Preface
Contents
Chapter 1: Introduction
NICE Framework: SP 800-181 Rev. 1
General Issues with NICE Framework – Date Published: November 2020
Chapter 2: Acquisition Management
K0126: Knowledge of Secure Acquisitions (e.g., Relevant Contracting Officer’s Technical Representative [COTR] Duties, Secure Procurement, Supply Chain Risk Management)
K0148: Knowledge of Import/Export Control Regulations and Responsible Agencies for the Purposes of Reducing Supply Chain Risk
K0154: Knowledge of Supply Chain Risk Management Standards, Processes, and Practices
BES Cyber Asset
ISO/IEC 20243 and 27036
K0163: Knowledge of Critical Information Technology (IT) Procurement Requirements
IT Procurement Methods
K0164: Knowledge of Functionality, Quality, and Security Requirements and How These Will Apply to Specific Items of Supply (i.e., Elements and Processes)
Functional Requirements
Quality Requirements
Security Requirements
K0169: Knowledge of Information Technology (IT) Supply Chain Security and Risk Management Policies, Requirements, and Procedures
Supply Chain Security Policies
Supply Chain Security Requirements and Procedures
Supply Chain Risk Management Policies
K0257: Knowledge of Information Technology (IT) Acquisition/Procurement Requirements
K0264: Knowledge of Program Protection Planning to Include Information Technology (IT) Supply Chain Security/Risk Management Policies, Anti-tampering Techniques, and Requirements
Information Sensitivity (Alsmadi et al. 2018)
K0266: Knowledge of How to Evaluate the Trustworthiness of the Supplier and/or Product
K0270: Knowledge of the Acquisition/Procurement Life Cycle Process
Defense Acquisition University
K0523: Knowledge of Products and Nomenclature of Major Vendors (e.g., Security Suites – Trend Micro, Symantec, McAfee, Outpost, Panda, Kaspersky) and how Differences Affect Exploitation/Vulnerabilities
S0086: Skill in Evaluating the Trustworthiness of the Supplier and/or Product
A0009: Ability to Apply Supply Chain Risk Management Standards
A0031: Ability to Conduct and Implement Market Research to Understand Government and Industry Capabilities and Appropriate Pricing
A0039: Ability to Oversee the Development and Update of the Life Cycle Cost Estimate
A0045: Ability to Evaluate/Ensure the Trustworthiness of the Supplier and/or Product
A0056: Ability to Ensure Security Practices Are Followed Throughout the Acquisition Process
A0056-2
A0064: Ability to Interpret and Translate Customer Requirements into Operational Capabilities
References
Chapter 3: Continuity Planning and Disaster Recovery
K0210: Knowledge of Data Backup and Restoration Concepts
Type of Storage Destinations
External Hard Drives, Flash Drives, Etc.
Network Attached Storage Systems
Storage Area Networks
Raid
Remote or Online Storage
Backup vs. Archive
K0021: Knowledge of Data Backup, Types of Backups (e.g., Full, Incremental), and Recovery Concepts and Tools
K0365: Knowledge of Basic Backup and Recovery Procedures Including Different Types of Backups (e.g., Full, Incremental)
K0026: Knowledge of Disaster Recovery Continuity of Operations Plans
Business Process and Impact Analysis (BPA/BIA)
FCD and CGC
S0032: Skill in Developing, Testing, and Implementing Network Infrastructure Contingency and Recovery Plans
S0150: Skill in Implementing and Testing Network Infrastructure Contingency and Recovery Plans
References
Chapter 4: Cyber Defense Analysis and Support
K0098: Knowledge of the Cyber Defense Service Provider Reporting Structure and Processes Within One’s Own Organization
DoD CND-SP Directives
K0107: Knowledge of and Experience in Insider Threat Investigations, Reporting, Investigative Tools, and Laws/Regulations
Phishing Attacks
Password Attacks
Privilege Tampering/Escalation and Abuse
Challenges in Insider Threat Investigations
Methods to Counter and Mitigate Insider Threats
Insiders’ Investigations: Laws and Regulations
K0157: Knowledge of Cyber Defense Policies, Procedures, and Regulations
