4 hours 8 minutes
So this has another doctor. We can take a quick look at here.
Special Pub 800-1 28.
This is the guy for
of I T Systems, a security focused configuration management.
So August 2000 eleven's fairly recent
we could see that
it gives us an overview of the different phases of doing this kind of work,
gives an explanation of some of the concepts, and even goes into the different roles and responsibilities that should be involved in consideration management.
And because we have different levels of effort here, there are some nice high level steps.
You should have a plan
so your configuration management is not at Hockett should be a well defined methodology.
Most organizations will have a weekly meeting to discuss proposed changes and therefore different members of different teams convert up or down whether they think the changes,
acceptable or not,
goes into a little bit more detail about implementing changes. Things like having a rollback plan,
of evidence of testing to make sure that the changes verified before it's down on a production system, for instance,
keeping track of your changes
using tools that can that can utilize the scrap
security can content automation protocol. Lot of tools
can use this to send security related information back and forth to each other.
So it's a good document to look into. It's not very long
and get some great guidance on dealing with configuration. And if this is something that's fairly new to the practitioner,
so the only eight pages pretty pretty short overall.
But I will have a look at various.
This is the evil candidly for event recording an incident sharing,
and this is an interesting
a database that's freely available.
It's a community database,
it's kind of similar to
some of the cloud models that are used by a lot of vendors these days,
where they have a
AH repositories being hosted by the organization that gather statistics and
different kinds of data from from all their customers perhaps millions of customers
in certain cases,
so that that information can be aggregated and perhaps analyzed to provide better security and better feedback to people that are using the resource.
So also, it uses a common language to describe the incidents
sort of similar to scrap it away, because it's a protocol that allows a standard way for different vendors to communicate with each other.
So let's go ahead. Look at the website,
so talks a little bit about the community. You can volunteer for this. You can go to the data actually hosted on, Get up
if you want,
and you can interact with that data through various ways.
But what's easiest to demonstrate
for for this our purposes is to go to the interactive site.
He's gonna click on this time first,
so this allows you to explore the data makes,
and it shows
incident counts and various parameters of these incident counts
going all the way back to the year 2000.
Then we can see that the
the data has not been updated for the
the last year.
Maybe they're still working on that, but
there's a lot of good information you can drill down into
to see what kind of what kind of data is happening,
not happening. But what kind of date is relevant for different types of attacks where they happening and so on?
You can look at some geographic
information on this,
by different industries, different countries.
See, there's a large number of health care in public
finance and so on information technology,
and you can
look at each individual country.
Look, if you want to look at Australia, for instance, we can break that down
or even will look at the United States
quite a bit there.
And you can also select the countries.
So it's pretty nice interactive tool.
And we can see
different aspects of the type of Bridge
Day disclosure compared with all breaches
and then some indication about the numbers of records
like here. We have
10 billion records
going, all without tool of some period in 10 2015.
And if you hover over one of these, you can see the actual
event. This one's has a lot of records. Let's see what that is.
Tense and holdings one
1,000,000,000 records. That's quite a few.
Quite a few.
these are interesting things to look at. It is, it can provide some correlation
to other events you're looking at with your within your organization.
And of course, if you wish you can,
you can volunteer to be part of the community
and add to the information database to make it more useful for other people to, uh, get some value.
I hope you enjoyed the module. See you in the next one. Thank you.
Intro to Cyber Threat Intelligence
The CTI course consists of 12 information-packed modules. CTI is a critical function within any organization that involves roles like analysts, methodologies, tools, teams, and policies. From threat analysis to the Cyber Kill Chain, learn it here.