Please enable JavaScript.
Coggle requires JavaScript to display documents.
Day 1: Importance of Security Controls, Security Intelligence, &…
Day 1: Importance of Security Controls, Security Intelligence, & Threat Data
Identify Security Control Types
Security Team
SISO - Chief information security officer
Senior Manager and managers
Technical Managers
Security ...
Senior Security Analyst
responsable for protecting all the digital assets of a company
Secures both online and on-premise infrastructure
Qualitys
Ethical hacking
Incedent response
coputer forensics
Itrusion prevention
Reverse engeineering
security Analyst
SOC - Security Operations Center
facility that houses an information security team
Monitor and analyze activity
responsible for ensuring that potenioal security incedents are cerroctly identifyed analyze defeneded investigated and reported
NIST SP 800-53
security and privacy controls for federal information systems and orgs
AC
Access control
AT
Awarness and ...
Security Contorol Catagories
Technical
all the security solutions like firewalls ACLs ect
Operational
Security training, security guards, things that ar implemented by people
Managerial
Paperwork, policies and prosedures
Control Function types
When dose the control act
Preventitive
eliminates or reduces the likelyhood of an attock
Detective
Identify and record any attemptd or successful intrusion
Corrective
acts to ilimeinate or reduce the impact of an attack
other Types
Physical
allarms gateways locks ect
deterrent
Psychological discoruages an attack
Compensating
servie as a substitute for a principal control
Security interegence
security intelegentce
correlate, analize, and interup to produce insights
collect and process info from internal logs and ponitoring systems
CTI - cyber threat intelegence
Information about ekternal threoat londscape
produced in these 2 formats
tarrative-based analysis and reporting, asembleeded manually
automated data sharing for threat intellegence feeds
Security intelegence cycel
requirements
collection
Analysis
Dissemination
Feedback
threat intelegence sharing
Risk Management
Identifyes, evaluates and prioritizez threats and vulnerabilities to reduce negative impact
vulnaribilitiy management
Detection and monitoring