K0190: Knowledge of Encryption Methodologies
K0408: Knowledge of Cyber Actions (i.e., Cyber Defense, Information Gathering, Environment Preparation, Cyberattack) Principles, Capabilities, Limitations, and Effects
S0063: Skill in Collecting Data from a Variety of Cyber Defense Resources
S0096: Skill in Reading and Interpreting Signatures (e.g., Snort)
S0124: Skill in Troubleshooting and Diagnosing Cyber Defense Infrastructure Anomalies and Work Through Resolution
S0170: Skill in Configuring and Utilizing Computer Protection Components (e.g., Hardware Firewalls, Servers, and Routers, as Appropriate)
References
Chapter 5: Cyber Intelligence
K0409: Knowledge of Cyber Intelligence/Information Collection Capabilities and Repositories
Cyber Intelligence Levels
Sources of Cyber Intelligence or Collection Capabilities
The Intelligence Life Cycle or Activities
Areas of Cyber Intelligence
K0525: Knowledge of Required Intelligence Planning Products Associated with Cyber Operational Planning
K0550: Knowledge of Target, Including Related Current Events, Communication Profile, Actors, and History (Language, Culture) and/or Frame of Reference
K0553: Knowledge of Tasking Processes for Organic and Subordinate Collection Assets
K0554: Knowledge of Tasking, Collection, Processing, Exploitation, and Dissemination
K0562: Knowledge of the Capabilities and Limitations of New and Emerging Collection Capabilities, Accesses, and/or Processes
K0568: Knowledge of the Definition of Collection Management and Collection Management Authority
K0404: Knowledge of Current Collection Requirements
K0571: Knowledge of the Feedback Cycle in Collection Processes
K0578: Knowledge of the Intelligence Requirement Development and Request for Information Processes
K0580: Knowledge of the Organization’s Established Format for Collection Plan
K0595: Knowledge of the Relationships of Operational Objectives, Intelligence Requirements, and Intelligence Production Tasks
Cyber Intelligence
K0596: Knowledge of the Request for Information Process
K0602: Knowledge of the Various Collection Disciplines and Capabilities
K0458: Knowledge of Intelligence Disciplines
References
Chapter 6: Cyber Intelligence Analysis
K0110: Knowledge of Common Adversary Tactics, Techniques, and Procedures in Assigned Area of Responsibility (i.e., Historical Country-Specific Tactics, Techniques, and Procedures; Emerging Capabilities)
Cyber Kill Chain Models
Cyber Threats’ Description Languages and Models
MITRE ATT&CK Framework Behavioral-Based Threat Model
K0115: Knowledge of Emerging Computer-Based Technology That Has Potential for Exploitation by Adversaries
K0312: Knowledge of Intelligence Principles, Policies, and Procedures Including Legal Authorities and Restrictions
Cybersecurity Intelligence Principles
Cybersecurity Act 2015
FISMA
Electronic Surveillance and FISA
Intelligence Authorization Act
The Cyber Intelligence Sharing and Protection Act
Freedom of Information Act (FOIA)
Intelligence Reform and Terrorism Prevention Act of 2004 (IRTPA)
K0315: Knowledge of the Principal Methods, Procedures, and Techniques of Gathering Information and Producing, Reporting, and Sharing Information
Existing Efforts in Cybersecurity Information Sharing
K0352: Knowledge of All Forms of Intelligence Support Needs, Topics, and Focus Areas
K0354: Knowledge of All Relevant Reporting and Dissemination Procedures
K0355: Knowledge of All-Source Reporting and Dissemination Procedures
The Intelligence and Information Sharing and Dissemination Capability (IISDC)
Suspicious Activity Reporting (SAR) Process
NSA/CSS Policy 5-5, “Reporting of Security Incidents and Criminal Violations: August 2010”
Interagency Threat Assessment and Coordination Group (ITACG) Intelligence Guide for First Responders
Unified Crime Reporting System
Production and Dissemination of Serialized Intelligence Reports Derived from Signals Intelligence
Intelligence Products Typically Available to First Responders (HSDL 2009)
