Frigør det fulde potentiale i dine projekter.
Vis hele kortet
Kopier og rediger map Kopier

Random Security Information by Lawrence Pingree

Lawrence Pingree
Kom i gang. Det er Gratis
eller tilmeld med din email adresse
Lignende mindmaps Mindmap-oversigt
Random Security Information by Lawrence Pingree af Mind Map: Random Security Information by Lawrence Pingree

1. Malware Behavioral Evaluations

1.1. Persistence

1.1.1. Installs as System Service

1.1.2. Installs Registry Keys in Startup locations

1.1.3. Modifies filesystem in specific locations

1.2. Suspicious Behaviors Evaluated

1.2.1. Attempts to login to systems that a specific user credential is not normally used on

1.2.2. Becomes another user on the system

1.2.3. CPU of Processes Spawned is high

1.2.4. Connects with a known bad URL or IP Address

1.2.5. Escalates privileges

1.2.6. Examines the Documents Folder or User Document Folders

1.2.7. File Isn't widely prevalent in user population

1.2.8. Injects data into memory of another running process

1.2.9. Modifies memory of another process

1.2.10. Opens TCP/IP Connections to other hosts

1.2.11. Performs a network port sweep

1.2.12. Process executes net use DOS command inside command.exe

1.2.13. Process spawns command.exe

1.2.14. Removes logs/events of application logs or operating system

1.2.15. Self Delete of files

1.2.16. Self-copy of files

1.2.17. Starts to repeatedly call the crypt function (ransom sign)

1.2.18. Time of execution is not normal in context of historical analysis

2. User

2.1. Activity on system when user's employment is in termination status

2.2. Deviates from past user behavior

2.3. Device not historically associated to user

2.4. Login time anamoly

2.5. Login time outside user's home timezone

2.6. Privileged data accessed

2.6.1. Volumetric analysis

2.6.2. Deviation from baseline

2.6.3. Cut-paste function used

2.7. Remote access and time of day abnormal from baselines

2.8. User authentication failure

2.9. User's browser or viewer is not the same as the baseline

2.10. User is logging into system remotely and locally simultaneously

2.11. User is logging into system remotely  (not expected)

2.12. User is logging into system remotely at an abnormal time

2.13. User is abnormally leveraging applications that are administrative in nature (Control Panel, Command.exe, Group Policy Editor, etc)

