Threat Vectors (Threat Actors, Intelligence Sources, & Vulnerabilities)

Question 1

Threat Vectors

Answer 1

Direct Physical access (removable media)

Local network access

Remote access (VPN or no VPN)

Wireless, satelite, and cellular

Email, webmail, or messaging

Supply chain

Social Media

Personal or public cloud computing

Question 2

Personal or public cloud computing

Answer 2

Protect those
access keys and other credentials at Amazon Web Services, IBM Cloud, Google Cloud Platform or Microsoft Azure.

Are you using single sign on? And if so, is that single sign on credential using a multifactor authentication, a physical or a software based token on your iPhone?

Question 3

Social Media

Answer 3

How do you allow your organization to use social media and social networking. AUP

Question 4

Supply chain

Answer 4

Security of your vendors and your strategic partners and your large customers are issues to consider

Question 5

Email, webmail, or messaging

Answer 5

Monitoring access of your employees to peer to peer file sharing, cloud storage or Bit Torrents?

Question 6

Wireless, satelite, and cellular

Answer 6

Are you using good wireless security? Are you protecting management frames? Are you avoiding automatic methods for associating with access points? Are you using Enterprise WPA3 as opposed to personal WPA2? Are you using satellite and cellular technologies?

Question 7

Remote access (VPN or no VPN)

Answer 7

Do you use a VPN for your remote access or no VPN or is it situational

Question 8

Local network access

Answer 8

Access to the network operating center, the security operations center, the data center, the server farm, closets, wiring closets, those things

Question 9

Direct Physical access (removable media)

Answer 9

Access to infrastructure devices like switches or routers or firewalls or other appliances