Acronyms
Describes the study of threat actor behavior by using Procedures, Tactics, and Techniques
BC
TTPs
(Tactics, Techniques, and Procedures)
Use of IT-related hardware/software by a department/individual without the knowledge of the IT or security group within the organization
ED
Shadow IT
Sore-Loser of our group...lol
KK
KENDRA
Data refers to valuable, confidential information that gives a business a competitive advantage
RX
Trade Secrets
Automatically detected threat in real time in a SIEM system
PN
IoAs (Indicators of Attack)
NIST stands for:
TY
National Institute of Standards and Technology
Aim is financial fraud, blackmail, etc. to extort money from their intended target (i.e. Ransomware)
KM
Organized Crime
Passive tool used to eavesdrop on an organization's data traffic
TU
Wireshark
Info that is too valuable to allow any risk of it's capture. Viewing is severely restricted.
QZ
Critical or Top Secret
SIEM Dashboards review these to identify priorities or potential impacts from events occurring at other companies and all over the internet
XV
CTI (Cyber Threat Intelligence)
What does API stand for
YY
Application Programming Interface
Uses cyber weapons to promote a political agenda
XC
Hacktivist
Type of Intel that is proprietary and only for the members of that specific group
JM
Proprietary/Closed-Source Intelligence
Data stored in memory while processing takes place.
XS
Data In Use
Collecting logs, mapping information about your infrastructure and business processes to those logs. Kinda like an IDS
VB
SIEM (Security Information and Event Management)
KPI stands for
GV
Key Performance Indicator
Recruited by external parties to steal, alter, tamper with, or delete valuable data
UT
Insider
Architecture where everything is verified
GF
Zero Trust Architecture
Data about the health records/charts of individuals
YT
PHI (Protected Health Information)
Allows for centralized collection of events from multiple sources. Messages can be generated by CISCO routers and switches, as well as servers and workstations, and collected in a central database for viewing and analysis
HB
SYSLOG
What does PIFI stand for
HB
Personal Identifiable Financial Information
Goals of this threat actor primarily espionage, strategic advantage, and commercial gains
JC
Nation-State
SYSLOG Severity "5" with the description "Normal but significant conditions"
WP
Notifications
Public accessible information that Pen Testers can use passively when reconning a client's application
HC
OSINT (Open Source Intelligence)
Ingest alert data, and these alerts then trigger playbooks that automate/orchestrate response workflows or tasks. Kinda like and IPS
UL
SOAR (Security Orchestration, Automation, and Response)