CTI100, CTI200
cyber threat intelligence - ANS-what does CTI stand for?
determining the desired end-state and organizing resources and operations to reach that
desired end state. strategy is broad, not specific, and strongly influenced by both the strategist's
goals and values. however, strategy is not static since it must be built in a world of incomplete
information and must be implemented in a constantly changing environment.
ends = ways + means - ANS-strategy
strategy, operational, tactical - ANS-what are the three different levels of planning and
execution?
"boots on ground" or "hands on the keyboard/eyes on glass" this is the execution level of an
organization, where things happen. many people work at this level, employing your business's
fundamental tools and processes. - ANS-where does the tactical perspective impact the
organization?
the operational level of planning and execution is putting together the tools and capabilities
within the organization to achieve clearly defined objectives - ANS-where does the operational
perspective impact the organization?
this level involves the fewest number of people in an organization (think c suite). this is where
the vision of the organization is laid out. a strategy must be built within resource limitations, but
may anticipate incorporating new resources or technology. - ANS-where does the strategic
perspective impact the organization?
needs to be: holistic (consider all players), planned, built upon experience (not just your own
experience, but learn from the mistakes of others), built with the consideration of the threat
(meaning threat must be constantly assessed), and an efficient use of resources. it involves
considerable coordination.
cybersecurity strategy is only a portion of an organizations overall grand strategy - ANS-keys for
strategy
an expression that means something that is isolated in a way that hinders communication and
cooperation with others
a structure that inhibits or prevents cross-organizational communication - ANS-vertical stovepipe
,not all organizations have strong stovepipes. this is more common in larger organizations yet
smaller businesses experience the lack of communication on the tactical levels. such barriers to
communication can exist everywhere, especially when managers attempt to control the flow of
information into and out of their part of the organization. remedying this problem is the task of
the next higher layer within the organization - ANS-what kind of vertical stovepipes usually exist
in an organization?
a rational person making optimal choices based on calculated expected benefits, or profitability
and guided by consistent personal values.
the c suite is expected to be the rational actor in an organization - ANS-what is a rational actor?
data, application, host, network, perimeter - ANS-layered security model
from a device-level (bottom up) perspective instead of centrally controlled (top down)
think: all of the tools that would allow us to have eyes on what is occurring. - ANS-how should
we approach security capabilities?
a Chinese military general from 6th century BC who wrote The Art of War, a text that shows
early examples of operational security principles - ANS-sun tzu
harmony & trust
shape the enemy's perception
understand the enemy's organization and intention
dispersion & concentration
rapidity & fluidity
deception & subversion
shape the adversary's course of action - ANS-areas that sun tzu considers to be important
inside an organization
1. capture your market without destroying it (win all without fighting)
2. striking where they least expect it (avoid strength and attack weakness)
3. maximize the powers of market information (know the enemy, know yourself)
4. move swiftly to overcome your competitors (speed and preparation)
5. employing strategy to master the competition (leverage alliances and shape your opponents)
6. develop your character as a leader to maximize the potential of your employees
(character-based leadership) - ANS-six principles of sun tzu and the art of business
1. social engineering: the human element of threat (thumb drive/email click)
2. IP address and attack route (anomalies and goal of long-term access)
3. fortress warfare (signature based vs active defense)
4. logs and detection: how are threats identified?
5. attribution: do you really know who the adversary is?
,6. cyber-physical: now we can destroy from a distance - ANS-security specific strategy & sun
tzu
while important, these do not make up strategy. but they ARE important things that contribute to
strategy
-management
-leadership
-operational effectiveness
-best practices
-benchmarking - ANS-strategy is NOT
improve attribution, accountability, and response: we will invest in capabilities to support and
improve our ability to attribute cyber-attacks, to allow for rapid response - ANS-NSS strategy for
cyberspace priority actions
every time we elect a new president - ANS-how often does the US develop a new national
security strategy?
-makes hard choices
-can adjust to the reality of: resources, will, interests
-balances risk: not necessarily an even distribution, but balance may mean balanced to meet a
threat or cover a vulnerability
-the ability to prioritize areas when not everything can be balanced - ANS-qualities of a strategic
leader
strategic objectives: 3-5 years
operational objectives: 1-2 years
tactical objectives: 3-12 months - ANS-strategy timeline
-readying the organization for the next decade, not the last
-nature of the future is so unclear that the vision of the strategic leader is crucial
-creating the organizational structure and capability for tomorrow
-turning political and conceptual programs into practical initiatives - ANS-strategic leadership
makeup
, -white papers: logical and based on analytical assessments
-mathematical statements and applied math
-"closed" simulations
-war games (manned simulation)
-field experiments - ANS-operational design modeling for cybersecurity
1. order is emergent rather than predetermined
2. a system's history is irreversible
3. the system's future is often unpredictable - ANS-key principles of complex and adaptive
systems
not really. humans are endlessly able to adapt and overcome problems, including those
designed to prevent them from taking specific actions. in practice, the best approach is to make
an attack on your system so difficult and to convince the attacker that the attempt is not worth
the effort - ANS-is it possible to develop a human-proof strategy?
establishing all the constraints based on the organizational context (or Sun Tzu's 'terrain'). -
ANS-what is at the core of the concept of adaptive planning and systems?
to help guide the decision-making process towards high-level goals. - ANS-why do we need to
identify constraints?
security information and event management (SIEM systems) - ANS-which systems are the focal
point for robust cybersecurity defense?
tools that capture audit trails or logs and perform real-time analysis on them. - ANS-SIEM
systems
capability maturity model integration. a process and behavioral model that helps organizations
streamline process improvement and encourage productive, efficient behaviors that decrease
risks in software, product, and service development - ANS-CMMI
cybersecurity maturity model certification. CMMC compliant means the accreditation body has
certified that your organization meets the cybersecurity practice requirements outline in levels 1,
2, or 3 of the CMMC - ANS-CMMC
enterprise resource planning. systems that manage the daily movement of transactional data for
business, including translating sales orders into production job tickets, tracking those tickets,
then following the finished product through packaging, warehousing, shipping, and more -
ANS-ERP
a mapped-out methodological process. as a process, it documents the risk management and
strategic planning processes in a repeatable way, which leads to better outcomes in line with the
CMMI and CMMC compliance standards. - ANS-operational design
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller topgradesdr. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $7.99. You're not tied to anything after your purchase.