SANS MGT514 EXAM STUDY GUIDE
Strategic planning (1:8) - -deep analysis and understanding of the state of business and the threats faced by the organization -Value to the organization (1:8) - -develop your objectives based on the organization's vision and mission, stake holder risk appetite and opportunities -Driving engagement (1:8) - -execute on the plan by navigating the internal values and culture, developing a business case to get support and funding, and promoting your activities -Organizational Transformation (1:8) - -as a leader you must strive to lead, motivate, and inspire your team members and colleagues to accomplish their goals of the overall strategic planning process -Security planning - Need (1:11) - -requires an understanding of not only security threats and capabilities but also a deep understanding of the business environment & organizational goals. -Verizon Data Breach Investigations Report (1:14) - -Shows the percentages
of breaches per threat action, i.e. Hacking, malware, social engineering -Understanding the business (1:29) - -1. Understand where you've been 2.Understand business Strategy 3.Understand macro factors that affect business 4.understand and develop relationships with key stakeholders -Business Model (1:41) - -1. describes how you operate 2. generate revenue
and make profit 3. deliver value at a reasonable cost -Vertical Business Model (1:45) - -combines multiple steps in a value chain into one organization e.g. development -> distro -Horizontal Business model (1:45) - -focus on one area of the value chain e.g. Product development -PFF -Porter's Five Forces (1:47) - -Developed by Micheal E Porter in 1979 who was an authority on competitive strategy and economic development. Method used to develop business strategy by understanding where power lies in a business situation -PFF - Power of Customers (1:47) - -Impact Customers have on your business. Force Driven by the # of customers you have, their importance to your business, and cost of switching them from you to another company -PFF - Substitute Products (1:48) - -The ability for your customer to find substitute products or an easier way to do what you do -PFF - Power Of Suppliers (1:48) - -how easy is it for suppliers to influence and drive up your prices. Uniqueness of their products, their strength/control of you -PFF - Threats of new entrants (1:48) - -how easy is it for people to join the market and can they become a threat and compete with your company -PFF - Competitive Rivalry (1:48) - -Look at the competition and their capabilities. If no one can do what you do, e.g. products/services, you will have tremendous strength -Strategic objectives (1:56) - --Based on understanding the business model, strategy and competitive forces
-Very high level and often vague -Strategy Maps (1:56) - -- Links high-level strategic objectives to specific projects, initiatives
-Shows how to turn strategy into tangible outcomes
-highlights gaps in strategy implementation
-helps communicate strategy to entire organization -PEST Analysis (1:65) - -Management tool to identify external forces that impact a particular market, industry, or country. -PEST Analysis - Why (1:66) - -Helps you understand macro trends of external environment in which your company operates, and it provides an understanding of risks associated with market growth or decline and your company's position and potential direction -PEST - P - Political (1:65,69,71) - -Government regulations and legal factors
that affect the business environment and trade market, and they will likely trickle down impact on your company -PEST - E - Economic (1:65,74) - -The overall health of the economy and how these factors influence companies, organizations, and their decisions. -PEST - S - Social (1:65,78) - -Looks at cultural aspects of the market and how they affect the demand for a company's products and/or services; customer needs and determine what incents them to make purchases -PEST - T - Technological (1:65,81) - -How technology can either positively or negatively impact a business and the products and/or services they provide. i.e. technology advancements, life cycle of technologies, technology
innovation -SMS - stakeholder management strategy(1:91) - -Technology deployment could impact not only security, but also the enterprise. All stakeholders and impact need to be identified and managed -SMS - Stakeholder(1:95) - -People or groups with a vested interest in the success of your strategy and who will affect of be affected by your team's work. -SMS - Phase 1(1:98,99) - -Identifying stakeholders - hold a meeting with your team of managers and staff to brainstorm who key stakeholders might be -SIPOC - Stakeholder ID Tool - -SIPOC (Suppliers, Inputs, Processes, Outputs,
& Customers) -SIPOC - Suppliers (1:102,112) - -Those people/groups who provide inputs -SIPOC - Inputs (1:102,111) - -key requirements needed for the process to work. Should represent information/materials the suppliers provide to you. -SIPOC - Processes (1:102,106) - -defined series of activities; -SIPOC - Outputs (1:102,108) - -tangible results of the process steps. -SIPOC - Customers (1:102,110) - -recipients/users of the outputs produced at every step in the process. -SMS - Phase 2 (1:114) - -Understanding Stakeholder motivation -SMS - Phase 2 - Step 1 (1:114) - -Understand stakeholders - meeting with them will help you better understand what motivates them, what they want/need from you, what interests they have in your work. -SMS - Phase 2 - Step 2 (1:114) - -Mapping Power and Interest - three levels of power veto, vote, voice; Three levels of interest - High, medium, low -SMS - Phase 2 - Step 3 (1:114) - -Prioritize Stakeholders - High power/interested people, high power/less interested people, Low power/interested people, Low power/less interested people -SMS - Phase 3 (1:120) - -Manage relationships is critical to the success of every project in every organization, so developing a relationship plan can help you manage your relationships -How to develop an understanding of threats (1:129) - -Understand threat actors - think like your adversaries and understand their motivations, business assets - identify critical business assets, Analyzing threats - Understanding adversary TTP's will help build defense -VERIS (1:132) - -Vocabulary for Event Recording and Incident Sharing - defines a schema and set of metrics to describe security incidents in a structured and repeatable manner. -VERIS Community Database(1:132) - -Free repository of publicly reported security incidents -Verizon DBIR (1:132) - -Verizon Data Breach Investigations Report - standard way to analyze incidents; mapped and recoded incidents from other frameworks -VERIS Threat Actors (1:133) - -External - threats from sources outside the organization; Internal - threats from within organization; Partner - third party business relationships -NotPetya (1:156) - -Variant of Petya ransomware; encrypted Master Boot Record (MBR); not intended to collect ransom; most expensive cyber attack in history causing $10 billion in damages -NotPetya - Attack Tools (1:161) - -EternalBlue - takes advantage of unpatched windows Server Message Block (SMB) that allows remote code execution; MimiKatz - automates collection of secrets on Windows including passwords, certificates, LanMAN hashes; NTLM hashes, Kerberos tickets. -NotPetya - Impact on Maersk (1:164) - -20% reduction in global shipping equaling $300 million loss; Central booking down; Software at shipping terminals; IT infrastructure - 45K PC's, 4k servers, 150 domain controllers had to be rebuilt. -Organizaged Crime (1:169-179) - -Target suffered largest retail attack in US history. After conducting recon, intruders attacked a trusted vendor using
a -Fazio mechanical services (1:173) - -Identified as a Target vendor and exploited via phishing email to an Fazio employee