K0358: Knowledge of Analytical Standards and the Purpose of Intelligence Confidence Levels
DNI ICD 203: Analytic Standards (www.dni.gov)
How Right and How Often? (Lowenthal 2008, 2012)
K0359: Knowledge of Approved Intelligence Dissemination Processes
Common Forms/Format of Dissemination
K0386: Knowledge of Collection Management Tools
K0391: Knowledge of Collection Systems, Capabilities, and Processes
Joint Collection Management Tools (JCMT) (globalsecurity.org)
ECHELON
UTT: Unified Targeting Tool
NSA XKeyscore Program
PRISM Program
Upstream
Cadence
WebTAS
K0387: Knowledge of Collection Planning Process and Collection Plan
Internet-Based Collection Planning Process
K0389: Knowledge of Collection Sources Including Conventional and Nonconventional Sources
SIGAD DNR and DNI Collection Sources
K0390: Knowledge of Collection Strategies
Cross-Intelligence Collection Strategies
Collection Coverage Plan
Strategic Intelligence
K0394: Knowledge of Common Reporting Databases and Tools
K0401: Knowledge of Criteria for Evaluating Collection Products
Accuracy and Timeliness
K0441: Knowledge of How Collection Requirements and Information Needs Are Translated, Tracked, and Prioritized Across the Extended Enterprise
Actionable Knowledge
Autonomous Security Controls
K0456: Knowledge of Intelligence Capabilities and Limitations
Intelligence Capabilities
Intelligence Limitations
Predictive vs. Prescriptive Analytics
K0457: Knowledge of Intelligence Confidence Levels
K0459: Knowledge of Intelligence Employment Requirements (i.e., Logistical, Communications Support, Maneuverability, Legal Restrictions, Etc.)
K0460: Knowledge of Intelligence Preparation of the Environment and Similar Processes
K0461: Knowledge of Intelligence Production Processes
K0462: Knowledge of Intelligence Reporting Principles, Policies, Procedures, and Vehicles, Including Report Formats, Report-Ability Criteria (Requirements and Priorities), Dissemination Practices, and Legal Authorities and Restrictions
Examples of Intelligence Reporting Formats
K0463: Knowledge of Intelligence Requirements’ Tasking Systems
Standard Collection Asset Request Format (SCARF)
National Human Intelligence Requirements’ Tasking Center (NHRTC)
K0464: Knowledge of Intelligence Support to Planning, Execution, and Assessment
K0484: Knowledge of Midpoint Collection (Process, Objectives, Organization, Targets, Etc.)
K0492: Knowledge of Nontraditional Collection Methodologies
K0514: Knowledge of Organizational Structures and Associated Intelligence Capabilities
K0544: Knowledge of Target Intelligence Gathering and Operational Preparation Techniques and Life Cycles
K0577: Knowledge of the Intelligence Frameworks, Processes, and Related Systems
Open Indicators of Compromise (OpenIOC) Framework
Collective Intelligence Framework (CIF)
Open Threat Exchange (OTX)
References
Chapter 7: Cyber Operational Planning
K0028: Knowledge of Organization’s Evaluation and Validation Requirements
K0234: Knowledge of Full-Spectrum Cyber Capabilities
CNA/D/E/O
K0316: Knowledge of Business or Military Operation Plans, Concept Operation Plans, Orders, Policies, and Standing Rules of Engagement
K0367: Knowledge of Basic Cyber Operation Activity Concepts (e.g., Foot Printing, Scanning and Enumeration, Penetration Testing, White/Blacklisting)
K0400: Knowledge of Crisis Action Planning for Cyber Operations
Define a Crisis
K0413: Knowledge of Cyber Operation Objectives, Policies, and Legalities
K0415: Knowledge of Cyber Operation Terminology/Lexicon
K0436: Knowledge of Fundamental Cyber Operation Concepts, Terminology/Lexicon (i.e., Environment Preparation, Cyberattack, Cyber Defense), Principles, Capabilities, Limitations, and Effects
Cyberspace
Full-Spectrum Cyber
Cyber Ranges and Information Technology Ranges
Cyber Espionage
Cyber Deterrence
Cyber War and Cyber Warfare
Cyber Persona
Cyber Weapons
Cyber Warriors
Cyber Deception
Cyber-Hacktivists
Cyber Operations Limitations
K0416: Knowledge of Cyber Operations
K0424: Knowledge of Denial and Deception Techniques
