Understand basic risk elements
Risk is the likelihood that a threat can exploit a vulnerability and cause damage to assets.
Asset valuation identifies the value of assets
Threat modeling identifies threats against these assets
Vulnerability analysis identifies weaknesses in an organization’s valuable assets.
Access aggregation is a type of attack that combines, or aggregates, nonsensitive information to learn sensitive information that is used in reconnaissance attacks.
Brute vs dictionary attacks.
brute force uses keyboard combinations, dictionary uses a list.
Strong Passwords
Password policies ensure users make complex passwords, which make password crackers less successful.
Increase strength by adding one of the factors (see authentication factors here).
Spoofing
Spoofing is pretending to be someone or something else. Spoofing attacks can include email, phone, IP.
Sniffing
A packet capturing program reads and stores data that is sent over a network medium in cleartext.
Social Engineering
Convince someone to do something they wouldn’t normally do, usually by pretending to be someone else and asking for help.
Phishing
Trying to get a user to give up personal information, spear phishing targets specific groups of users and whaling targets high-level executives. Vishing uses VoIP.
Log Types
Security Logs, System Logs, Application Logs, Firewall Logs, Proxy Logs and Change Management Logs. Logs should be protected and should be read only.
Monitoring
Basically, monitoring is a form of auditing that focuses on active review of log file data. It holds subjects accountable for their actions, and detects abnormal or malicious activities. IDSs and SIEMs automate monitoring and provide real-time analysis of events.
Accountability
Accountability is maintained by auditing subjects. This promotes good user behavior and compliance.
Audit trails
Records created by recording information about events and occurrences into logs are used to reconstruct an event.
Sampling
Sampling or data extraction, is extracting elements from a large body of data to construct a meaningful representation or summary of the whole. Statistical sampling uses precise mathematical functions to extract meaningful information from a large volume of data.
Clipping is a form of nonstatistical sampling that only records events that exceed a threshold. e.g. bad login attempts over 10 times.