From the course: Cybersecurity Foundations

Analyzing cyber threats and controls

From the course: Cybersecurity Foundations

Analyzing cyber threats and controls

- [Instructor] The cybersecurity risk management program starts with sourcing threat intelligence. Let's have a look at some sources of threat intelligence. A useful catalog of threats can be found at Appendix E to the NIST Special Publication. This catalog provides representative examples of adversarial threat events expressed as tactics, techniques, and procedures, or TTPs, and non-adversarial threat events. Another useful source of TTPs is the Mitre ATT&CK site, which is used in Mitre's Cybersecurity Resiliency Framework. This is a detailed source of information on who the threat actors are and how they carry out their cyber attacks. Many of the threats that have been turned into exploits and are being seen in cyber attacks are listed in the Exploit-DB database. For example, here we see the details of an exploit against the SmartRG Router. There are a number of companies that publish malware analysis reports, such as this one produced by VMRay. These are useful for gaining an insight into the contemporary techniques being used by attackers. There are four possible treatments once an assessment has identified the risk: risk acceptance, where the risk is within the business's appetite, risk avoidance, where it's better to stop doing that line of business than take the risk, risk transfer, where a third party takes the risk, such as insurance to cover the risk should it eventuate, and risk mitigation, where controls are implemented to reduce risk. Risk mitigation, and the protection of business outcomes which they provide means implementing controls in the form of cybersecurity policies, processes, and technical solutions. We'll cover controls shortly.

Contents