Section 1 Overview to Security Flashcards
Act of protecting data and information from unauthorized access, unlawful modification and disruption, disclosure, corruption, and destruction.
Information Security
Act of protecting the systems that hold and process our critical data.
Information Security Systems
Confidentiality, Integrity, Availability
CIA Trad
Information has not been disclosed to unauthorized people.
Confidentiality
Information has not been modified or altered without proper authorization.
Integrity
Information is able to be stored, accessed, or protected at all times.
Availability
When a person’s identity is established with proof and confirmed by all systems. Example: Logging in
Authentication
- Something you know
- Something you have
- Something you are
- Something you do
- Somewhere you are
Five methods of Authentication
Occurs when a user is given access to a certain piece of data or certain areas of a building.
Authorization
Tracking of data, computer usage, and network resources. (Information is stored in a log file)
Accounting
Occurs when you have proof that someone has taken an action.
Non-Repudiation
Short-hand term for malicious software.
Malware
Occurs when a computers crashes or an individual application fails.
System Failure
Occurs when access to a computer resources and data happens without the consent of the owner.
Unauthorized Access
Act of manipulating users into revealing confidential information or performing other detrimental actions.
Social Engineering
Alarm systems, locks, surveillance, cameras, identification cars, and security guards.
Physical Controls
Smart cords, encryption, access control list (ACL’s), intrusion detection systems, and network authentication.
Technical Controls
Policies, procedures, security awareness training, contingency, planning, and disaster recovery plans. (Sometimes called Managerial Controls)
Administrative Controls
The most effective security control to use.
User Training
- White Hats
- Black Hats
- Grey Hats
- Blue Hats
- Elite
Five Types of Hackers
Non-malicious hackers who attempt to break into a company’s systems at their request. (Ethical hackers and Pen Testers)
White Hats
Malicious hackers who break into computer systems and networks without authorization or permission.
Black Hats
Hackers without any affiliation to a company that attempts to break into a company’s network and risks breaking the law.
Grey Hats
Hackers who attempt to hack into a network with permission of the company but are not employed by the company.
Blue Hats
Hackers who find and exploit vulnerabilities before anyone else does. ( 1 in 10,000 hackers are elite)
Elite
Have limited skills and only run other peoples exploits and tools.
Script Kiddies
Hackers who are driven by a cause like social change, political agendas, or terrorism.
Hacktivists
Hackers who are part of a crime group that is well funded and highly sophisticated.
Organized Crime
Highly trained and funded groups hackers (often by nation states) with covert and open source intelligence at their disposal.
Advanced Persistent Threats
Property of an intelligence source that ensures it is up to date.
Timeliness
Property of an intelligence source that ensures it matches the use cases intended for it.
Relevancy
Property of an intelligence source that ensures it produces effective results.
Accuracy
Property of an intelligence source that ensures it produces qualified statements about reliability.
Confidence Levels
Codifies the use of the admiralty scale for grading data and estimative language.
MISP Project
Threat intelligence is very widely provided as a commercial service offering, where access to updates and research is subjected to a subscription fee.
Proprietary
Data that is derived from the providers own research and analysis efforts, such as data from honeynets that they operate, plus information mined from its customers’ systems, suitably anonymized.
Closed-Source
Data that is available to use without subscription, which may include threat feeds similar to the commercial providers and many contain reputation lists and malware signature databases.
Open-Source
Methods of obtaining information about a person or organization through public records, websites, and social media.
Open-Source Intelligence (OSINT)
A cybersecurity technique designed to detect presence of threats that have not been discovered by a normal security monitoring.
Threat Hunting
A hypothesis is derived from the threat modeling and is based on potential events with higher likelihood and higher impact.
Establishing a Hypothesis
Involves the creation of scenarios that show how a prospective attacker might attempt an intrusion and what their objectives might be.
Profiling Threat Actors and Activites
A model developed by Lockheed Martin that describes the stages by which a threat actor progresses a network intrusion.
Lockheed Martin Killchain
- Reconnaissance
- Weaponization
- Delivery
- Exploitation
- Installation
- Command and Control (C2)
- Actions on Objectives
Seven stop Method for the Killchain
A knowledge base maintained by the MITRE Corporation for listing and explaining specific adversary tactics, techniques, and common knowledge or procedures.
MITRE Att&ck Framework
A framework for analyzing cybersecurity incidents and intrusions by exploring the relationships between four core features: adversary, capability, infrastructure, and victim.
Diamond Model of Intrusion Analysis
