Threat Classification

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
9 hours 57 minutes
Difficulty
Intermediate
CEU/CPE
10
Video Transcription
00:01
Welcome to Lesson 2.2 Threat Classification.
00:06
Okay,
00:07
in this lesson will differentiate between known and unknown threats.
00:10
Identify threat types such as zero day threats and advanced persistent threats.
00:14
Understand the factors that contribute to incident prioritization
00:17
and identify data types
00:21
determining the impact of incidents
00:23
once the incident has occurred or a threat has been identified. It's important to determine the impact of that incident.
00:29
It's also important note when you work for an organization,
00:32
determine the difference between an incident or breach
00:36
purists will say that incidents are many types of events that occur that often lead yield to false positives where breach as an actual
00:45
breach
00:46
that was a result of an incident
00:49
that was specifically targeted to breach your network
00:55
known threats and unknown threats.
00:57
Non threats are easily identifiable by antivirus signatures, i P S I D s or through domain reputation. Blacklists
01:03
unknown threats for those of which no signatures are available because they haven't been identified yet.
01:08
If you're wondering what keeps hackers up at night when, I mean, hackers, I'm talking about the people who practice hacking for living,
01:15
who are not criminals.
01:17
This is the area
01:18
that they're concerned about with the most
01:23
zero day attack or sometimes in the industry are called an O day attack
01:26
is a threat
01:29
vulnerability that exists in a live environment for which no patrick fixes available
01:34
in practice. There may be days that are pre defined by a manufacturer where patches are going to be
01:41
issued
01:42
to customers.
01:44
It's important to make sure
01:46
you schedule the updates of these patches in a responsible way
01:49
to prevent.
01:52
Here's your systems from becoming victims of zero day attacks.
01:57
Advanced persistent trap.
01:59
Advanced
02:00
typically is formal training, significant funding, high degree of coordination,
02:05
persistent is undetected long term and stealthy
02:07
threat compromise systems and data theft
02:15
classification and prioritization factors.
02:17
Understand the scope of impact. Downtime and recovery, data integrity, economic system process criticality and types of data
02:27
are all big factors when it comes to classification and prioritization of your data.
02:32
That's a good several data types
02:35
for example, P. I. Or personally identifiable information.
02:38
If you work in the health system, you may be familiar with personal health information,
02:43
intellectual property or iP
02:45
corporate confidential and payment card information or pC.
02:50
Your industry may also have types of data that aren't quite classified on this list
02:54
that could very well meet the criteria of what needs to be protected.
02:59
Also in practice there maybe workflows where this information flows through that would have to be classified
03:07
to ensure there are no breaches of that. Workflow
03:12
asset criticality,
03:14
maximum, tolerable downtime or MTV
03:15
maximum amount of time in which an outage can be tolerated.
03:19
Mean time to repair mtt. Our average time required to repair a resource or function after an outage.
03:24
Mean time between failures. MTB F
03:27
estimated time a resourceful function before a failure occurs.
03:31
In practice. It's important to make sure
03:34
that you explain these acronyms to
03:38
your business units so they can help you
03:39
prioritize what systems they prefer to be available immediately in the event of a downtime or an event or
03:47
which ones can certainly wait.
03:51
Also,
03:52
it's an opportunity for you
03:53
to explain what the expense would be
03:55
to get systems online. In the event, expectations need to be met.
04:03
Asset criticality
04:05
work recovery time. WRT difference between RTO and MTD
04:10
recovery time objective. Our RTO short time period after an incident within which a resource must be restored to avoid unacceptable consequences.
04:17
Recovery point objective or RTO
04:19
the point in time in which disrupted resource or function must be returned.
04:26
Mhm
04:28
Criticality level chart example,
04:30
here's another example
04:31
reckon. Present to stakeholders
04:33
to explain
04:35
where systems could fall
04:38
when it comes to classifying them based on availability.
04:41
You can see at the bottom. Non essential systems can be stored within 30 days.
04:45
However, at the top, critical systems are most vital to the organization's operations. It must be restored within minutes or hours
04:54
in this lesson.
04:56
Talk about the difference between known and unknown threats, how to identify various data types, how to identify threat types such as zero day attacks,
05:02
zero Day threats and attacks and advanced, persistent threats
05:06
the factors that contribute to incident prioritization.
Up Next