During the process of threat intelligence analysis, John, a threat analyst, successfully extracted an indication of adversary's information, such as Modus operandi, tools, communication channels, and forensics evasion strategies used by adversaries.
Identify the type of threat intelligence analysis is performed by John.
Tactical threat intelligence analysis focuses on the immediate, technical indicators of threats, such as the tactics, techniques, and procedures (TTPs) used by adversaries, their communication channels, the tools and software they utilize, and their strategies for evading forensic analysis. This type of analysis is crucial for operational defenses and is used by security teams to adjust their defenses against current threats. Since John successfully extracted information related to the adversaries' modus operandi, tools, communication channels, and evasion strategies, he is performing tactical threat intelligence analysis. This differs from strategic and operational threat intelligence, which focus on broader trends and specific operations, respectively, and from technical threat intelligence, which deals with technical indicators like malware signatures and IPs. Reference:
'Tactical Cyber Intelligence,' by Cyber Threat Intelligence Network, Inc.
'Intelligence-Driven Incident Response: Outwitting the Adversary,' by Scott J. Roberts and Rebekah Brown
Jian is a member of the security team at Trinity, Inc. He was conducting a real-time assessment of system activities in order to acquire threat intelligence feeds. He acquired feeds from sources like honeynets, P2P monitoring. infrastructure, and application logs.
Which of the following categories of threat intelligence feed was acquired by Jian?
Internal intelligence feeds are derived from data and information collected within an organization's own networks and systems. Jian's activities, such as real-time assessment of system activities and acquiring feeds from honeynets, P2P monitoring, infrastructure, and application logs, fall under the collection of internal intelligence feeds. These feeds are crucial for identifying potential threats and vulnerabilities within the organization and form a fundamental part of a comprehensive threat intelligence program. They contrast with external intelligence feeds, which are sourced from outside the organization and include information on broader cyber threats, trends, and TTPs of threat actors. Reference:
'Building an Intelligence-Led Security Program' by Allan Liska
'Threat Intelligence: Collecting, Analysing, Evaluating' by M-K. Lee, L. Healey, and P. A. Porras
During the process of threat intelligence analysis, John, a threat analyst, successfully extracted an indication of adversary's information, such as Modus operandi, tools, communication channels, and forensics evasion strategies used by adversaries.
Identify the type of threat intelligence analysis is performed by John.
Tactical threat intelligence analysis focuses on the immediate, technical indicators of threats, such as the tactics, techniques, and procedures (TTPs) used by adversaries, their communication channels, the tools and software they utilize, and their strategies for evading forensic analysis. This type of analysis is crucial for operational defenses and is used by security teams to adjust their defenses against current threats. Since John successfully extracted information related to the adversaries' modus operandi, tools, communication channels, and evasion strategies, he is performing tactical threat intelligence analysis. This differs from strategic and operational threat intelligence, which focus on broader trends and specific operations, respectively, and from technical threat intelligence, which deals with technical indicators like malware signatures and IPs. Reference:
'Tactical Cyber Intelligence,' by Cyber Threat Intelligence Network, Inc.
'Intelligence-Driven Incident Response: Outwitting the Adversary,' by Scott J. Roberts and Rebekah Brown
Andrews and Sons Corp. has decided to share threat information among sharing partners. Garry, a threat analyst, working in Andrews and Sons Corp., has asked to follow a trust model necessary to establish trust between sharing partners. In the trust model used by him, the first organization makes use of a body of evidence in a second organization, and the level of trust between two organizations depends on the degree and quality of evidence provided by the first organization.
Which of the following types of trust model is used by Garry to establish the trust?
In the trust model described, where trust between two organizations depends on the degree and quality of evidence provided by the first organization, the model in use is 'Validated Trust.' This model relies on the validation of evidence or credentials presented by one party to another to establish trust. The validation process assesses the credibility, reliability, and relevance of the information shared, forming the basis of the trust relationship between the sharing partners. This approach is common in threat intelligence sharing where the accuracy and reliability of shared information are critical. Reference:
'Building a Cybersecurity Culture,' ISACA
'Trust Models in Information Security,' Journal of Internet Services and Applications
Mr. Bob, a threat analyst, is performing analysis of competing hypotheses (ACH). He has reached to a stage where he is required to apply his analysis skills effectively to reject as many hypotheses and select the best hypotheses from the identified bunch of hypotheses, and this is done with the help of listed evidence. Then, he prepares a matrix where all the screened hypotheses are placed on the top, and the listed evidence for the hypotheses are placed at the bottom.
What stage of ACH is Bob currently in?
In the Analysis of Competing Hypotheses (ACH) process, the stage where Mr. Bob is applying analysis to reject hypotheses and select the most likely one based on listed evidence, followed by preparing a matrix with screened hypotheses and evidence, is known as the 'Refinement' stage. This stage involves refining the list of hypotheses by systematically evaluating the evidence against each hypothesis, leading to the rejection of inconsistent hypotheses and the strengthening of the most plausible ones. The preparation of a matrix helps visualize the relationship between each hypothesis and the available evidence, facilitating a more objective and structured analysis. Reference:
'Psychology of Intelligence Analysis' by Richards J. Heuer, Jr., for the CIA's Center for the Study of Intelligence
'A Tradecraft Primer: Structured Analytic Techniques for Improving Intelligence Analysis' by the CIA
Kerry
14 days agoCortney
29 days agoLai
1 months agoChantay
2 months agoCassi
2 months agoFrederick
3 months agoLai
3 months agoSalena
3 months agoChau
4 months agoAlise
4 months agoLourdes
5 months agoJerry
5 months agoLelia
5 months agoTiera
5 months agoMirta
6 months agoLourdes
6 months agoKenneth
6 months agoGretchen
6 months agoDerrick
6 months agoElvera
7 months agoVince
7 months agoAshley
7 months agoBrock
7 months agoJill
8 months agoRodrigo
8 months agoMerilyn
8 months agoWillow
8 months agoLucy
8 months agoChau
9 months agoBrandon
9 months agoJames
9 months agoMarylou
9 months agoCatrice
9 months agoClorinda
9 months agoLong
10 months agoJettie
10 months agoLatanya
10 months agoMattie
10 months agoJina
1 years ago