Other Information Flashcards
Digital Forensics Lifecycle (4 parts)
(NIST) Evidence Collection, Evidence Examination, Evidence Analysis, Investigations Reporting
Incident Response basic phases (6)
Analysis, Response, Containment, Eradication, Recovery, Postmortem
SIEM Process/Functions (4)
Collect, Aggregate, Correlate, Analyze
Start of Threat Management
Identify and Understanding threats with the greatest likelihood of occurrence
Threat Management Model (4)
Threats, Vulnerabilities, Remediation, Attack Surface
Vulnerability Management Approaches (3)
Patch Management, Vulnerability Assessment, Penetration Testing
What is ISAC
Information Sharing and Analysis Center Presidential Executive Directive in 1998, 25 covering all industry sectors
What is the P6 Maturity Model
People, Policies, Procedures, Process, Products, Proof
What are the 4 boxes of Pen test
Environment Knowledge based - Black (know nothing), Grey (Know little), White (Knowledge substantial), Crowd Source (multiple testers, professional hackers)
Incident Response/Management Response vs Threat Hunting
Threat Hunting is proactive, Incident/Management Response is Reactive
Three types of Threat Hunting
Exploratory, Structured, Guided
4 phases of Threat Hunting
Create Hypothesis, Investigate via Tools and Techniques , Uncover New Patterns & TTPs, Inform and Enrich Analytics
What is Triple A (AAA)
Authorization, Authentication, and Auditing
CRUD Security Matrix
Privilege use for performing Create, Read, Update, Delete
2 behavior Management Techniques
Separation of Duties, Banners
