Domain 4: Threat Intelligence and Incident Management
Terms in this set (17)
Individual, group, organization, or government that conducts or has the intent to conduct detrimental activities.
Any observable occurrence in a system or network. Adverse events are events that result in a negative consequence.
A violation, or imminent threat of violation, of computer security policies, acceptable use policies, or standard security practices.
Incident Handling or Response
The process of detecting and analyzing incidents and limiting the incident's effect.
A technical artifact or observable occurrence that suggests an attack is imminent or is currently underway, or that a compromise may have already occurred.
Information Sharing and Analysis Organization (ISAO)
Any entity or collaboration created or employed by public- or private-sector organizations, for purposes of gathering and analyzing critical cyber and related information in order to better understand security problems and interdependencies related to cyber systems, so as to ensure their availability, integrity, and reliability.
A bag or container holding necessary software, hardware, media, and other tools that will aid most anticipated types of adverse events or incidents that an incident handler may require in the conduct of their duties.
Tactics, Techniques, and Procedures (TTPs)
The behavior of an actor. A tactic is the highest-level description of this behavior, whereas techniques give a more detailed description of behavior in the context of a tactic, and procedures an even lower-level, highly detailed description in the context of a technique.
Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, or the nation through an information system via unauthorized access, destruction, disclosure, or modification of information, and/or denial of service.
An individual or a group that attempts to exploit vulnerabilities to cause or force a threat to occur.
Process of formally evaluating the degree of threat to an information system or enterprise and describing the nature of the threat.
An occurrence or situation that has the potential to exploit one or more vulnerabilities to result in undesirable consequences or impact.
Any information related to a threat that might help an organization protect itself against a threat or detect the activities of an actor. Major types of threat information include indicators, TTPs, security alerts, threat intelligence reports, and tool configurations.
Threat information that has been aggregated, transformed, analyzed, interpreted, or enriched to provide the necessary context for decision-making processes.
A set of discrete threat events, associated with a specific threat source or multiple threat sources, partially ordered in time. Synonym for Threat Campaign.
The intent and method targeted at the intentional exploitation of a vulnerability or a situation and method that may accidentally exploit a vulnerability.
A weakness in, misconfiguration of, or lack of necessary protections or safeguards for a system.