9 hours 57 minutes
Welcome to Lesson 2.2 Threat Classification.
in this lesson will differentiate between known and unknown threats.
Identify threat types such as zero day threats and advanced persistent threats.
Understand the factors that contribute to incident prioritization
and identify data types
determining the impact of incidents
once the incident has occurred or a threat has been identified. It's important to determine the impact of that incident.
It's also important note when you work for an organization,
determine the difference between an incident or breach
purists will say that incidents are many types of events that occur that often lead yield to false positives where breach as an actual
that was a result of an incident
that was specifically targeted to breach your network
known threats and unknown threats.
Non threats are easily identifiable by antivirus signatures, i P S I D s or through domain reputation. Blacklists
unknown threats for those of which no signatures are available because they haven't been identified yet.
If you're wondering what keeps hackers up at night when, I mean, hackers, I'm talking about the people who practice hacking for living,
who are not criminals.
This is the area
that they're concerned about with the most
zero day attack or sometimes in the industry are called an O day attack
is a threat
vulnerability that exists in a live environment for which no patrick fixes available
in practice. There may be days that are pre defined by a manufacturer where patches are going to be
It's important to make sure
you schedule the updates of these patches in a responsible way
Here's your systems from becoming victims of zero day attacks.
Advanced persistent trap.
typically is formal training, significant funding, high degree of coordination,
persistent is undetected long term and stealthy
threat compromise systems and data theft
classification and prioritization factors.
Understand the scope of impact. Downtime and recovery, data integrity, economic system process criticality and types of data
are all big factors when it comes to classification and prioritization of your data.
That's a good several data types
for example, P. I. Or personally identifiable information.
If you work in the health system, you may be familiar with personal health information,
intellectual property or iP
corporate confidential and payment card information or pC.
Your industry may also have types of data that aren't quite classified on this list
that could very well meet the criteria of what needs to be protected.
Also in practice there maybe workflows where this information flows through that would have to be classified
to ensure there are no breaches of that. Workflow
maximum, tolerable downtime or MTV
maximum amount of time in which an outage can be tolerated.
Mean time to repair mtt. Our average time required to repair a resource or function after an outage.
Mean time between failures. MTB F
estimated time a resourceful function before a failure occurs.
In practice. It's important to make sure
that you explain these acronyms to
your business units so they can help you
prioritize what systems they prefer to be available immediately in the event of a downtime or an event or
which ones can certainly wait.
it's an opportunity for you
to explain what the expense would be
to get systems online. In the event, expectations need to be met.
work recovery time. WRT difference between RTO and MTD
recovery time objective. Our RTO short time period after an incident within which a resource must be restored to avoid unacceptable consequences.
Recovery point objective or RTO
the point in time in which disrupted resource or function must be returned.
Criticality level chart example,
here's another example
reckon. Present to stakeholders
where systems could fall
when it comes to classifying them based on availability.
You can see at the bottom. Non essential systems can be stored within 30 days.
However, at the top, critical systems are most vital to the organization's operations. It must be restored within minutes or hours
in this lesson.
Talk about the difference between known and unknown threats, how to identify various data types, how to identify threat types such as zero day attacks,
zero Day threats and attacks and advanced, persistent threats
the factors that contribute to incident prioritization.
CompTIA Cybersecurity Analyst (CySA+) CS0-002 Practice Test
The CySA+ practice test helps students prepare for the CompTIA CySA+ CS0-002 certification exam. ...
CompTIA Cybersecurity Analyst (CySA+) CS0-002 Lab
The CompTIA CYSA+ lab bundle helps students hone their hands-on skills for the CySA+ (CS0-002) ...
30 CEU/CPE Hours Available