Privacy is the right to control how your information is viewed and used, while security is protection against threats or danger. In the digital world, security generally refers to the unauthorized access of data, often involving protection against hackers or cyber criminals.Apr

1. Click Here
CYB205-1
Evolving Threat Landscapes
Lec. 01

2. COURSE LEARNING OUTCOMES
 Describe the evolving cybersecurity threat landscape.
 Explain cybersecurity mitigation and defense
strategies.
 Discuss modern-day cybersecurity trends.
 Define cyber security policy, enforcement and
compliance.
 Define Artificial Intelligence (AI).

3. COURSE EVALUATION
 Discussion Forums & Debate: 30%
 Individual Assignment: 15%
 Group Project (Case Study): 25%
 Final quiz/exam: 30%

4. Threat, Vulnerability, and Risk
Threat Actor
Threat intelligence types
Threat Intelligence Feeds
Threat intelligence sources
Traffic Light Protocol (TLP)
Agenda

5. Threat, Vulnerability, and Risk
Threat
Any circumstance or event with the potential to adversely impact
organizational operations, assets, or individuals.
Vulnerability
Weakness in an information system, system security procedures,
internal controls, or implementation that could be exploited or
triggered.
Risk
A measure of the extent to which an entity is threatened by a potential
circumstance or event.

8. Threat intelligence types
Strategic
High level info
on changing
risks
Tactical
Attacker Tools
Tactics,
Procedures
Operational
Incoming
attacks against
company or
industry
Technical
Indicators of
Compromise
High level Low level
Low Time-to-Live
High Time-to-Live

9. • What?
• Threat intelligence is information about threats
and threat actors that helps mitigate harmful
events in cyberspace.
• Why?
• Help organizations to understand the threats that
have, will, or are currently targeting the
organization.
• How?
• Open-source intelligence
• Commercial intelligence
Threat Intelligence Feeds

10. OSINT
Open Source Intelligence
• Derived from open sources (e.g. mainstream media, Internet forums, paste sites, etc.
• Pros: good for ‘context’ and ‘big picture’
• Cons: multiple languages, interpretation, noise
TECHINT
Technical Intelligence
• Technical indicators (e.g. IP addresses, hashes, domains, tools & techniques)
• Pros: easy to consume and drive automation
• Cons: difficult to ‘contextualize’
SIGINT
Signals Intelligence
• Derived from analysis of communications, often in one’s own environment
• Pros: low noise; if you’re seeing it, you’re experiencing it
• Cons: requires extensive apparatus
Threat intelligence sources

11. • Canadian Center for cyber Security CCCS
• Department of Homeland Security: Automated Indicator Sharing
• FBI: InfraGard Portal
• @abuse.ch: Ransomware Tracker
• SANS: Internet Storm Center
• VirusTotal: VirusTotal
• Cisco: Talos Intelligence
• VirusShare: VirusShare Malware Repository
• Google: Safe Browsing
• National Council of ISACs: Member ISACs
• The Spamhaus Project: Spamhaus
Open-source Intelligence Feeds
Commercial Intelligence Feeds
 Recorded Future

12. NIST 800-150 “Guide to Threat Information Sharing”
• Threat information that has been aggregated, transformed, analysed,
interpreted, or enriched to provide the necessary context for
decision-making processes.

14. Thank You