Threat Evaluation Flashcards
What is needed to properly evaluate threats?
Good threat intelligence.
What information does threat intelligence provide for evaluation?
The severity of threats, how quickly they might spread, attack techniques used, and potential mitigation methods.
What mindset should be adopted during threat evaluation?
Thinking like an attacker.
What does being ‘thorough’ in threat evaluation entail?
Looking for all possible ways to attack, not just the most obvious ones.
Why is realism important in threat evaluation?
To focus preparation on plausible events rather than highly improbable or irrelevant ones (like a meteorite strike).
What should be prepared for instead of an improbable event like a meteorite?
The consequence of the improbable event (e.g., loss of the datacenter, regardless of cause like fire, flood, or meteorite).
What does ‘completeness’ mean in threat evaluation?
Examining all of the various attack vectors.
Why is it important to review assumptions based on past events?
Because things could be changing, and past occurrences are not always an accurate predictor of future possibilities.
What aspects of the proposed operating environment need consideration?
How the system connects (wired, wireless, etc.), network location (isolated, DMZ), and use of shared resources (like databases).
Why are integrated operations important to evaluate?
Because most systems have dependencies on other systems (e.g., needing input from upstream processes).
What checks are needed for data received from other systems?
Ensuring completeness (no missed files/transactions) and preventing duplication.
What technique can help verify file transfer integrity between systems?
Using header and trailer records.
What is a common reason for systems being compromised related to setup?
Misconfiguration, often because installers lack knowledge on how to secure the system.
What are some physical environmental issues that can pose risks?
Dust, heat, freezing, and liquids.
How can users impact system risk?
Their level of experience or comfort with technology can be a factor.
Why is it important to consider future needs during the design phase?
To forecast potential changes in business processes or regulations and build in the capability to support future operations.
