CTI100 and CTI200 Exam Questions| Already answered| GRADED A+
10 views 0 purchase
Course
CTI100 and CTI200
Institution
CTI100 And CTI200
cyber threat intelligence - ANSWER-what does CTI stand for?
determining the desired end-state and organizing resources and operations to reach that desired end
state. strategy is broad, not specific, and strongly influenced by both the strategist's goals and values.
however, strategy is not stat...
CTI100 and CTI200 Exam Questions|
Already answered| GRADED A+
cyber threat intelligence - ANSWER-what does CTI stand for?
determining the desired end-state and organizing resources and operations to reach that desired end
state. strategy is broad, not specific, and strongly influenced by both the strategist's goals and values.
however, strategy is not static since it must be built in a world of incomplete information and must be
implemented in a constantly changing environment.
ends = ways + means - ANSWER-strategy
strategy, operational, tactical - ANSWER-what are the three different levels of planning and execution?
"boots on ground" or "hands on the keyboard/eyes on glass" this is the execution level of an
organization, where things happen. many people work at this level, employing your business's
fundamental tools and processes. - ANSWER-where does the tactical perspective impact the
organization?
the operational level of planning and execution is putting together the tools and capabilities within the
organization to achieve clearly defined objectives - ANSWER-where does the operational perspective
impact the organization?
this level involves the fewest number of people in an organization (think c suite). this is where the vision
of the organization is laid out. a strategy must be built within resource limitations, but may anticipate
incorporating new resources or technology. - ANSWER-where does the strategic perspective impact the
organization?
needs to be: holistic (consider all players), planned, built upon experience (not just your own
experience, but learn from the mistakes of others), built with the consideration of the threat (meaning
threat must be constantly assessed), and an efficient use of resources. it involves considerable
coordination.
,cybersecurity strategy is only a portion of an organizations overall grand strategy - ANSWER-keys for
strategy
an expression that means something that is isolated in a way that hinders communication and
cooperation with others
a structure that inhibits or prevents cross-organizational communication - ANSWER-vertical stovepipe
not all organizations have strong stovepipes. this is more common in larger organizations yet smaller
businesses experience the lack of communication on the tactical levels. such barriers to communication
can exist everywhere, especially when managers attempt to control the flow of information into and out
of their part of the organization. remedying this problem is the task of the next higher layer within the
organization - ANSWER-what kind of vertical stovepipes usually exist in an organization?
a rational person making optimal choices based on calculated expected benefits, or profitability and
guided by consistent personal values.
the c suite is expected to be the rational actor in an organization - ANSWER-what is a rational actor?
data, application, host, network, perimeter - ANSWER-layered security model
from a device-level (bottom up) perspective instead of centrally controlled (top down)
think: all of the tools that would allow us to have eyes on what is occurring. - ANSWER-how should we
approach security capabilities?
a Chinese military general from 6th century BC who wrote The Art of War, a text that shows early
examples of operational security principles - ANSWER-sun tzu
harmony & trust
shape the enemy's perception
understand the enemy's organization and intention
,dispersion & concentration
rapidity & fluidity
deception & subversion
shape the adversary's course of action - ANSWER-areas that sun tzu considers to be important inside an
organization
1. capture your market without destroying it (win all without fighting)
2. striking where they least expect it (avoid strength and attack weakness)
3. maximize the powers of market information (know the enemy, know yourself)
4. move swiftly to overcome your competitors (speed and preparation)
5. employing strategy to master the competition (leverage alliances and shape your opponents)
6. develop your character as a leader to maximize the potential of your employees (character-based
leadership) - ANSWER-six principles of sun tzu and the art of business
1. social engineering: the human element of threat (thumb drive/email click)
2. IP address and attack route (anomalies and goal of long-term access)
3. fortress warfare (signature based vs active defense)
4. logs and detection: how are threats identified?
5. attribution: do you really know who the adversary is?
6. cyber-physical: now we can destroy from a distance - ANSWER-security specific strategy & sun tzu
while important, these do not make up strategy. but they ARE important things that contribute to
strategy
-management
-leadership
-operational effectiveness
-best practices
-benchmarking - ANSWER-strategy is NOT
, improve attribution, accountability, and response: we will invest in capabilities to support and improve
our ability to attribute cyber-attacks, to allow for rapid response - ANSWER-NSS strategy for cyberspace
priority actions
every time we elect a new president - ANSWER-how often does the US develop a new national security
strategy?
-makes hard choices
-can adjust to the reality of: resources, will, interests
-balances risk: not necessarily an even distribution, but balance may mean balanced to meet a threat or
cover a vulnerability
-the ability to prioritize areas when not everything can be balanced - ANSWER-qualities of a strategic
leader
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller lecturervince8. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $40.48. You're not tied to anything after your purchase.