Cyber Threats
The intent of the Cyber Threats Knowledge Unit is to provide students with basic information about the threats that may be present in the cyber realm.
Topics
- Types of Attacks (and vulnerabilities that enable them) a. Password guessing / cracking b. Backdoors / trojans / viruses / wireless attacks c. Sniffing / spoofing / session hijacking d. Denial of service / distributed e. DOS / BOTs f. MAC spoofing / web app attacks / 0-day exploits g. Advanced Persistent Threat (APT)
- Types of Attacks (and vulnerabilities that enable them) a. Password guessing / cracking b. Backdoors / trojans / viruses / wireless attacks c. Sniffing / spoofing / session hijacking d. Denial of service / distributed e. DOS / BOTs f. MAC spoofing / web app attacks / 0-
- Insider problem
- Motivations and Techniques
- The Adversary Model (resources, capabilities, intent, motivation, risk aversion, access)
- Types of Attacks (and vulnerabilities that enable them)
- Events that indicate an attack is/has happened
- Attack Timing (within x minutes of being attached to the net)
- Attack surfaces / vectors, and trees
- Covert Channels
- Social Engineering
- Threat Information Sources (e.g., CERT)
- Threat Information Sources (e.g., CERT)
- Backdoors / trojans / viruses / wireless attacks
- Password guessing / cracking
- Sniffing / spoofing / session hijacking
- Denial of service / distributed
- DOS / BOTs
- MAC spoofing / web app attacks / 0-day exploits
- Advanced Persistent Threat (APT)
Outcomes
- Identify the bad actors in cyberspace and compare and contrast their resources, capabilities/techniques, motivations and aversion to risk.
- Describe different types of attacks and their characteristics.
- Motivations and Techniques
- The Adversary Model (resources, capabilities, intent, motivation, risk aversion, access)
- Types of Attacks (and vulnerabilities that enable them)
- Events that indicate an attack is/has happened
- Attack Timing (within x minutes of being attached to the net)
- Attack surfaces / vectors, and trees
- Covert Channels
- Social Engineering
- Insider problem
- Threat Information Sources (e.g., CERT)
- Legal Issues associated with cyber threats
KSA-T
Below are the Knowledge, Skills, Abilities and Tasks (KSA-T) identified as being required to perform this work role.
Learn More about the KAS-T's.
ID | DESCRIPTION |
---|---|
K0106 | Knowledge of what constitutes a network attack and a network attack??s relationship to both threats and vulnerabilities. |
K0161 | Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution attacks). |
K0162 | Knowledge of cyber attackers (e.g., script kiddies, insider threat, non-nation state sponsored, and nation sponsored). |
K0005 | Knowledge of cyber threats and vulnerabilities. |
K0344 | Knowledge of an organization??s threat environment. |
K0107 | Knowledge of Insider Threat investigations, reporting, investigative tools and laws/regulations. |
K0110 | Knowledge of adversarial tactics, techniques, and procedures. |
K0603 | Knowledge of the ways in which targets or threats use the Internet. |
K0040 | Knowledge of vulnerability information dissemination sources (e.g., alerts, advisories, errata, and bulletins). |
K0009 | Knowledge of application vulnerabilities. |
K0151 | Knowledge of current and emerging threats/threat vectors. |
K0375 | Knowledge of wireless applications vulnerabilities. |
K0362 | Knowledge of attack methods and techniques (DDoS, brute force, spoofing, etc.). |
K0147 | Knowledge of emerging security issues, risks, and vulnerabilities. |
K0309 | Knowledge of emerging technologies that have potential for exploitation. |
K0053 | Knowledge of measures or indicators of system performance and availability. |
K0453 | Knowledge of indications and warning. |
K0160 | Knowledge of the common attack vectors on the network layer. |
K0179 | Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth). |
K0209 | Knowledge of covert communication techniques. |
K0409 | Knowledge of cyber intelligence/information collection capabilities and repositories. |
K0446 | Knowledge of how modern wireless communications systems impact cyber operations. |
ID | DESCRIPTION |
---|---|
S0078 | Skill in recognizing and categorizing types of vulnerabilities and associated attacks. |
S0144 | Skill in correcting physical and technical problems that impact system/server performance. |
S0153 | Skill in identifying and anticipating system/server performance, availability, capacity, or configuration problems. |
S0155 | Skill in monitoring and optimizing system/server performance. |
S0052 | Skill in the use of social engineering techniques. (e.g., phishing, baiting, tailgating, etc.). |
S0357 | Skill to anticipate new security threats. |
ID | DESCRIPTION |
---|
ID | DESCRIPTION |
---|