Attack Frameworks Flashcards
Which framework was developed by Lockheed Martin to identify and prevent cyber intrusions
Cyber kill chain
Which framework is a 4 Step model of adversary ) capabilities, infrastructure and victims
Diamond model of intrusion analysis
Which framework focuses on real-life tactics and techniques of attacks?
Mitre attack
Which framework is focused on testing the security of an organization and analyze it?
Open source security testing methodology manual ( OSS tmm)
Which testing guide is for testing the security of web applications?
OWASP testing guide
What are standardized steps to take after an incident has happened
Playbooks
A non-technical training exercise that prepares you for when an incident does happen
Tabletop
What are the phases or steps of the post incident activity
Forensic analysis
Root cause analysis
Lessons learned
What are key performance indicators and metrics?
Trends
Top 10
Zero-days
Service level objectives
What are some things that should be mentioned during an incident reporting?
Executive summary
Who what when where why
Timeline
Scope
Evidence
Impact
Recommendations
Name a few communication channels that should be involved during an incident report
. Legal personnel
Public relations
Media
Law enforcement
Regulatory reporting
What type of control is put in place to temporarily satisfy
Compensating control
Name the control types
Managerial
Operational
Technical
Preventative
Detective
Responsive
Corrective
Secure coding best practices
Input validation
Output encoding
Session management
Authentication
Data protection
Parametrized queries
A path to find threats and the security systems
Threat modeling
