Threat Intelligence sharing Flashcards

1
Q

The process through which data generated in the ongoing use of information systems is collected, processed, analyzed, and disseminated to provide insights into the security status of those systems

A

Security Intelligence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

The process of investigating, collecting, analyzing, and disseminating information about emerging threats and threat sources to provide data about the external threat landscape
▪ Narrative reports
▪ Data Feeds

A

Cyber Threat Intelligence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Intelligence Cycle

A

Requirements (Planning & Direction)
Collection (& Processing)
Analysis
Dissemination
Feedback

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Requirements (Planning & Direction)

A

The requirements phase sets out the goals for the intelligence gathering effort

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Collection (& Processing)

A

The collection process is implemented by software tools, such as SIEMs, and then processed for later analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Analysis

A

The analysis is performed against the given use cases from the planning phase and may utilize automated analysis, artificial intelligence, and machine learnin

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Dissemination

A

The dissemination phase refers to publishing information produced by analysis to
consumers who need to act on the insights developed
▪ Strategic
▪ Operational
▪ Tactical

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Feedback

A

The phase that aims to clarify requirements and improve the collection, analysis,
and dissemination of information by reviewing current inputs and outputs
▪ Lessons learned
▪ Measurable success
▪ Evolving threat issues

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Property of an intelligence source that ensures it is up-to-date

A

Timeliness

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Relevancy

A

Property of an intelligence source that ensures it matches the use cases intended
for it

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Accuracy

A

Property of an intelligence source that ensures it produces effective results

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Open-Source

A

Data that available to use without subscription, may include threat feeds similar
to the commercial providers, and may contain reputation lists and malware
signature databases
▪ US-CERT
▪ UK’s NCSC
▪ AT&T Security (OTX)
▪ MISP
▪ VirusTotal
▪ Spamhaus
▪ SANS ISC Suspicious Domains

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Open-Source Intelligence (OSINT)

A

Methods of obtaining information about a person or organization through public records, websites, and social media

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Information Sharing and Analysis Center (ISAC)

A

A not-for-profit group set up to share sector-specific threat intelligence and security best practices amongst its members
CISP, a Cyber Security Information Sharing Partnership, is like an ISAC within the UK

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Critical Infrastructure

A

Any physical or virtual infrastructure that is considered so vital to the United States that their incapacitation or destruction would have a debilitating effect on
security, national economic security, national public health or safety,
or any combination of these
ICS, SCADA, and embedded system threats are a main focus within critical infrastructure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Government

A

Serves non-federal governments in the US, such as state, local, tribal and
territorial governments

17
Q

Healthcare

A

Serves healthcare providers that are targets of criminals seeking blackmail and ransom opportunities by compromising patient data records or interfering with
medical devices

18
Q

Financial

A

Serves the financial sector to prevent fraud and extortion of both the consumer
and financial institutions

19
Q

Aviation

A

Serves the aviation industry to prevent fraud, terrorism, service disruptions, and
unsafe operations of air traffic control systems

20
Q

Risk Management

A

Identifies, evaluates, and prioritizes threats and vulnerabilities to
reduce their negative impact

21
Q

Incident Response

A

An organized approach to addressing and managing the aftermath of a security
breach or cyberattack

22
Q

Vulnerability Management

A

The practice of identifying, classifying, prioritizing, remediating, and mitigating
software vulnerabilities

23
Q

Detection and Monitoring

A

The practice of observing activity to identify anomalous patterns for further
analysis