flashcards
Security Operations Center
A location where security professionals monitor and protect critical information assets in an organization
Security Control
Something designed to give a particular asset or information system the properties of confidentiality, integrity, availability, and nonrepudiation
Security control categories:
Technical
Operational
Managerial
Physical
Deterrent
Compensating
Technical control
Implemented as a system (hardware, software, or firmware)
* Firewalls
* Anti-virus software
* OS access control models
Operational control
Implemented primarily by people rather than systems
* Security guards
* Training programs
Managerial control
Gives oversight of the information system
* Risk identification
* A tool allowing the evaluation and selection of other security controls
Physical control
Deter and detect access to premises and hardware
* Alarms
* Gateways
* Locks
* Lighting
* Security cameras
* Guards
Deterrent control
Psychologically discourages an attacker from attempting an intrusion
* Signs
* Warnings of legal penalties
Compensating control
A substitute for a principal control that affords the same or better protection
Security control goals/functions:
Preventative
Detective
Corrective
Preventative control
Acts to eliminate or reduce the likelihood that an attack can succeed.
Operates before an attack can take place.
Detective control
May not prevent or deter access, but it will identify and record any attempted or successful intrusion
Operates during the progress of an attack
Corrective control
Acts to eliminate or reduce the impact of an intrusion event
Used after an attack
How do you determine the efficiency of a control?
A measure of how long it can delay an attack
Security intelligence
The process through which data generated in the ongoing use of information systems is collected, processed, integrated, evaluated, analyzed, and interpreted to provide insights into the security status of those systems
Cyber Threat Intelligence (CTI)
Security Intelligence; provides data about the external threat landscape, such as active hacker groups, malware outbreaks, zero-day exploits, etc.
CTI formats
Narrative reports
Data feeds
Narrative reports
CTI
Analysis of certain adversary groups or a malware sample provided as a written document
Data feeds
CTI
Lists of known bad indicators, such as domain names or IP addresses associated with spam or distributed denial of service (DDoS) attacks, or hashes of exploit code
Security Intelligence Cycle
The process through which data is generated in the ongoing use of information systems is collected, processed, analyzed, and disseminated. At the start and end of the cycle, requirements and feedback phases establish goals and effectiveness.
Security Intelligence Cycle Steps
- Requirements (Planning & Direction)
- Sets out goals for the intelligence gathering process
- Should show how intelligence will support business goals
- Collection (& processing)
- Analysis
- Dissemination
- Feedback
Use case
A detailed description of the steps in a process to achieve the stated goal
Assessnment categories of intelligence sources
Timeliness
Relevancy
Accuracy
Confidence levels
SIEM
Security Incident and Event Management
Dissemination
A phase in the security intelligence cycle in which information is published and presented to different audiences
Intelligence distribution levels
Strategic
Operational
Tactical
Strategic intelligence distribution
Addresses broad themes and objectives, affecting projects and business priorities over weeks and months
Operational intelligence distribution
Addresses the day-to-day priorities of managers and specialties
Tactical intelligence distribution
Informs the real-time decisions made by staff as they encounter alerts and status indicators
Information Sharing and Analysis Center (ISAC)
Produces industry specific threat intelligence
