Ashley Oliver
Oliver COM Solutions, d/b/a
Oliver COM Solutions, d/b/a
2019 CISSP Candidate
Advanced Persistent Threats (APT)
Patience is a virtue. When applied with skill, vigor, and talent, it
can be a gateway to massive movement. This linear disposition can be applied in
positive and negative ways. One of my favorite Netflix shows, ‘Love, Death
& Robots’ depicts this ideal in one of their episodes where a woman and a
man are at war with their minds. Ultimately, the woman wins. She displays
patience and strength throughout the battle, she almost loses, but in the end
she wins. At the highest level, the skilled attackers who are capable of the
most damage apply this same level of resilience. Advanced Persistent Threats
(APT).
Much larger than Anonymous, APT’s concentrate on the exploitation of one
or more explicit targets. This group of attackers is unlikely to be focused on
hacking into your Facebook account, but rather the President’s Twitter, plus
his cabinet, plus his family, etc. Certified Ethical Hackers, Pen Testers, et
al have to sign an oath because it is our responsibility to learn and think
like Hackers in order to best protect. However, unfortunately there are
negative entities in the world that use their skill/talent for malicious gain.
Threat Modeling
In my opinion, Threat Modeling is the act of identifying the specific
goals of an attacker. Data breach? Stealing information? Taking down a system
or website? Each of these ideas are a result of a separate goal, and Threat
Modeling helps us to identify the goals of the attacker. Threat Modeling is
priority based and categorized pertaining to the asset in question.
Asset Valuation – Focused on
Assets
Based on the actual value of the asset. Once the value is determined,
the data being hosted needs to have its access controls evaluated. Any threats
that attempt to bypass authentication/authorization mechanisms are the focus in
this approach.
Identify Attackers – Focused on
Attackers
This is the simple act of identifying the attacker and pinpointing the
threats they embody.
Software – Focused on Software
Software developers. Most organizations today develop their own
software. The more sophisticated said software is, the more likely potential
threats against the software can exist.
No comments:
Post a Comment