Lecture 1 Flashcards
Introduction to Security Operations and SOC
What is the primary purpose of a Security Operations Center (SOC)?
To deal with security issues on both an organizational and technical level using people, processes, and capabilities.
What factors can lead to a dysfunctional SOC?
Lack of educated security professionals, hyper focus on preventing compromises, inability to scale to meet demand, and improper security considerations when moving to cloud services.
Name the four types of cyber threat actors.
Cybercriminals, Hacktivists, State-sponsored actors, and Cyberterrorists.
What are the core principles of Information Assurance?
Confidentiality, Integrity, and Availability (CIA).
Describe the Defense in Depth strategy.
It uses a combination of people, processes, and technology to create multiple layers of defense to ensure continuous protection even if one layer fails.
What is the Cyber Kill Chain Model?
A model describing the stages of a cyber attack: Reconnaissance, Weaponization, Delivery, Exploitation, Installation, Command and Control, and Actions and Objectives.
What are the three types of detection methods in cybersecurity?
Signature detection, Behavior detection, and Anomaly detection.
What is the purpose of the NIST Cybersecurity Framework?
To provide standards, guidelines, and best practices to manage and reduce cybersecurity-related risk.
How do cybercriminals differ from hacktivists?
Cybercriminals are motivated by financial gain, whereas hacktivists are driven by a cause or belief.
What is the importance of establishing a baseline in cybersecurity?
To assess the maturity of current practices and develop goals for future capabilities and services.
What are fundamental cybersecurity capabilities for a SOC?
Signature detection, Behavior detection, and Anomaly detection.
Describe the concept of ‘Defense-in-depth.’
A layered approach to security that ensures multiple defensive measures are in place to protect data.
What is the purpose of the Cyber Kill Chain Model?
To break down the steps an adversary takes to launch an attack, helping defenders understand and counteract each stage.
What are some key impacts of a security breach on an organization?
Financial losses, loss of customer trust, potential fines, and loss of staff.
How does a dysfunctional SOC affect an organization?
It leaves the organization vulnerable to cyber threats, leading to potential exploitation of vulnerabilities.
