BIE-UKB Lecture 02 Recall: Risc Management

• Cyber Threat
  • Any event with the potential to adversely impact organizational operations (process) assets, or individuals through
  • Act aimed to steal or damage data, get (financial) gain or other advantage, or disrupt digital life in general
  • Examples:
    • Cyber attacks with the goal of getting access to sensitive data
    • Cyber attacks with the goal of destructing data
    • All kinds of malware
    • Denial of Services
    • Phishing
    • Ransomware
  • Risk Management
    • process of identifying, assessing, and controlling threats
  • Risk Analysis
    • (internal) methodology used for risk valuation, and prioritization

BIE-UKB Lecture 03 Notes: Threat Intelligence, Cyber Crime and its Economy

Terms

• Intrusion Detection System (IDS)
  • NIDS - Network IDS
  • HIDS - Host IDS
• Intrusion Protection System (IPS)
  • NIPS - Network IPS
  • HIPS - Host IPS
• Data Execution Prevention (DEP)
• Tactics, Techniques, and Procedures (TTP)
  • behavioral analysis

Threat Intelligence

• Sliding Scale of CyberSecurity
  • model of categories of actions and investments that contribute to cyber security
  • cost vs. trade-off
• Types of the Threat Intelligence
  • strategic
  • tactical
  • operational
• Intelligence provides insight based on analysis
• Threat Intelligence is a specific type of intelligence that seeks to give defenders knowledge of the adversary, their actions within the defender's environment, and their capabilities as well as their tactics, techniques, and procedures
• Threat Intelligence is data containing detailed knowledge about the cybersecurity threats targeting an organization (def. by IBM)
• What is it?
  • NOT raw data, but a structured result of analysis
  • Organization-specific
  • Detailed and contextual
  • Actionable
    • actionable knowledge
  • Risk Analysis Input
• Security Intelligence
  • superset - integral analysis

Vulnerability Modeling

• Cyber Kill Chain
  • Aim is to identify an attack in each step and break the chain
• Diamond Model
• The Unified Kill Chain
  • Kill Chain (Lockheed Martin), is perimeter- and malware-focused
  • fails to cover other attack vectors and attacks that occur behind the organizational perimeter
  • Unified Kill Chain offers significant improvements over these scope limitations of the original model

Cyber Crime

• Hacker
  • Dennis MacAlistair Ritchie & Brian Wilson Kernighan & Ken Thompson
  • Richard Stallman
  • Linus Torvalds
• Cracker
• Ethical Hacker
  • penetration tests (pen test)
• criminal activity that involves a computer, networked device or a network
• FBI's Internet Crime Complaint Center (IC3): defines cybercrime as those Internet crimes perpetrated against individuals, regardless of whether the individuals were victimized (e.g., receiving a phishing email would apparently be counted in the statistics)

Advanced Persistent Threat (APT)

• Advanced, sophisticated and sustained
• Persistent, establishing an undetected presence
• Threat, having capability and malicious intent