Please enable JavaScript.
Coggle requires JavaScript to display documents.
Chapter 8: Identifying and Analyzing Threats, Vulnerabilities, and…
Chapter 8: Identifying and Analyzing Threats, Vulnerabilities, and Exploits
Threat Assessments
Techniques for Identifying Threats
Reviewing Historical Data
Similar Organizations
Local Area
Organization
Performing Threat Modeling
Analogy and Comparison with Similar Situations and Activities
Vulnerability Assessments
External Assessments
Internal Assessments
Review of Documentation
Incidents
Outage Reports
Assessment Reports
Additional Review
Audit Trails
Intrusion Detection and Prevention System Outputs
System Logs
Vulnerability Scans and Other Assessment Tools
Scanning Systems and Network
Providing Metrics
Identifying Vulnerabilities
Documenting Results
Audits and Personal Interviews
Process & Output Analysis
System Testing
Functionality Testing
Access Controls Testing
Penetration Testing
Transaction and Application Testing
Best Practices
Ensuring Scanners are kept up to date
Performing internal and external checks
Identifying Assets First
Documenting the results
Providing reports
Exploit Assessments
Identifying Exploits
Check 7 domains
MAC Flood Attack
Social Engineering
TCP SYN Flood Attack
Mitigating Exploits with a Gap Analysis and Remediation Plan
Implementing Configuration or Change Management
Verifying and Validating the Exploit Has Been Mitigated
Best Practices
Identifying as many exploits as possible
Using a gap analysis for regulatory compliance
Getting permission first
Verifying that exploits have been mitigated