3. File Analysis

3.1. Computed Hash

3.1.1. Uniqueness

3.1.2. Prevelance

3.1.2.1. How many of these files exist on systems in visible domain

3.1.3. Known Good Universe (Whitelist)

3.1.4. Known Bad Universe (Blacklist)

3.2. Metadata Attributes

3.2.1. Temporal Analysis

3.2.1.1. Passage of time since creation

3.2.2. Temporal Analysis with Prevalence

3.2.2.1. How many users and how much time has taken place.

3.2.3. Time/Date

3.2.4. Certificate and Signature Evaluation (PKI)

3.2.5. Owner/Creator

3.3. Content Analysis

3.3.1. Binary File Headers

3.3.2. Packing Method

3.3.2.1. Multi-packing Analysis

3.3.2.1.1. Packing Method Used

3.3.2.1.2. How many times packed?

3.3.2.1.3. How many types of packer formats used?

3.3.2.1.4. Actual packer format different than file extension?

3.3.3. File Content Inspection

4. Compliance Mandates

4.1. United States

4.1.1. State Laws

4.1.1.1. California Consumer Privacy Act (CCPA)

4.1.1.2. Colorado Privacy Act (CPA)

4.1.1.2.1. Right to access.

4.1.1.2.2. Right to correction.

4.1.1.2.3. Right to delete.

4.1.1.2.4. Right to data portability.

4.1.1.2.5. Right to opt out.

4.1.1.3. Connecticut Data Privacy Act (CTDPA)

4.1.1.4. Delaware Personal Data Privacy Act

4.1.1.5. Indiana Consumer Data Protection Act

4.1.1.6. Iowa Consumer Data Protection Act (ICDPA)

4.1.1.7. Kentucky Consumer Data Act (KCDPA)

4.1.1.8. Maryland Online Data Privacy Act (MODPA)

4.1.1.9. Montana’s Consumer Data Privacy Act

4.1.1.10. Nebraska Data Privacy Act (NDPA)

4.1.1.11. New Hampshire Privacy Act (NHPA)

4.1.1.12. New Jersey Data Privacy Act (NJDPA)

4.1.1.13. Oregon Consumer Privacy Act (OCPA)

4.1.1.14. Tennessee Information Protection Act

4.1.1.15. Texas Data Privacy and Security Act (TDPSA)

4.1.1.16. Utah Consumer Privacy Act (UCPA)

4.1.1.17. Virginia Consumer Data Protection Act (VCDPA)

4.1.2. Federal Laws

4.1.2.1. Consumer Privacy Protection Act of 2017

4.1.2.2. COPPA: Children’s Online Privacy Protection Act

4.1.2.3. DFAR: Defense Federal Acquisition Regulation

4.1.2.4. ECPA and SCA

4.1.2.5. FDA (21 CFR Part 11)

4.1.2.6. Federal Computer Fraud and Abuse Act (“CFAA”)

4.1.2.7. FINRA

4.1.2.8. FISMA

4.1.2.9. FPA: Privacy Act of 1974

4.1.2.10. FTC: Federal Trade Commission Act §5

4.1.2.11. GLBA: Gramm-Leach-Bliley Act

4.1.2.12. Health Insurance Portability and Accountability Act (HIPAA)

4.1.2.13. HITECH

4.1.2.14. NERC CIP

4.1.2.15. PCI

4.1.2.15.1. WorldWide

4.1.2.15.2. Regional

4.1.2.16. Sarbanes-Oxley (SOX)

4.1.2.17. SEC Regulation S-P

4.1.3. Executive Directives

4.1.3.1. Executive Order 13859

4.1.3.2. Executive Order 14110

4.2. European Union

4.2.1. General Data Protection Regulation (GDPR)

4.2.2. EU Cybersecurity Act

4.2.3. NIS2 Directive

4.3. China

4.3.1. PIPL

5. Detection Methods

5.1. Network Specific

5.1.1. Protocol/File/Session Decode & Analysis

5.1.1.1. File Extraction

5.1.1.2. Playback (Surveillance)

5.1.1.3. File/Session Viewing

5.1.1.4. Correlation

5.1.1.5. Machine Learning (AI)

5.1.1.5.1. Classification, Correlation , Deviance from Baselines (Heuristics)

5.1.2. Network Flow Analysis

5.1.2.1. Machine Learning (AI)

5.1.2.1.1. Classification, Correlation , Deviance from Baselines (Heuristics)

5.1.3. Application Layer Analysis

5.1.3.1. Classification, Correlation , Deviance from Baselines (Heuristics)

5.1.3.2. Deep Packet Inspection (DPI)

5.1.3.2.1. Application Identification

5.1.3.3. Application Command and Input Analysis

5.1.3.3.1. Normalized session inspection using regular expressions (REGEX)

5.1.4. IP Layer Analysis

5.1.4.1. TCP/UDP Ports

5.1.4.1.1. Source and Destination Analysis

5.1.4.2. IP Address

5.1.4.2.1. Source and Destination Analysis

5.1.5. ML Algorithmic Analysis

5.1.5.1. Supervised learning

5.1.5.2. Unsupervised learning

5.1.5.3. Reinforcement learning

5.1.5.4. Heuristic algorithm-based Analysis

5.1.5.5. State-full pattern matching

5.1.5.6. State-less pattern matching

5.1.5.7. Network Protocol Analysis

5.1.5.8. ML Algorithms

5.1.5.8.1. Decision Tree

5.1.5.8.2. Dimensionality Reduction Algorithms

5.1.5.8.3. Gradient Boosting algorithms

5.1.5.8.4. K-Means

5.1.5.8.5. KNN

5.1.5.8.6. Linear Regression

5.1.5.8.7. Logistic Regression

5.1.5.8.8. Naive Bayes

5.1.5.8.9. Random Forest

5.1.5.8.10. SVM

5.1.6. Generative AI

5.1.6.1. ChatGPT

5.1.6.2. Various Open Source Models

6. Security Standards and Frameworks

6.1. CIS

6.2. COBIT

6.3. COSO

6.4. HITRUST Common Security Framework

6.5. ISO

6.5.1. 27002

6.5.2. ISO 27000 series

6.6. NIST

6.6.1. NIST CSF

6.6.2. NIST SP 800-53

6.6.3. NIST SP 800-171

6.6.4. NIST SP 1800 series

7. API Protocols

7.1. AMQP

7.1.1. AMQD is an open-source messaging protocol used for real-time communication between devices over the internet. It allows devices to send messages to each other and receive responses in a format that can be easily parsed by both the client and the server.

7.2. EDA

7.2.1. EDA APIs are a set of protocols used to exchange electronic documents between different systems over the internet. They allow for secure and efficient data transfer, making them an essential tool for businesses that need to share information with their partners and suppliers.

7.3. EDI

7.3.1. EDI APIs are a set of protocols used to exchange electronic documents between different systems over the internet. They allow for secure and efficient data transfer, making them an essential tool for businesses that need to share information with their partners and suppliers.

7.4. gPRC

7.4.1. gPRC is a web-based application used for tracking and managing the progress of government projects in Pakistan. It allows users to view project details, submit project proposals, and track the status of their applications.

7.5. GraphQL

7.5.1. GraphQL is a query language and runtime that allows developers to build APIs by defining the types of data they need to work with, as well as the operations (such as querying, updating, and deleting) that can be performed on that data.

7.6. MQTT

7.6.1. MQTT is a lightweight messaging protocol used for real-time communication between devices over the internet. It allows devices to send messages to each other and receive responses in a format that can be easily parsed by both the client and the server.

7.7. REST

7.7.1. REST APIs are a set of protocols used to exchange data between different systems over the internet. They allow for secure and efficient data transfer, making them an essential tool for businesses that need to share information with their partners and suppliers.

7.8. SOAP

7.8.1. SOAP (Simple Object Access Protocol) is an XML-based protocol used for exchanging structured data between applications over HTTP. It allows clients to send requests to a server and receive responses in a format that can be easily parsed by both the client and the server.

7.9. SSE

7.9.1. SSE APIs are a set of protocols and procedures used to securely send data between different systems over the internet. They allow for real-time communication and data exchange, making them an essential tool for modern businesses and organizations.

7.10. Webhooks

7.10.1. A webhook is an HTTP request that is sent to a server when a specific event occurs. It can be used to trigger actions or send notifications based on the event.

7.11. WebSockets

7.11.1. WebSockets is a protocol used for real-time communication between a client and a server over HTTP. It allows clients to send requests to the server and receive responses in a format that can be easily parsed by both the client and the server.