Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
100 views5 pages

Cyber Threat Management Course Material

The document outlines key concepts in Cyber Threat Management, including types of cyber threat intelligence, the Cyber Kill Chain, and incident response phases. It emphasizes the importance of asset and risk management, compliance with cybersecurity standards, and the threat analysis process. The material serves as a comprehensive guide for understanding and addressing cyber threats effectively.

Uploaded by

kazman4top
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
100 views5 pages

Cyber Threat Management Course Material

The document outlines key concepts in Cyber Threat Management, including types of cyber threat intelligence, the Cyber Kill Chain, and incident response phases. It emphasizes the importance of asset and risk management, compliance with cybersecurity standards, and the threat analysis process. The material serves as a comprehensive guide for understanding and addressing cyber threats effectively.

Uploaded by

kazman4top
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

DIGITAL WORLD TECH ACADEMY COURSE MATERIAL

Cyber Threat Management

Insight into Asset, Risk Management, and Compliance

Chapter 1: Understanding Cyber Threat Intelligence

Cyber threat intelligence (CTI) is essential for identifying, mitigating, and preventing cyber
threats. Intelligence sources can be categorized into various types:

Types of Intelligence

Type of
S/N Description Example
Intelligence

Security blogs (KrebsOnSecurity, Hacker


Open Source Publicly available data News), Social media (Twitter, LinkedIn,
1 Intelligence from freely accessible Telegram), Public vulnerability databases
(OSINT) sources. (NVD, CVE, Exploit DB), WHOIS and DNS
records.

Proprietary or
Threat intelligence feeds (CrowdStrike,
Closed Source commercial data
2 FireEye, IBM XForce), SIEM systems,
Intelligence requiring payment or
MSSPs, Internal network logs.
authorization.

Data derived from Indicators of Compromise (IOCs) (IP


Technical
technical monitoring addresses, domains, file hashes), Malware
3 Intelligence
and cyber threat analysis reports, Network traffic logs, EDR
(TECHINT)
analysis. tools.

Human
Intelligence gathered Insider information, Cybersecurity
4 Intelligence
from human sources. conferences, Law enforcement agencies.
(HUMINT)

Threat Platforms that aggregate


Intelligence and analyze threat Anomali ThreatStream, MISP, Recorded
5
Platforms intelligence from Future.
(TIPs) various sources.
Information collected
Dark Web Underground forums, Marketplaces,
6 from underground
Intelligence Hidden services (Tor network).
cybercriminal sources.

Data generated within


Internal Firewall logs, IDS/IPS, Antivirus tools,
7 an organization's IT
Security Data Incident response reports.
environment.
Chapter 2: The Cyber Kill Chain and Incident Response

Cyber Kill Chain

A structured approach to understanding how cyberattacks progress:

1. Reconnaissance – Attackers gather intelligence on the target.

2. Weaponization – Creating malicious payloads.

3. Delivery – Transmitting the weapon (phishing, malware, etc.).

4. Exploitation – Executing the attack.

5. Installation – Implanting malware for persistence.

6. Command & Control (C2) – Establishing remote access.

7. Actions on Objectives – Data exfiltration, destruction, or disruption.

Incident Response Phases

1. Preparation Phase – Develop and implement policies and tools for incident
detection.

2. Detection and Analysis Phase – Identify and analyze potential threats.

3. Containment, Eradication, and Recovery Phase – Mitigate impact, remove


threats, and restore systems.

4. Post-Incident Activity Phase – Evaluate the response and improve future defenses.
Chapter 3: Asset and Risk Management

Ranking Assets

Prioritizing assets is crucial for effective security management. Key considerations include:

1. Business Value – Critical systems and data.

2. Vulnerability Level – Exposure to potential threats.

3. Threat Likelihood – Probability of an attack occurring.

4. Impact of Compromise – Potential damage to business operations.

Risk Management Process

1. Identify Risks – Recognize potential cyber threats.

2. Analyze Risks – Determine the severity and likelihood.

3. Evaluate Risks – Prioritize risks based on impact.

4. Mitigate Risks – Implement security measures.

5. Monitor & Review – Continuously assess and improve security strategies.

Risk Assessment and Analysis

Risk assessment helps in quantifying and prioritizing risks using standard calculations:

• Exposure Factor (EF): The percentage of asset value lost due to an incident.

• Single Loss Expectancy (SLE): The potential financial loss from a single incident.

o Formula: SLE = Asset Value × Exposure Factor

• Annualized Rate of Occurrence (ARO): Estimated frequency of a threat occurring


in a year.

• Annualized Loss Expectancy (ALE): The expected annual financial loss.

o Formula: ALE = SLE × ARO

These calculations help organizations determine necessary security investments and


mitigation strategies.
Chapter 4: Cybersecurity Compliance and Policies

Key Compliance Standards

1. ISO 27001 – International standard for information security management.

2. NIST Cybersecurity Framework – Guidelines for risk management.

3. GDPR – Data protection and privacy regulations in the EU.

4. HIPAA – Healthcare data protection standards.

5. PCI DSS – Payment security standards for financial transactions.

Policy and Plan Elements

• Policy Elements: Defines security rules and expectations.

• Plan Elements: Steps to enforce security policies effectively.

Chapter 5: Cyber Threat Analysis and Reporting

Threat Analysis Process

1. Collect Data – Gather intelligence from various sources.

2. Examine – Analyze collected data for relevant threats.

3. Analyze – Identify patterns, vulnerabilities, and potential attacks.

4. Report – Document findings and provide recommendations.

Threat Landscape Components

• Adversary: Attackers and their motives.

• Capability: Tools and techniques used in attacks.

• Infrastructure: Systems and networks targeted.

• Victim: Individuals or organizations affected.

You might also like