Threat Intelligence Flashcards

(35 cards)

1
Q

What is a Security Intelligence ?

A

The process where data is generated and is then collected, processed, analyzed, and disseminated to provide insights into the security status of
information systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is Cyber Threat Intelligence ?

A

Investigation, collection, analysis, and dissemination of information about emerging threats and threat sources to provide data about the external threat landscape.

2 forms of cyber threat intelligence:
● Narrative Reports
● Data Feeds
In cyber security u use both!

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are Narrative Reports ?

A

Are detailed and analytical documents that describe cybersecurity incidents, findings, or investigations in a structured and comprehensible manner.

Used in Cyber Threat Intelligence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is Data Feeds?

A

continuous, structured data that provide real-time or periodically updated information.

Used in Cyber Threat Intelligence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Tell me about Intelligence Cycle

A

5 steps, like a wheel:
1. Requirements (Planning & Direction)
2. Collection (& Processing)
3. Analysis
4. Dissemination
5. Feedback

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Tell me about stage 1 of Intelligence Cycle

A
  1. Requirements (Planning & Direction)
    * Sets out the goals for the intelligence gathering effort
    *What do we want to measure and collect?
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Tell me about stage 2 of Intelligence Cycle

A
  1. Collection (& Processing)
    • Implemented by software tools to gather data which is
      then processed for later analysis
    • The processing part is where we will convert all the
      data into a standard format
    • Factors Used to Evaluate Sources: Timeliness,
      Relevancy, Accuracy and Confidence Level.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Tell me about stage 3 of Intelligence Cycle

A
  1. Analysis
    • Performed against the given use cases from the
      planning phase and may utilize automated analysis,
      AI, and machine learning
    • Sort into three categories: Known good, known bad
      and not sure- it is the not sure we should investigate
      further
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Tell me about stage 4 of Intelligence Cycle

A
  1. Dissemination
    • Publishes information produced by analysts to
      consumers who need to act on the insights developed
      Strategic, Operational and Tactical
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Tell me about stage 5 of Intelligence Cycle

A
  1. Feedback
    • Aims to clarify requirements and improve the
      collection, analysis, and dissemination of information
      by reviewing current inputs and outputs: Lessons
      learned, Measurable success and Evolving threat
      issues
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

To what part of the Intelligence cycle dose Timeliness,
Relevancy, Accuracy and Confidence Level belongs?

A
  1. Collection (& Processing)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What dose Timeliness means and where dose it belong?

A

Ensures an intelligence source is up-to-date

Belongs to the Intelligence cycle - step 2, Collection (& Processing)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What dose Relevancy means and where dose it belong?

A

Ensures an intelligence source matches its intended use case.

Belongs to the Intelligence cycle - step 2, Collection (& Processing)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What dose Accuracy means and where dose it belong?

A

Ensures an intelligence source produces effective results.

Belongs to the Intelligence cycle - step 2, Collection (& Processing)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What dose Confidence Level means and where dose it belong?

A

Ensures an intelligence source produces qualified statements about reliability.

Belongs to the Intelligence cycle - step 2, Collection (& Processing)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Tell me about Evaluation of Source Reliability

A

A table to evaluate the Reliability of the source.
A - F
(A - the source is reliable, F - the source is not confirmed and is NOT reliable)

17
Q

Tell me about Evaluation of Information Content

A

A table to evaluate the Information Content
1 - 6
(1- The most reliable information , 6 - is not reliable at all )

18
Q

What are the general sources of information?

A
  1. Proprietary
  2. Closed-Source
  3. Open-Source
19
Q

Tell me about Proprietary information

A

Threat intelligence is very widely provided as a commercial service offering, where access to updates and research is subject to a subscription fee

20
Q

Tell me about Closed-Source information

A

Data derived from the provider’s own research and analysis efforts, such as data from honeynets that they operate, plus information mined from its customers’ systems, suitably anonymized.

21
Q

Tell me about Open-Source information

A

Data that’s available without subscription, which may include threat feeds, reputation lists, and malware signature databases.

Different sources of open-source intelligence:
US-CERT, UK’s NCSC, AT&T Security (OTX), MISP, VirusTotal, Spamhaus and SANS ISC Suspicious Domains.

Open-Source Intelligence (OSINT)- A method of obtaining information about a person or organization through public records, websites, and social media

22
Q

What kind of information is OSINT ?

A

Open-Source Intelligence

23
Q

What is the Information Sharing and Analysis Center (ISAC)?

A

A not-for-profit group set up to share sector-specific threat intelligence and security best practices amongst its members. like Cyber Security Information Sharing Partnership (CISP) in the UK.

exist in many areas including: Critical Infrastructure, Government, Healthcare , Financial and Aviation (like terror events ).

24
Q

What is a Critical Infrastructure?

A

Any physical or virtual infrastructure that is considered so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination of these.

there are 16 of those.

25
What dose Risk Management do?
Identifies, evaluates, and prioritizes threats and vulnerabilities to reduce their negative impact.
26
In the intelligence cycle, where do we put Risk Management ?
4. Dissemination To share other people about a weakness we found. Risk management-Identifies, evaluates, and prioritizes threats and vulnerabilities to reduce their negative impact.
27
What is Vulnerability Management? and where in the intelligence cycle do we put it?
4. Dissemination To share other people about a weakness we found. Vulnerability Management- The practice of identifying, classifying, prioritizing, remediating, and mitigating software vulnerabilities
28
Quiz: Which of the following factors evaluates a source to ensure it matches the use case?
Relevancy Relevancy ensures that a source matches its intended use case. Wrong answers: * Timelines ensures an intelligence source is up-to-date. * Accuracy ensures an intelligence source produces effective results. * Confidence Level ensures an intelligence source produces qualified statements about reliability.
29
Quiz: In which phase of the security intelligence cycle is input collected from intelligence producers and consumers to improve the implementation of intelligence requirements?
Feedback The final phase of the security intelligence cycle is feedback and review, which utilizes the input of both intelligence producers and intelligence consumers. The goal of this phase is to improve the implementation of the requirements, collection, analysis, and dissemination phases as the life cycle is developed. Wrong answers: * Collection - pay attention to the q!
30
Quiz: Which level of intelligence is directly used by Security Operations Center (SOC) staff to make real-time decisions in response to system alerts?
Tactical Tactical intelligence refers to the immediate, actionable information necessary for frontline staff, such as SOC analysts, to make decisions about real-time security threats and alerts.
31
What is a Tactical intelligence?
Tactical intelligence refers to the immediate, actionable information necessary for frontline staff, such as SOC analysts, to make decisions about real-time security threats and alerts.
32
What is Operational intelligence?
Operational intelligence Focuses on the ongoing activities and procedures involved in maintaining security, typically used for routine tasks and immediate responses. like what soc using -the program SIEM
33
What is Strategic intelligence?
Strategic intelligence Involves long-term planning and decision-making at the organizational level, addressing overall security posture and resource allocation. like a bullate list
34
What is Analytical intelligence?
Analytical intelligence Relates to the detailed analysis of large data sets to identify patterns, trends, and underlying causes of security issues, supporting informed decision-making for future actions.
35
What is the job of Security engineering?
Security engineering involves **designing, implementing, and maintaining security measures** within systems and networks to protect against threats and vulnerabilities. It encompasses principles, practices, and tools used to build secure infrastructure and applications. Relevance to Threat Intelligence Sharing: Threat intelligence sharing relies on understanding vulnerabilities and attack vectors. Security engineering ensures the systems are resilient enough to incorporate threat intelligence inputs.