CISSP Flashcards
Cyber threat intelligence
Cyber threat intelligence is the collection and analysis of threat trends to identify potential or actual threats to the organization. As a result, organizations will be better prepared to create preventative and
detective cybersecurity measures
Passive footprinting
Passive footprinting collects information about the target
without directly interacting with it. This typically involves combing through the target’s website, job sites, forums, among other sites
Active footprinting
Active footprinting
collects information about the target through direct interaction, such as e-mailing, calling, and visiting the target’s physical location
Open-source intelligence
Publicly available information
Proprietary/closed-source intelligence
Info with restricted access (e.g. police record)
Timeliness Intelligence
timely receipt/operationalization (impact > intelligence cost)
Accuracy Intelligence
Must save organizations more in success than errors/mistakes
Relevancy intelligence
Must address a threat and allow for effective action; usable delivery format
OpenIOC
OpenIOC is an open cyber threat sharing framework designed for exchanging threat data with other parties in a machine-readable standard format for defining/recording/sharing artifacts. Businesses use OpenIOC to share IOCs with other businesses that serve the threat intelligence communities worldwide
STIX
Structured Threat Information eXpression (STIX). Describes cyber threat information (motivation, abilities, capabilities, response)
TAXII
Trusted Automated eXchange of Indicator Information (TAXII), describes how threat info (STIX) can be shared (hub-and-spoke; source/subscriber; peer-to-peer); discovery, collection management, inbox, poll
Known Threats vs. Unknown Threats
Known Threats This is our low-hanging fruit, like spam and viruses, which have been seen
before. It can be found through open-source intelligence (OSINT)
Unknown Threats is considered a malicious code that has not been seen before
Zero-day
Zero-day is unknown vulnerabilities or malware that have no patches
APT
Advanced persistent threats (APTs) are skilled attackers supported by extremely large resources such as military or government-sponsored
Nation-state (Threat actors)
Nation-state threat actors are frequently among the most sophisticated adversaries, with dedicated infrastructure, training resources, and operational support behind their activities. Their activities are characterized by extensive planning and coordination and often reflect the strong government or military influence behind them
Hacktivists (Threat actors)
Hacktivists are threat actors that typically operate with less resourcing than their nation-state counterparts, but nonetheless, work to coordinate efforts to bring light to an issue or promote a cause. They often rely on readily available tools and mass participation to achieve their desired effects against a target
Organized crime
Organized crime: Threat actors operating on behalf of organized crime groups are becoming an increasingly visible challenge for enterprise defenders to confront. Profit-driven groups that target PII, credit cards etc
Insider Threat Actors
Insider threat actors work within an organization and represent a particularly high risk of causing catastrophic damage due to their privileged access to internal resources
Intelligence Cycle
The intelligence cycle is a core process used by most governments and business intelligence and security teams to process raw signals into finished intelligence for use in decision-making.
Requirements: The requirements phase involves the identification, prioritization, and refinement of uncertainties about the operational environment that the security team must resolve to accomplish its mission.
Collection: At this phase, the plan that was previously defined is executed, and data is collected to fill the intelligence gap
Analysis: The Analysis is the act of making sense of what you observe. With the use of automation, highly trained analysts will try to give meaning to the normalized, decrypted, or otherwise processed information by adding context to the operational environment.
Dissemination: Distributing the requested intelligence to the customer occurs at the dissemination phase.
Feedback: Once intelligence is disseminated, more questions may be raised, which leads to additional planning and direction of future collection efforts
Commodity Malware
Commodity malware includes any pervasive malicious software that’s made available to threat actors via sale or also call Malware-as-a-Service
H-ISAC
Health Information Sharing and Analysis Center to obtain updated health-related threat intelligence
FS-ISAC
Financial Services Information Sharing and Analysis Center. The FS-ISAC is the global financial industry’s go-
to resource for all physical and cyber threat intelligence sharing.
A-ISAC
Aviation Information Sharing and Analysis Center. Aviation cybersecurity concerns are significant enough that multiple ISACs have
sprouted around the globe
ND-ISAC
National Defense Information Sharing and Analysis Center
MITRE ATT&CK
MITRE ATT&CK is Attack frameworks tactics. The ATT&CK “tactics” describe the why of an adversary’s attack, and the “techniques” describe the how for achieving the tactic’s goal. For example, the adversary’s tactic might be Execution, and the technique could be PowerShell
Credential Stuffing
Credential stuffing is the use of usernames and passwords already obtained from a previous data breach in another organization to see if the same usernames and passwords are valid in the target organization
Vlan hopping
Vlan hopping can be accomplished with a switch spoofing method, where an attacker imitates a trunking switch by using the VLAN’s tagging and trunking protocol (Multiple VLAN Registration Protocal, IEEE 201.Q or Dynamic Trunking protocol)
Diamond Model of Intrusion Analysis
Diamond Model mapping out an attacking adversary moving toward an intended goal by exercising a capability over infrastructure against a victim.
Kill Chain
Cyber Kill Chain are some of the most popular attack frameworks that help Cybersecurity professionals around the world analyze the tactics, techniques, and procedures of adversaries based on specific attack scenarios
Reputational
Reputation data tends to describe suspicious DNS names, e-mail addresses, file hashes, IP addresses, URLs, and websites. Then, because it’s now easier for us to determine “friend” or “foe,” threats are formally assigned reputational scores. Higher scores indicate generally positive reputations, whereas lower scores indicate generally negative reputations. This information can then be automatically or manually distributed globally as part of threat intelligence sharing platforms.
Indicator of compromise (IoC)
indicator of compromise (IoC) A piece of data or other artifacts that may indicate that a system or the network has been attacked or otherwise compromised
Common vulnerability scoring system (CVSS)
The Common Vulnerability Scoring System is the de facto standard for assessing the severity of vulnerabilities. Therefore, you should be familiar with CVSS and its metric groups: base, temporal, and environmental. These groups represent various aspects of a vulnerability. Base are those characteristics that do not change over time, temporal describes those that do, and environmental represents those that are unique to a user’s environment
eFuse
In computing, an eFuse is a microscopic fuse put into a computer chip. This technology was invented by IBM to allow for the dynamic real-time reprogramming of chips. In the abstract, computer logic is generally “etched” or “hard-wired” onto a chip and cannot be changed after the chip has finished being manufactured.
Data masking
Data masking is simply the obfuscation of parts of certain data elements, such as a Social Security number. An administrative assistant might require access to the last four digits of a person’s SSN to identify that person within the context of their work, but they don’t need access to the entire SSN
Civil law
A type of law that usually pertains to the settlement of disputes between individuals, organizations, or groups and having to do with the establishment, recovery, or redress of private and civil rights. Civil law is not criminal law. It is also called tort law and is mainly for redress or recovery related to wrongdoing
Criminal law
A type of law pertaining to crimes against the state or conduct that is detrimental to society. Violations of criminal statutes are punishable by law and can include monetary penalties and jail time
Moore’s law
The belief that processing power of computers will double about every 18 months due to technological improvements.
Administrative law
A body of regulations, rules, orders, and decisions to carry out regulatory powers, created by administrative agencies
Trade secret
A trade secret is a confidential design, practice, or method that is proprietary or business related. For a trade secret to remain valid, the owner must take precautions to ensure that the data remains secure. Examples of these precautions include encryption, document marking, and physical security.