K0442: Knowledge of How Converged Technologies Impact Cyber Operations (e.g., Digital, Telephony, Wireless)
Internet of Things (IoT)
Cloud Computing
Smartphones
Online Social Networks
K0465: Knowledge of Internal and External Partner Cyber Operations Capabilities and Tools
K0494: Knowledge of Objectives, Situation, Operational Environment, and the Status and Disposition of Internal and External Partner Collection Capabilities Available to Support Planning
K0495: Knowledge of Ongoing and Future Operations
Stuxnet, Olympic Games, Nitro Zeus, and Flame
Russia’s Hack of Ukraine’s Power Grid
Russia Cyber Operations in Georgia
Cyber Operations in Estonia
Sony Hack in 2014
Democratic National Committee Hack in 2016
K0496: Knowledge of Operational Asset Constraints
K0497: Knowledge of Operational Effectiveness Assessment
K0498: Knowledge of Operational Planning Processes
K0499: Knowledge of Operations Security
K0503: Knowledge of Organization Formats of Resource and Asset Readiness Reporting and Its Operational Relevance and Intelligence Collection Impact
K0519: Knowledge of Planning Timelines Adaptive, Crisis Action, and Time-Sensitive Planning
K0572: Knowledge of the Functions and Capabilities of Internal Teams That Emulate Threat Activities to Benefit the Organization
Bug Bounty Programs
K0585: Knowledge of the Organizational Structure as It Pertains to Full-Spectrum Cyber Operations, Including the Functions, Responsibilities, and Interrelationships Among Distinct Internal Elements
Team Employment Category
Organizational Structure
K0588: Knowledge of the Priority Information Requirements from Subordinate, Lateral, and Higher Levels of the Organization
K0589: Knowledge of the Process Used to Assess the Performance and Impact of Operations
K0593: Knowledge of the Range of Cyber Operations and Their Underlying Intelligence Support Needs, Topics, and Focus Areas
K0594: Knowledge of the Relationships Between End States, Objectives, Effects, Lines of Operation, Etc.
K0613: Knowledge of Who the Organization’s Operational Planners Are, How and Where They Can Be Contacted, and What Are Their Expectations
S0030: Skill in Developing Operations-Based Testing Scenarios
S0055: Skill in Using Knowledge Management Technologies
S0061: Skill in Writing Test Plans
Cybersecurity T&E Policy in DoDI 5000.02
S0082: Skill in Evaluating Test Plans for Applicability and Completeness
S0104: Skill in Conducting Test Readiness Reviews
References
Chapter 8: Cyber Policy and Strategy Management
K0065: Knowledge of Policy-Based and Risk-Adaptive Access Controls
K0191: Knowledge of Signature Implementation Impact
K0248: Knowledge of Strategic Theory and Practice
K0288: Knowledge of Industry Standard Security Models
Access Control Models
ISO 27001
NIST SP 800-53
Authentication Protocols or Standards (OWASP 2017)
Encryption Standards
Symmetric Encryption Algorithms
Asymmetric Encryption Algorithms
Cloud Security Models (Kaur 2014)
K0311: Knowledge of Industry Indicators Useful for Identifying Technology Trends
Gartner Top 10 Strategic Technology Trends
AI Foundation
Intelligent Apps and Analytics
Intelligent Things
Digital Twin
Cloud to the Edge
Conversational Platforms
Immersive Experience
Blockchain
Event Driven
Continuous Adaptive Risk and Trust
Deloitte Technical Trends
K0335: Knowledge of Current and Emerging Cyber Technologies
Ten Top Cybersecurity Companies
K0412: Knowledge of Cyber Lexicon/Terminology
K0435: Knowledge of Fundamental Cyber Concepts, Principles, Limitations, and Effects
K0454: Knowledge of Information Needs
K0504: Knowledge of Organization Issues, Objectives, and Operations in Cyber as Well as Regulations and Policy Directives Governing Cyber Operations
Presidential Policy Directive 20 (PPD 20)
National Security Presidential Directive 54 (NSPD 54)
Comprehensive National Cybersecurity Initiative (CNCI)
K0521: Knowledge of Priority Information, How It Is Derived, Where It Is Published, How to Access, Etc.
