Lesson Plan
Course:
Principles of Cybersecurity
Lesson:
Threats in Cyberspace
Intensity:
Low
Duration:
1.0 hours
LEARNING OBJECTIVES
Recite the 3 different threat actors
Recall common cyber threats and recite their respective countermeasure
Define the three ways organizations handle cyber threats
SUMMARY OF TASKS
Who are the threats?
Define Threat Actors
Nation-state - leveraging cyberspace to gain information or deny access to cyber assets
Cybercrime Organizations - leveraging cyberspace for financial gain
Individuals - leveraging cyberspace for "street cred" or experience
Explain common vectors of attack
Phishing
Malware (Malicious Code)
Weak or default settings (passwords)
Unpatched or outdated software
Removable media
Discuss the indicators and countermeasures for each vector
How do organizations respond to cyber threats?
Discuss Prevention
Use threat intelligence to build countermeasures
Use technology to stop attacks
Discuss Detection
Use technology to detect attacks
Discuss Response
Categorize attacks
Form a team to investigate anomalies
Computer Emergency Response Team (CERT)
Small businesses
Large enterprises and government
Build countermeasures to prevent and detect future attacks
Briefly discuss the incident handling cycle according to NIST
Preparation
Detection and Discovery
Containment, Eradication, Recovery
Post-incident activity
Lessons learned and after action reporting
Countermeasure creation
Reporting
How does one report incidents?
Leadership
Shareholders
Employees
US-CERT
EVALUATION CRITERIA
Students will take a five question quiz for this module
RESOURCES
IBM X-Force Exchange - Current Threat Activity Norselabs Attack Map - Internet Attack Map Mikko Hypponen: Fighting viruses, defending the net NIST SP 800-61: Computer Security Incident Handling Guide US-CERT Federal Incident Notification Guidelines
REFERENCES
Common Cyber Threats: Indicators and Countermeasures US-Cert Incident Categories Department of Homeland Security Cyber Incident Response
Last updated