Looks like no one added any tags here yet for you.
cyber security threats
Internal vs external
Level of sophistication/capability
Resources/funding
intent/ motivation
White-hat Hackers
Black-hat hackers
Gray-hat Hackers
authorized, seeking to discover security vulnerabilities
unauthorized, those with malicious intent
unauthorized, those who fall in between but inform target of vulnerabilities
Threat actors (6 different types)
Script kiddies
Hacktivists
Criminal syndicates
Advanced persistent Threats (ATPs)
Insiders
Competitors
Zero Day attacks
conduct their own security vulnerability research that is not known to other attackers or teams, store this info for later use
shadow IT
seek out their own tech solutions that is not approved by the organization
what is a Threat Vector?
Means used by threat actors to gain access
6 examples of Threat vectors
Email and social media- most commonly exploited
Direct Access- through network of physically entering facilities
Wireless Networks
Removable media- USB drives to spread malware to launch attack
Cloud
Third-party risk-interfere with an organizations IT supply chain (when device is in transit)
Threat data and intelligence
activities and resources for CS professionals seeking to learn about changes in threat environment
Predictive analysis
to identify likely risks to the organization
Open-source intelligence (OSINT)
gather intelligence from publicly available sources to commercial services
Closed source/Proprietary intelligence
inside based info gathering, research and use of custom tools (threat feed)
Threat maps
provide a geographic view of threat intelligence
Vulnerability databases
insight into the types of exploits that can be used against an organization
Assessing Threat intelligence
Is the information timely?
Is it accurate?
Is it relevant?
confidence score
summarizing the threat intelligence assessment data
Threat indicator management and exchange
structured Threat information eXpression (STIX)- XML language originally sponsored by the US department of homeland security. Current version: STIX 2.0
Public and Private Information Sharing Centers
ISAC’s) help infrastructure owners and operators share treat info and provide tools and assistance to their members
Script kiddies
those who use hacking techniques but have limited skills
Hacktivists
use of a variety of techniques, skills and resources to achieve a goal
Criminal Syndicates
appear where money is to be made
Advanced persistent Threats (ATPs)
focused on foreign gov or corporations, patient, well funded
insider threat actor
employee, contractor or vendor
Competitor threat actor
use stolen information for the use in its own business advantages