General Knowledge Flashcards
What is GRC?
Governance, Risk Management, and Compliance
What tool should businesses use to track risks?
Risk Register
What role does Governance play in the approach to Cybersecurity?
Responsible for creating and maintaining organizational policies. Defines the organizations expectations of its employees and approach to cybersecurity.
What are SLO’s within cybersecurity and a Secure Operations Center
Serice Level Object which are the standards that organizations and their leadership must meet to ensure the security of their network.
What is MTTD and MTTR
Mean Time to Detect
Mean Time to Recover
What are the 4 Risk Responses
Avoid
Accept
Mitigate
Transfer
Briefly Describe Threat Modeling
Designed to identify the principal risks and tactics, Techniques and procedures (TPP) that a given system may be subject to by evaluating the system both from an attacker’s point of view and from the defender’s point of view.
Name some standard frameworks to help practitioners with controls
NIST 800-171 Protecting Controlled Unclassified Information in NonFederal Systems and Orgs
NIST 800-53 Security and Privacy Controls for Federal Systems
ISO27001 and CIS Top 18 ver 4
Name the 3 different classes of Control Types
Technical - Systems
Operational - People
Managerial - Oversight
Modern approach to security controls includes preventative but name the 4 additional ones.
Detective
Corrective
Compensating
Corrective
This control acts to eliminate or reduce the likelihood of an attack. ACL’s , File System object, AV, etc
Preventative
This control does not prevent but will identify and record any attempted our successful intrusion
Detective
This control acts to eliminate or reduce the impact of an intrusion attempt.
Corrective
This control serves as as substitute for a principal or control.
Compensating
Using a standard and afford better protection than existing control.
This control serves to direct corrective action.
Responsive
SOC response with well-defined procedures
The term for adopting a functional approach to security controls that maps to known adversary tools and tactics.
Course of Action Matrix (CoA)
Name two of the most popular hardening Guides
CIS Benchmarks - 1000 pages
Department of Defense Security Technical Guides (STIGs)
What is the attack surface analysis tools that uses MITRE ATT&CK Framework
Adversary Emulation - Red Team Engagement
Comparing Adversary vs Penetration Testing
Goal of the penetration test is to simulate an attack to identify the vulnerabilities and weakness. Prioritize based on findings.
Adversary emulation simulates a real-world cyber-attack by a red team to assess an organizations defense. Much more comprehensive than a pen test.
What is the attack surface analysis that offers rewards based on certain elements?
Bug Bounty
What is the difference between Threat Intelligence and Threat Hunting
They both encompass the strategies used to detect and protect against active threats.
Threat Intelligence describes gathering and analyzing data to help identify potential threats and determine most cost-effective way to mitigate them.
Threat Hunting is the active search for signs of malicious activity on a network. It uses tools and techniques to search for potential threats such as logs
Who published the Common Vulnerabilities and Exposures
MITRE.org
What is the common term for Command and Control
C&C or C2
Name a defining characteristic of an ATP
Adversary removes evidence of the attack.
What is OSINT
Open-Source Intelligence - using publicly available information such as web sites, blogs, chat forums, etc.