Event Logging & Operating Systems
Digital records created by operating systems and applications that document system activities and security-related events.
What are Event Logs?
Potential loss of systems' or data's confidentiality, integrity, or availability.
What is Risk?
Information about threat actors after analysis, processing, and interpretation.
What is Threat Intelligence?
The maximum acceptable downtime for a system or business process.
What is RTO (Recovery Time Objective)?
The NIST phase where you build an incident response team and gather tools and resources.
What is Preparation?
The default event logging system for the Microsoft Windows operating system.
What is Microsoft Event Viewer?
An exploitable weakness in a system.
What is a Vulnerability?
A database with a unique identifier for each vulnerability in the format CVE-YYYY-######.
What is CVE (Common Vulnerabilities & Exposures)?
The maximum acceptable data loss measured in time.
What is RPO (Recovery Point Objective)?
The NIST phase where you disconnect systems to contain damage and patch vulnerabilities.
What is Containment, Eradication & Recovery?
What controls the interface between applications and hardware?
What is an Operating System?
Misconfigurations, missing controls, and exploitable bugs in hardware or software.
What is a Technical vulnerability?
A severity score ranging from 0-10 that rates the severity of a vulnerability.
What is CVSS (Common Vulnerability Scoring System)?
An alternate site that is fully operational and ready for immediate failover.
What is a Hot Site?
A document that tracks evidence from collection to court, including who collected it and how it was stored.
What is Chain of Custody?
A type of operating system that requires text-based commands to interact with the computer.
What is a CLI (Command Line Interface)?
Lack of awareness training, absent or unenforced policies, and insufficient auditing are examples of this type of vulnerability.
What is an Administrative vulnerability?
A machine-readable format using JSON that represents threat intelligence and contains Domain Objects and Relationship Objects.
What is STIX (Structured Threat Information Expression)?
A backup strategy that keeps three copies of data on two different types of media with one copy stored off-site.
Hint: The diagram for it is shaped like a tiered triangle.
What is the 3-2-1 Rule?
A seven-phase attack framework consisting of Reconnaissance, Weaponization, Delivery, Exploitation, Installation, Command & Control, and Actions on Objectives
What is the Cyber Kill Chain?
The OS function that controls who has access to what on a system and helps keep data secure.
What is Access Control/Protection?
The six-phase continuous process for identifying, assessing, and fixing vulnerabilities in systems.
What is the Vulnerability Management Lifecycle?
A four-component framework consisting of Adversary, Capability, Infrastructure, and Victim used to analyze cyberattacks.
What is the Diamond Model?
Detailed procedures for responding to specific disasters, including failover procedures and backup requirements.
What is a Disaster Recovery Plan (DRP)?
The process of creating bit-perfect copies of evidence using read-only mode and hashing to verify integrity.
What is Forensic Imaging?