Time
4 hours 8 minutes
Difficulty
Intermediate
CEU/CPE
4

Video Transcription

00:04
So this has another doctor. We can take a quick look at here.
00:07
Special Pub 800-1 28.
00:10
This is the guy for
00:11
configuration management
00:13
of I T Systems, a security focused configuration management.
00:27
So August 2000 eleven's fairly recent
00:33
we could see that
00:35
it gives us an overview of the different phases of doing this kind of work,
00:39
gives an explanation of some of the concepts, and even goes into the different roles and responsibilities that should be involved in consideration management.
00:50
And because we have different levels of effort here, there are some nice high level steps.
00:56
You should have a plan
00:58
so your configuration management is not at Hockett should be a well defined methodology.
01:03
Most organizations will have a weekly meeting to discuss proposed changes and therefore different members of different teams convert up or down whether they think the changes,
01:15
acceptable or not,
01:19
goes into a little bit more detail about implementing changes. Things like having a rollback plan,
01:23
having
01:26
of evidence of testing to make sure that the changes verified before it's down on a production system, for instance,
01:33
keeping track of your changes
01:36
using tools that can that can utilize the scrap
01:40
security can content automation protocol. Lot of tools
01:44
can use this to send security related information back and forth to each other.
01:49
So it's a good document to look into. It's not very long
01:53
and get some great guidance on dealing with configuration. And if this is something that's fairly new to the practitioner,
02:01
so the only eight pages pretty pretty short overall.
02:09
But I will have a look at various.
02:12
This is the evil candidly for event recording an incident sharing,
02:16
and this is an interesting
02:19
a database that's freely available.
02:22
It's a community database,
02:23
and
02:24
it's kind of similar to
02:28
some of the cloud models that are used by a lot of vendors these days,
02:31
where they have a
02:34
AH repositories being hosted by the organization that gather statistics and
02:39
different kinds of data from from all their customers perhaps millions of customers
02:45
in certain cases,
02:46
so that that information can be aggregated and perhaps analyzed to provide better security and better feedback to people that are using the resource.
02:58
So also, it uses a common language to describe the incidents
03:02
sort of similar to scrap it away, because it's a protocol that allows a standard way for different vendors to communicate with each other.
03:10
So let's go ahead. Look at the website,
03:17
so talks a little bit about the community. You can volunteer for this. You can go to the data actually hosted on, Get up
03:25
if you want,
03:27
and you can interact with that data through various ways.
03:30
But what's easiest to demonstrate
03:32
for for this our purposes is to go to the interactive site.
03:38
He's gonna click on this time first,
03:40
so this allows you to explore the data makes,
03:45
and it shows
03:46
incident counts and various parameters of these incident counts
03:52
going all the way back to the year 2000.
03:54
Then we can see that the
03:57
the data has not been updated for the
04:00
the last year.
04:02
Maybe they're still working on that, but
04:05
there's a lot of good information you can drill down into
04:10
to see what kind of what kind of data is happening,
04:14
not happening. But what kind of date is relevant for different types of attacks where they happening and so on?
04:20
You can look at some geographic
04:23
information on this,
04:25
looking
04:26
by different industries, different countries.
04:30
See, there's a large number of health care in public
04:33
finance and so on information technology,
04:40
and you can
04:41
look at each individual country.
04:44
Look, if you want to look at Australia, for instance, we can break that down
04:50
or even will look at the United States
04:55
quite a bit there.
05:00
And you can also select the countries.
05:02
So it's pretty nice interactive tool.
05:06
And we can see
05:08
different aspects of the type of Bridge
05:15
Day disclosure compared with all breaches
05:23
and then some indication about the numbers of records
05:28
like here. We have
05:30
10 billion records
05:31
going, all without tool of some period in 10 2015.
05:35
And if you hover over one of these, you can see the actual
05:39
event. This one's has a lot of records. Let's see what that is.
05:42
Tense and holdings one
05:44
1.2
05:46
1,000,000,000 records. That's quite a few.
05:49
Quite a few.
05:51
So
05:53
these are interesting things to look at. It is, it can provide some correlation
05:58
to other events you're looking at with your within your organization.
06:02
And of course, if you wish you can,
06:05
you can volunteer to be part of the community
06:10
and add to the information database to make it more useful for other people to, uh, get some value.
06:16
I hope you enjoyed the module. See you in the next one. Thank you.

Up Next

Intro to Cyber Threat Intelligence

The CTI course consists of 12 information-packed modules. CTI is a critical function within any organization that involves roles like analysts, methodologies, tools, teams, and policies. From threat analysis to the Cyber Kill Chain, learn it here.

Instructed By

Instructor Profile Image
Dean Pompilio
CEO of SteppingStone Solutions
Instructor