cs0-003 Lesson 01
cs0-003 Lesson 01
Lesson 1
Understanding Vulnerability Response,
Handling, and Management
2
Lesson 1
Topic 1A
Understanding Cybersecurity
Leadership Concepts
• Policy Development
• Enforceable Rules
5
Explain Risk Management Principles
• Mitigate & Accept
• Mitigate risk down to acceptable levels
• You Can Only Manage Risk, Not Eliminate It
• Documentation is key
• Risk Exceptions
• Must include follow-up dates
6
Explore Threat Modeling
• Identifying Specifics
• Threat Actors
• TTPs
• Threat Considerations
• Different threat groups target different organizations
• Prioritize identified threat groups
• Build defenses based on threat group
7
Explore Threat Modeling
• Threat Model
• Diagramming and Documenting
• Functionally deconstruct systems
• Identify where a system can be
attacked
• Identify methods of attack
• Identify mitigations for each
attack/method
8
Explore Threat Modeling
• Development of Models Requires Collaboration
• Knowledge of system components
• Knowledge of attack methods
• Knowledge of appropriate mitigations
• Knowledge of laws & regulations
• Knowledge of business impacts
9
Review Activity: Cybersecurity Leadership Concepts
1. True or false. Cybersecurity operations are driven by technical
implementers.
2. What is the name of the team that risk managers depend upon to
assess whether work is being performed in accordance to policy?
3. Risk ____________________ requires that activities with high
levels of risk are stopped.
4. What activity is focused on deconstructing a system to better
understand the threats and exploits that might impact it?
10
Lab Activity
• Assisted Lab: Exploring the Lab Environment
11
Lesson 1
Topic 1B
Exploring Control Types and Methods
14
Security Control Functional Types
• Control Objectives
• Preventive
• Detective
• Corrective
• Responsive
• Compensating
15
Security Control Functional Types cont.
Examples of Control Objectives
Detective Logs
Compensating Audit
16
Security Control Functional Types cont.
• Control Categories and Objectives
• Mapping exercises
• Identify Asset and ask:
• Is it protected using all categories?
• Do controls in each category cover all objectives?
• Most organizations have lots of technical/preventive only!
17
Managing Attack Surfaces
• Attack Surface describes the level of exposure
• Identifying attack surface helps define the weak spots in the environment
• People and processes
• Software and devices
18
Managing Attack Surfaces cont.
• Evaluate the Attack Surface
• Footprinting & Fingerprinting
• Passive Discovery
• Edge Discovery
• Penetration Testing
• Adversary Emulation
19
Managing Attack Surfaces cont.
• Reduce the Attack Surface
• Asset inventory
• Access control
• Patching and updating
• Network segmentation
• Removing unnecessary components
• Employee training
20
Review Activity: Control Types and Methods
1. The leadership teams would like to develop controls designed to provide oversight of
various information systems. What type of control does this describe?
2. A web application firewall identifies and records any attempted or successful intrusion
to a log file. What category of control does this describe?
3. After identifying that a port scan was performed on an internal database system, a
security analyst performs a series of well-defined steps to further investigate the issue.
What type of control objective does this describe?
4. What is being analyzed when all potential pathways a threat actor could use to gain
unauthorized access or control of a system are identified and documented?
5. Systems, services, and protocols are discovered and characterized by analyzing network
packet captures. What type of discovery technique does this describe?
21
Lab Activity
• Assisted Lab: Configuring Controls
22
Lesson 1
Topic 1C
Explaining Patch Management
Concepts
24
Explain Software Patching and Host Protections cont.
• Where patches are located • Trustworthy patching source
• UEFI/BIOS • Supply chain attacks
• Operating systems
• Applications
• Network equipment
• Services
• Desktops/laptops
• Phones/tablets
• Embedded Systems
• Proprietary system firmware
25
Explore Configuration Management
• Control over endpoint configuration
• Critical role in infrastructure as code, CI/CD, and DevOps
environments
• Configuration is defined once and applied to many systems
26
Explore Configuration Management
• Examples of configuration management tools include:
• Chef - https://www.chef.io/
• Puppet - https://puppet.com/
• Ansible - https://www.ansible.com/
• Terraform - https://www.terraform.io/
27
Chef Iptables Cookbook
28
Understand Maintenance Windows
• Routine maintenance windows
• Administrators perform maintenance tasks
29
Review Activity: Patch Management Concepts
1. True or False. Advanced endpoint protection tools eliminate the need for
operating system patching.
2. True or False. Critical security patches are best implemented during the next
most convenient maintenance window.
Lesson 1
Summary