1.2 Given a scenario, utilise threat intelligence to support organisational security

• Attack frameworks:

• MITRE ATT&CK: tactics & techniques in developing threat models and methodologies

• The Diamond Model of Intrusion Analysis: intelligence on network intrusion events using 4 elements (adversary, capability, infrastructure, victim)

• Kill chain: visibility into attack; reconnaissance -> weaponisation -> delivery -> exploitation -> installation -> C2 -> actions on objectives

• Threat research:

  • Reputational: detects threats with IP/domain/file reputations

  • Behavioural: detects unknown threats based on their behaviour

  • IOC: forensic data that identify potentially malicious activity on systems/networks

  • CVSS: measure severity of security flaws (AV, AC, Au, C, I, A)

• Threat modelling methodologies:

  • Adversary capability: adversarial toolsets/skillsets/evasion techniques

  • Total attack surface: total of all different attack vectors an attacker can exploit

  • Attack vector: describes how an attack can exploit the vulnerability

  • Impact: magnitude of adverse impact on organisation

  • Likelihood: likelihood that threat source will initiate risk & likelihood that the risk has adverse effects on the organisation

• Threat intelligence sharing with supported functions

  • Incident response: detect threats quicker, less disruptively prevent attacks, respond quicker to adversaries

  • Vulnerability management: provides context by identifying exploits and adding to vulnerabilities list

  • Risk management: rapidly receive and use actionable data about latest threats

  • Security engineering: adapt to emerging threats

  • Detection and monitoring: update signature database, monitor/detect new threats