20. Lesson Recap
Lesson Recap
ND545 C3 L1 A14 Lesson Conclusion
In this lesson we:
- Explained the relationship between threats, threat actors, vulnerabilities, and exploits
- Utilized event context to identify potential threat actor motivations
- Identified security threats applicable to important organizational assets
- Used standard frameworks to assess threats, identify risks, and prioritize assets
Glossary
| Term | Definition |
|---|---|
| Threat | Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, or individuals through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service. Also, the potential for a threat-source to successfully exploit a particular information system vulnerability. |
| Threat assessment | Process of formally evaluating the degree of threat to an information system or enterprise and describing the nature of the threat. |
| Vulnerability | Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source. |
| Exploit | A code, tool, or mechanism that takes advantage of a vulnerability in a system in an attempt to breach security. |
| Attack | Any kind of malicious activity that attempts to collect, disrupt, deny, degrade, or destroy information system resources or the information itself. |
| Controls | A safeguard or countermeasure prescribed for an information system or an organization designed to protect the confidentiality, integrity, and availability of its information and to meet a set of defined security requirements. |
| Risk | The level of impact on organizational operations (including mission, functions, image, or reputation), organizational assets, or individuals resulting from the operation of an information system given the potential impact of a threat and the likelihood of that threat occurring. |
| Denial of Service (DoS) | Attacks that prevent authorized access to resources create delays in access, usually done by sending fake web traffic, for example, to overwhelm the resource. |
| Distributed Denial of Service (DDoS) | A denial of service technique that leverages several hosts to send traffic to the target host and overwhelm the resource. |
| Password Attacks | Also know as password cracking, these attacks are used to recover passwords or authentication credentials. |
| Spoofing | Impersonating a user or device by using a fake IP address to send a message and trick the user into trusting the fake sender. |
| Man in the Middle | Intercepting a connection between two devices off users, and potentially changing the messages being sent. |
| Malware | Software that includes malicious code that is harmful to computer resources. |
| Ransomware | A variant of malware that encrypts the victims data, and threatens to hold the decryption key and data hostage until a payment is made. |
| Zero-day | A flaw in software that is very new. It may refer to the software flaw, or an attack method that has zero days between the date the flaw is discovered and the date of the first attack. |
| Phishing | A technique for attempting to acquire sensitive data, such as bank account numbers, through a fraudulent solicitation in email or on a web site, in which the perpetrator masquerades as a legitimate business or reputable person. |
| Vishing | Phishing executed via voice call. |
| Smishing | Phishing executed via SMS or text message. |
| Spear phishing | A colloquial term that can be used to describe any highly targeted phishing attack. |
| Whaling | A specific kind of phishing that targets high-ranking members of organizations. |
| Cyber criminals | Financially motivated individuals who carry out attacks mainly for monetary reasons. |
| Cyber terrorists | "Individuals or groups who use violent or "virtually" debilitating means to further ideological goals stemming from domestic influences, such as those of a political, religious, social, racial, or environmental nature." Source: (https://www.fbi.gov/investigate/terrorism) |
| Nation-state actors | Attackers who sabotage military or critical infrastructure. Other variations include espionage and cyber warfare. |
| Hacktivists | Groups who carrying out attacks to advance political or social causes. |
| Script kiddies | Curious newbies with minimal cyber skills who are just playing around or launching beginner attacks. |
| Criminal insiders | Individuals who steal from their employers or engage in other unauthorized activities that cause harm. They are usually financially motivated. |
| Oblivious insiders | Naive individuals who fall for social engineering attacks or engage in other unintentional activities that expose the company to risks. |
| Third-party insiders | Individuals who may not work directly for the company but have authorized access as a vendor or partner working with the organization. |
| Disgruntled insiders | Employees who are unhappy with the organization and seek to retaliate often through digital resources and exploitation. |
| Terminated insiders | Individuals who are no longer with the company but steal data as they are leaving or still have access after their separation from the company. |
| Threat Detection | The ability to detect threats proactively or reactively in an environment. |
| Threat Hunting | Proactively combing through networks to find advanced and undetected threats that may bypass typical security controls and detection technology. |
| Threat Actor Discovery | Leverage threat intelligence and other information sources to identify potential threat actors that may impact your business. |
| Threat Intelligence Gathering | Threat information that has been aggregated, transformed, analyzed, interpreted, or enriched to provide the necessary context for decision-making processes. |
| Threat Profiling and Modeling | Analytical insights into trends, technologies, or tactics of an adversarial nature affecting information systems security. |
| Threat Scenario Development | A set of discrete threat events, associated with a specific threat source or multiple threat sources, partially ordered in time. |
As a side note, this course is a foundational course that is meant to help build the knowledge to become job-ready, but you will likely need additional training and/or coursework in order to obtain a job in this field. These foundations will set you up for success going forward and are vital to your success in this field.