Cyber Security Operations

1. Layering
2. Limitation
3. Diversity
4. Obscurity
5. Simplicity

Annotations:

• Documented configuration resources might include the following: Network maps, cabling and wiring diagrams, application configuration specifications.Standard naming conventions used for computers.IP schema to track IP addresses.

1. Generating
   1. Transmitting
      1. Storing
         1. Analyzing
            1. Disposing
2. Application Security Logs
3. Operating System Logs

1. Guards and Escorts
2. Video and Electronic Surveillance
3. RFID and wireless surveillance

1. Categories
   1. Network Scanners
   2. Application Scanners
   3. Web Application Scanners
2. Intrusive and Credential Scans
   1. Intrusive | Non- Intrusive
   2. Credential | Non-Credentials

1. SIEM

   Annotations:

   • The goals of a SIEM system for security monitoring are: Identify internal and external threats. Monitor activity and resource usage. Conduct compliance reporting for audits. Support incident response.
2. SOAR

   Annotations:

   • SOAR has three important capabilities: Threat and vulnerability management. Security incident response. Security operations automation.

1. Eliminating Single Breaking Point
   1. STP(Spanning Tree Protocols)
   2. Router Redundancy
2. Providing Reliable Cross Over
3. Detecting failures when they occurs

1. Standardized Systems
2. Clustering
3. share Components Systems

1. Mirroring
2. Striping
3. Parity

1. Synchronous Replication
2. Asynchronous Replication
3. Point in time Replication

1. Frequency
2. Storage
3. Security
4. Validation

1. Reconnaissance
2. Weponaization
3. Delivery
4. Exploitation
5. Installation
6. Command and Execution
7. Action

1. MITRE ATT&CK
2. Diamond Model of Intrusion Analyze

1. Black Box testing
2. Grey Box Testing
3. White Box Testing

1. Planning
   1. Discovery
      1. Attack
         1. Reporting
      2. Reconnaissance
         1. Active
         2. Passive
   2. Rules