K0526: Knowledge of Research Strategies and Knowledge Management
K0535: Knowledge of Strategies and Tools for Target Research
K0566: Knowledge of the Critical Information Requirements and How They’re Used in Planning
S0018: Skill in Creating Policies That Reflect System Security Objectives
S0145: Skill in Integrating and Applying Policies That Meet System Security Objectives
Creating Policies in Operating Systems
Creating Policies in Firewalls
Creating Policies in Switches and Routers
Creating Policies in DBMS
Creating Policies in Web Servers
S0146: Skill in Creating Policies That Enable Systems to Meet Performance Objectives (e.g., Traffic Routing, SLAs, CPU Specifications)
Amazon Route 53
A0034: Ability to Develop, Update, and/or Maintain Standard Operating Procedures (SOPs)
References
Chapter 9: Cyber Threat Analysis
K0426: Knowledge of Dynamic and Deliberate Targeting
Deliberate Targets
Dynamic Targets
K0430: Knowledge of Evasion Strategies and Techniques
IDS/IPS Evasion
Sandbox Evasion
Domain Generation Algorithms (DGAs)
K0453: Knowledge of Indications and Warning
Cyber Threat Indications and Warning
K0469: Knowledge of Internal Tactics to Anticipate and/or Emulate Threat Capabilities and Actions
Threat Emulation and Sandboxing
MITRE Adversary Emulation Plans
K0474: Knowledge of Key Cyber Threat Actors and their Equities
Cybercriminals
Cyber Activists
Nation States
K0533: Knowledge of Specific Target Identifiers and their Usage
K0536: Knowledge of Structure, Approach, and Strategy of Exploitation Tools (e.g., Sniffers, Keyloggers) and Techniques (e.g., Gaining Backdoor Access, Collecting/Exfiltrating Data, Conducting Vulnerability Analysis of Other Systems in the Network)
Exploitation Tools
Traffic Sniffers
Keyloggers
Exploitation Techniques
Software Exploitation Techniques
Vulnerability Type
Local or Remote Software Exploits
Windows Exploitation Techniques
Linux Exploitation Techniques
Cisco OS Exploitation Techniques
Apple iOS Exploitation Techniques
Android Exploitation Techniques
K0540: Knowledge of Target Communication Tools and Techniques
Centralized Communication
P2P Communication
Covert or Anonymous Communication
K0546: Knowledge of Target List Development (i.e., RTL, JTL, CTL, etc.)
Cyber Target Template
Cyber Target Development
K0548: Knowledge of Target or Threat Cyber Actors and Procedures
Cyber Attribution
K0549: Knowledge of Target Vetting and Validation Procedures
K0551: Knowledge of Targeting Cycles
D3A Targeting Framework
F3EAD Targeting Cycle
Joint Targeting Cycles
K0603: Knowledge of the Ways in which Targets or Threats Use the Internet
Communication
Malware Deployment
Information Gathering or Intelligence
K0612: Knowledge of What Constitutes a “Threat” to a Network
Subjectivity
Priority or Importance
Evolution and Dynamics
The Environment
OWASP Top 10
S0022: Skill in Designing Countermeasures to Identified Security Risks
S0044: Skill in Mimicking Threat Behaviors
S0052: Skill in the Use of Social Engineering Techniques
Social Engineering Techniques for Cyber Operations and Vulnerability Assessment
S0109: Skill in Identifying Hidden Patterns or Relationships
References
Chapter 10: Cybersecurity Management
K0147: Knowledge of Emerging Security Issues, Risks, and Vulnerabilities
IoT Security Issues
Cryptocurrency, Bitcoin, Blockchain, and Security
Security in the Cloud
Security in Online Social Networks
Smartphones and Security
K0173: Knowledge of Operations Security
K0242: Knowledge of Organizational Security Policies
K0502: Knowledge of Organization Decision Support Tools and/or Methods
References
Chapter 11: Forensics Analysis
K0017: Knowledge of Concepts and Practices of Processing Digital Forensic Data
Digital Forensic Process
Image Acquisition
K0118: Knowledge of Processes for Seizing and Preserving Digital Evidence (e.g., Chain of Custody)
Probable Cause
Documentation and Labeling
