Module 4: Endpoint & Application Development Security Flashcards
Define Key Risk Indicator (KRI)
A metric of the upper & lower bounds of specific indicators of normal network activity
Define Indicator of Compromise (IOC)
Shows that a malicious activity is occurring but it still in the early stages of an attack
Define Predictive Analysis
Discovering an attack before it occurs
What do Key Risk Indicators (KRIs) include?
1) Total network logs per second
2) Number of failed remote logins
3) Network bandwidth
4) Outbound email traffic
What does Indicator of Compromise (IOC) show?
That a malicious activity is occurring but is still in the early stages of an attack
Aids in predicitve anaysis
Define Open Source.
Refers to anything that could be freely used w/o restriction, such as open source film or open source curriculum
What is Open Source Intelligence (OSINT)?
Open source threat intelligence information that is freely available
What are 4 services that CISCP provides?
1) Analyst-to-analyst technical exchanges
2) CISCP analytical products
3) Cross industry orchestration
4) Digital malware analysis
What are analyst-to-analysst technical exchanges?
A CISCP service:
Partners can share & receive information on threat actor tactics, techniques, & procedures (TTPs) & emerging trends
What are CISCP analytical products?
A CISCP service:
A portal can be accessed through which partners can receive analysis of products & threats
What is cross industry orchestration?
A CISCP service:
Partners can share lessons learned & their expertise w/ peers across common sectors
What is digital malware analysis?
A CISCP service:
Suspected malware can be submitted to be analyzed & then used to generate malware analysis reports to mitigate threats & attack vectors
What are 2 concerns around public information sharing centers?
1) Privacy
2) Speed
What does Automated Indicator Sharing (AIS) do?
Enables the exchange of cyberthreat indicators b/t parties through computer-to-computer communication, not email communication
What are 4 CISCP privacy protections?
1) Cybersecurity Information Sharing Act (CISA)
2) Freedom of Information Act (FOIA)
3) Traffic-Light Protocol (TPL)
4) Protected Critical Infrastructure Information Act (PCII)
What is Cybersecurity Information Sharing Act (CISA)?
Federal law passed in 2015 that provides authority for cybersecurity information sharing b/w the private sector, state, & local governments, & the federal government
What is Freedom of Information Act (FOIA)?
Passed in 1967 & provides the public the right to request access to records from any federal agency
What is Traffic-Light Protocol (TLP)?
Set of designations used to ensure that sensitive information is shared only w/ the appropriate audience
What is Protected Critical Infrastructure Informatoin Act (PCII)?
2002 act that protects private sector infrastructure information that is voluntarily shared w/ the government for the purposes of homeland security
What is Structured Threat Information Expression (STIX)?
A language & format used to exchange cyberthreat intelligence
What is Trusted Automated Exchange of Intelligence Information (TAXII)?
An application protocol for exchanging cyberthreat intelligence over HTTPS
Define Closed Source?
Opposite of open source; proprietary, meaning it is owned by an entity that has an exclusive right to it
What are private information sharing centers?
Organizations participating in closed source information that restrict both access to data & participation
What are 4 sources of threat intelligence?
1) Vulnerability database
2) Threat maps
3) File and code repositories
4) Dark web