Section 4 Flashcards
What are the steps of the OPSEC process
Identification of critical information - identify your most critical assets
Analysis of threats - analyze any threats related to the critical information you identified
Analysis of Vulnerabilties - analyzing the vulnerabilities in the protections you’ve put in place to secure your information assets.
Assessment of Risks - decide what issues you need to address in the rest of the operations security process.
Application of Countermeasures - Once you’ve discovered risks to your critical information, you can put measures in place to mitigate them.
What are countermeasures in OPSEC
putting controls in place to mitigate risks to your critical information. When you construct a countermeasure for a risk, you need to mitigate either the threat or the vulnerability at the bare minimum.
What are the “laws of OPSEC”
First Law: Know the Threats
Second Law: Know What to Protect
Third Law: Protect the Information
What is competitive intelligence
conducting intelligence gathering and analysis to support business decisions
What is human intelligence (HUMINT)
data gathered by talking to people that might include personal observations, people’s schedules, sensitive information, or any of a number of other similar items.
What is open source intelligence (OSINT)
information collected from publicly available sources, such as job postings and public records.
What is metadata
is the data about data found in almost any file that can reveal not only mundane information such as timestamps and file statistics but also more interesting data such as usernames, server names, network file paths, and deleted or updated information.
What is EXIF data
image and video file metadata that includes information such as the camera settings and hardware.
What does Maltego do?
an intelligence-gathering tool that uses relationships between particular points of data, called transforms, to discover information related to information that you already have.
What does Shodan do?
a web-based search engine that looks for information saved on internet-connected devices. allows you to search for specific information, such as particular hardware, software, or open ports.
What does EnCase do
has features that can recover and read metadata
What does ExifTool do
allows you to view and edit EXIF data from videos and photos
What is pretexting
attackers use information they’ve gathered to assume the guise of a manager, customer, reporter, co-worker’s family member, or other trusted person.
What is phishing
a social engineering technique in which an attacker uses electronic communications such as email, texting, or phone calls to collect the target’s personal information or install malware on their system, often by convincing the target to click a malicious link.
What is spear phishing
targeted attacks against specific companies, organizations, or people.