CTI100, CTI200 Exam-Question with Correct Answers/ Verified
4 views 0 purchase
Course
CTI
Institution
CTI
cyber threat intelligence -️️what does CTI stand for?
determining the desired end-state and organizing resources and operations to reach that desired
end state. strategy is broad, not specific, and strongly influenced by both the strategist's goals and
values. however, strategy is not static...
CTI100, CTI200 Exam-Question with Correct Answers/ Verified
cyber threat intelligence - ✔️✔️what does CTI stand for?
determining the desired end-state and organizing resources and operations to reach that desired
end state. strategy is broad, not specific, and strongly influenced by both the strategist's goals and
values. however, strategy is not static since it must be built in a world of incomplete information and
must be implemented in a constantly changing environment.
ends = ways + means - ✔️✔️strategy
strategy, operational, tactical - ✔️✔️what are the three different levels of planning and execution?
"boots on ground" or "hands on the keyboard/eyes on glass" this is the execution level of an
organization, where things happen. many people work at this level, employing your business's
fundamental tools and processes. - ✔️✔️where does the tactical perspective impact the
organization?
the operational level of planning and execution is putting together the tools and capabilities within
the organization to achieve clearly defined objectives - ✔️✔️where does the operational
perspective impact the organization?
this level involves the fewest number of people in an organization (think c suite). this is where the
vision of the organization is laid out. a strategy must be built within resource limitations, but may
anticipate incorporating new resources or technology. - ✔️✔️where does the strategic perspective
impact the organization?
needs to be: holistic (consider all players), planned, built upon experience (not just your own
experience, but learn from the mistakes of others), built with the consideration of the threat
(meaning threat must be constantly assessed), and an efficient use of resources. it involves
considerable coordination.
cybersecurity strategy is only a portion of an organizations overall grand strategy - ✔️✔️keys for
strategy
an expression that means something that is isolated in a way that hinders communication and
cooperation with others
,a structure that inhibits or prevents cross-organizational communication - ✔️✔️vertical stovepipe
not all organizations have strong stovepipes. this is more common in larger organizations yet smaller
businesses experience the lack of communication on the tactical levels. such barriers to
communication can exist everywhere, especially when managers attempt to control the flow of
information into and out of their part of the organization. remedying this problem is the task of the
next higher layer within the organization - ✔️✔️what kind of vertical stovepipes usually exist in an
organization?
a rational person making optimal choices based on calculated expected benefits, or profitability and
guided by consistent personal values.
the c suite is expected to be the rational actor in an organization - ✔️✔️what is a rational actor?
data, application, host, network, perimeter - ✔️✔️layered security model
from a device-level (bottom up) perspective instead of centrally controlled (top down)
think: all of the tools that would allow us to have eyes on what is occurring. - ✔️✔️how should we
approach security capabilities?
a Chinese military general from 6th century BC who wrote The Art of War, a text that shows early
examples of operational security principles - ✔️✔️sun tzu
harmony & trust
shape the enemy's perception
understand the enemy's organization and intention
dispersion & concentration
rapidity & fluidity
deception & subversion
shape the adversary's course of action - ✔️✔️areas that sun tzu considers to be important inside an
organization
,1. capture your market without destroying it (win all without fighting)
2. striking where they least expect it (avoid strength and attack weakness)
3. maximize the powers of market information (know the enemy, know yourself)
4. move swiftly to overcome your competitors (speed and preparation)
5. employing strategy to master the competition (leverage alliances and shape your opponents)
6. develop your character as a leader to maximize the potential of your employees (character-based
leadership) - ✔️✔️six principles of sun tzu and the art of business
1. social engineering: the human element of threat (thumb drive/email click)
2. IP address and attack route (anomalies and goal of long-term access)
3. fortress warfare (signature based vs active defense)
4. logs and detection: how are threats identified?
5. attribution: do you really know who the adversary is?
6. cyber-physical: now we can destroy from a distance - ✔️✔️security specific strategy & sun tzu
while important, these do not make up strategy. but they ARE important things that contribute to
strategy
-management
-leadership
-operational effectiveness
-best practices
-benchmarking - ✔️✔️strategy is NOT
improve attribution, accountability, and response: we will invest in capabilities to support and
improve our ability to attribute cyber-attacks, to allow for rapid response - ✔️✔️NSS strategy for
cyberspace priority actions
every time we elect a new president - ✔️✔️how often does the US develop a new national security
strategy?
-makes hard choices
-can adjust to the reality of: resources, will, interests
, -balances risk: not necessarily an even distribution, but balance may mean balanced to meet a threat
or cover a vulnerability
-the ability to prioritize areas when not everything can be balanced - ✔️✔️qualities of a strategic
leader
-white papers: logical and based on analytical assessments
-mathematical statements and applied math
-"closed" simulations
-war games (manned simulation)
-field experiments - ✔️✔️operational design modeling for cybersecurity
1. order is emergent rather than predetermined
2. a system's history is irreversible
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller MikeHarris. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $10.49. You're not tied to anything after your purchase.
