1.) Information security and cyber security tasks can be classified as 5 functions: Identify - refers to developing security policies and capabilities. Evaluate risks, threats, and vulnerabilities and recommend security controls to mitigate them Protect - refers to procure/develop, install, operate, and decommission IT hardware and software assets with security as an embedded requirement of every stage of this operations life cycle Detect - refers to performing ongoing, proactive monitoring to ensure that controls are effective and capable of protecting against new types of threats Respond - refers to identify, analyze, contain, and eradicate threats to systems and data security Recover - refers to implementing cybersecurity resilience to restore systems and data if other controls are unable to prevent attacks ----------------> IPDRR 2.) The SANS Incident Response Framework consists of 6 steps Preparation - Identification - Containment - Eradication Recovery Lessoned Learned ----------------> PICERL 3. CyberKill Chain Analysis is divided into 7 stages Reconnaissance - harvesting email addresses (active or passive) Weaponization - Coupling exploit with backdoor into deliverable payload Delivery - propogates via e-mail, usb, web etc. Exploitation - Exploit vulnerabilitiy Installation - Installing malware Command and Control (C2) - remote access to manipulate victim's device Actions on Objectives - accomplish their original goals ----------------> RWDEICA 4. Security Controls can be divided into 3 broad categories: Technical (logical controls) - control that is implemented as a system (hardware, software, or firmware). > For example, firewalls, antivirus software, and OS access control models are technical controls. Operational (by people) -control that is implemented primarily by people rather than systems > For example, security guards and training programs are operational controls rather than technical controls Managerial (oversight) - the control gives oversight of the information system. > For examples could include risk identification or a tool allowing the evaluation and selection of other security controls. ----------------> TOM IT JOBS > Information Systems Security Officer (ISSO) - organizational role has technical responsibilities for implementation of security policies, frameworks, and controls? > Chief Information Security Officer (CISO) - typically is the job title of the person with overall responsibility for information assurance and systems security. > Security Operation Center - the location where security professionals monitor and protect critical information assets in an organization > Development and operations (DevOps) - The combination of software development and systems operations, and refers to the practice of integrating one discipline with the other > DevSecOps embeds the security function within these teams as well. Development and operations (DevOps) - a cultural shift within an organization to encourage much more collaboration between developers and system administrators > cyber incident response team (CIRT)/computer security incident response team (CSIRT)/computer emergency response team (CERT) - team is charged with the responsibility for incident response > CIA Triad (AIC)-- Confidentially, Integrity, Availability (and Non-repudiation).