Understand basic risk elements
Risk is the likelihood that a threat can exploit a vulnerability and cause damage to assets.
Asset valuation identifies the value of assets
Threat modeling identifies threats against these assets
Vulnerability analysis identifies weaknesses in an organization’s valuable assets.
Access aggregation is a type of attack that combines, or aggregates, nonsensitive information to learn sensitive information that is used in reconnaissance attacks.
Brute vs dictionary attacks.
brute force uses keyboard combinations, dictionary uses a list.
Password policies ensure users make complex passwords, which make password crackers less successful.
Increase strength by adding one of the factors (see authentication factors here).
Spoofing is pretending to be someone or something else. Spoofing attacks can include email, phone, IP.
A packet capturing program reads and stores data that is sent over a network medium in cleartext.
Convince someone to do something they wouldn’t normally do, usually by pretending to be someone else and asking for help.
Trying to get a user to give up personal information, spear phishing targets specific groups of users and whaling targets high-level executives. Vishing uses VoIP.
Security Logs, System Logs, Application Logs, Firewall Logs, Proxy Logs and Change Management Logs. Logs should be protected and should be read only.
Basically, monitoring is a form of auditing that focuses on active review of log file data. It holds subjects accountable for their actions, and detects abnormal or malicious activities. IDSs and SIEMs automate monitoring and provide real-time analysis of events.
Accountability is maintained by auditing subjects. This promotes good user behavior and compliance.
Records created by recording information about events and occurrences into logs are used to reconstruct an event.
Sampling or data extraction, is extracting elements from a large body of data to construct a meaningful representation or summary of the whole. Statistical sampling uses precise mathematical functions to extract meaningful information from a large volume of data.
Clipping is a form of nonstatistical sampling that only records events that exceed a threshold. e.g. bad login attempts over 10 times.