Risky Business
This activity documents the qualitative or quantitative estimate of the potential impact from a threat with respect to identified vulnerabilities.
What is a risk assessment?
This type of malware embeds itself into the core of the computer to evade detection and gain ultimate control and access to the system
What is a rootkit?
This type of attack uses personal and organizational information to target specific individuals through email.
What is spear phishing?
This is usually your best source of information when investigating a potential security incident.
What are system logs?
This is the first phase of incident response
What is preparation?
This Agency is part of of the United States Department of Homeland Security (DHS), and is responsible for cybersecurity and infrastructure protection across all levels of government
What is CISA, or the Cybersecurity and Infrastructure Security Agency?
This integrated framework of policies, processes, and procedures helps organizations align IT with business goals while managing risks and meeting the requirements of industry and government regulations.
What is Governance, Risk, and Compliance (GRC)?
This code is commonly used by threat actors to access and control systems by using an outbound connection from the target system.
What is a reverse shell?
This is the term associated to the risk represented by current or past employees who have knowledge of how the organization works, what and where the most valuable data resides, and the organizaiton's vulnerabilities
What is insider threat?
These systems ingest and analyze log data, generating alerts when predefined rules are triggered or patterns are detected
What are Security Information and Event Management Systems (SIEMs)?
This incident response role leads the incident response for the organization
Who is the Incident Commander?
This Agency is tasked with investigating cyber crimes and collaborates with other agencies on cybersecurity matters
What is the Federal Bureau of Investigation (FBI)?
This group is typically responsible for governance in most enterprises
What is the Board of Directors?
This type of attack involves injecting malicious scripts into web applications to alter content or steal information.
What is cross-site scripting (XSS)?
Coined in 2017, this term refers to the recreation of a person's appearance or voice through the use of artificial intelligence.
What is a Deepfake?
This source of initial incident reporting is often misunderstood or disregarded
Who are end users?
These documents guide the response to specific incident types
What are incident response playbooks?
This Agency is responsible for developing cybersecurity standards and guidelines for government agencies
What is the National Institute of Standards and Technology (NIST)?
This is the NIST Special Publication that contains guidance for evaluating organizational risk.
What is NIST Special Publication 800-30 R1?
Guide for Conducting Risk Assessments
This malware family (malware type) has regained the top spot in malware detections as of Q3 2024
What are information stealers?
Lumma is #1
This tactic uses legitimate tools and processes already present on a victim's system to carry out attacks, making detection more difficult.
What is living off the land?
This term is used to describe actively looking for undetected compromises
Under this plan, personnel perform business processes in an alternate manner until normal operations resume.
What is a business continuity plan (BCP)?
Operated by CISA, this organization provides threat analysis, incident response, and cybersecurity coordination for federal agencies
What is the U.S. Computer Emergency Readiness Team (US-CERT)?
This framwork establishes a common lexicon that describes cybersecurity work and workers regardless of where or for whom the work is performed.
What is the National Cybersecurity Workforce Framework (NICE) - NIST SP 800-181r1
This is is the name given to the malware that was created by the FBI to aid in its investigations
What is Magic Lantern?
(First reported in 2001)
This tactic encapsulates exfiltrated data within other network protocols, such as DNS or ICMP, to bypass security controls and avoid suspicion
What is Protocol Tunneling?
The identification of serious long-term intrusions or breaches most often comes from this source.
What are alerts from third parties, or external sources?
This is the NIST Special Publication that contains recommendations regarding incident response.
What is NIST Special Publication 800-61 (r3)
Incident Response Recommendations and Considerations for Cybersecurity Risk Management?
This organization is responsible for investigating international cybercrime
What is the International Criminal Police Organization (INTERPOL)?