Assignment 2 -Ticketing Research Below are some common threats within an on-prem

Question

Assignment 2 -Ticketing Research

Below are some common threats within an on-premise, hosted or cloud computing environment:

Data Breach

Data Loss

Account or Service Hijacking

Insecure Interfaces and API’s

Denial of Service

Malicious Insiders

Shared Technology Vulnerabilities

BYOD and IoE Vulnerabilities

Using your extensive knowledge of data aggregation, created an excel table to identify the following for each threat:

Incident Category

Incident Severity Level

Logging Severity Level

Proposed Log Correlation Rules Table See table 2-3

EndPoint - Active unmediated

Malware Infection

Correlation Search Description Default

EndPoint - Active unmediated

Malware Infection

Number days that the device was unable to clean the infection 3 Endpoint - Anomalous New Service Number of new services 9

Explanation / Answer

Solution:

The above mentioned threats below are the categorization:

Incident Category:

Everything which would harm the computer is referred to as incident.

Service Hijacking, Malicious Insider, BYOD Vulnerabilities, Denial of Service

Incident Severity Level:

Denial of Service, Shared Technology Vulnerabilities

Logging Severity Level:

Data Breach, Data Loss, Denial of Service

Proposed Log correlation Rules:

Insecure Interface and API, Shared Technology Vulnerabilities.

Related Questions

Navigate

• Browse (All)
• Browse A
• Subjects

---