Seizure of Memory or Any Volatile Data
K0119: Knowledge of Hacking Methodologies in Windows or Unix/Linux Environment
Windows Hacking
Hacking Windows Registry and SAM
Internet Explorer
Windows Operating Systems
.NET Framework
Pandemic and Grasshopper
Linux Hacking
K0133: Knowledge of Types of Digital Forensic Data and how to Recognize them
Disks Forensics
Deleted Data
Hidden Data
Slack Spaces
Memory Forensic Artifacts
Operating System Logs
Internet Forensic Data
Email Clients and Servers
K0134: Knowledge of Deployable Forensics
NFSTC Deployable Forensics
Deployable Configurations
K0184: Knowledge of Anti-forensics Tactics, Techniques, and Procedures
Anti-forensics’ Goals
Anti-forensics’ Methods
K0185: Knowledge of Common Forensic Tool Configuration and Support Applications (e.g., VMware, Wireshark)
Network Forensics
K0268: Knowledge of Forensics Footprint Identification
Malware Footprinting
K0433: Knowledge of Forensics Implications of Operating System Structure and Operations
Alternate Data Stream: ADS
Forensic Investigations in MAC Operating Systems
K0449: Knowledge of how to Extract, Analyze, and Use Metadata
Common Sources of Metadata
Examples of Metadata
Disk Acquisition Formats and Metadata
K0573: Knowledge of the Fundamentals of Digital Forensics in Order to Extract Actionable Intelligence
Actionable Forensic Intelligence
S0047: Skill in Preserving Evidence Integrity According to Standard Operating Procedures or National Standards
Follow Current Standards, Guidelines, and Laws
Hashing
Write Blockers
Antistatic Bags
Memory Dumps
S0065: Skill in Identifying and Extracting Data of Forensic Interest in Diverse Media (i.e., Media Forensics)
Disk Forensic Tools
Disk Forensics
Foremost and File Carving
S0069: Skill in Setting up a Forensic Workstation
S0071: Skill in Using Forensic Tool Suites (e.g., EnCase, Sleuthkit, FTK)
A Sample Usage of Sleuthkit Autopsy Tool
S0075: Skill in Conducting Forensic Analyses in Multiple Operating System Environments (e.g., Mobile Device Systems)
Using Santoku: https://santoku-linux.com
Forensics Analysis S0087: Skill in Deep Analysis of Captured Malicious Code (e.g., Malware Forensics)
S0088: Skill in Using Binary Analysis Tools (e.g., Hexedit, Command Code xxd, Hexdump)
S0120: Skill in Reviewing Logs to Identify Evidence of Past Intrusions
S0175: Skill in Performing Root Cause Analysis
A0010: Ability to Analyze Malware
Demo the Usage of NSRL Public Hash Database
A0043: Ability to Conduct Forensic Analyses in and for both Windows and Unix/Linux Environments
References
Chapter 12: Identity Management
Identity Management
Single Sign-on (SSO)
Session Time-Out
Kerberos
Digital Certificates
K0007: Knowledge of Authentication, Authorization, and Access Control Methods
Access Controls in Operating and File Systems
Access Controls in File Systems
Access Controls in Database Management Systems
Access Controls in Websites and Web Applications
RBAC (Role-Based Access Control)
OBAC (Object-Based Access Control)
K0033: Knowledge of Host/Network Access Control Mechanisms (e.g., Access Control List)
Access Control in Distributed and Operating Systems
Access Controls in Firewalls
Access Controls in Switches
Access Controls in Routers
Access Controls in IDS/IPS
References
Chapter 13: Incident Response
K0041: Knowledge of Incident Categories, Incident Responses, and Timelines for Responses
K0042: Knowledge of Incident Response and Handling Methodologies
K0145: Knowledge of Security Event Correlation Tools
Security Information and Event Management (SIEM)
K0150: Knowledge of Enterprise Incident Response Program, Roles, and Responsibilities
National Computer Security Incident Response Programs
K0193: Knowledge of Advanced Data Remediation Security Features in Databases
K0230: Knowledge of Cloud Service Models and Possible Limitations for an Incident Response
K0317: Knowledge of Procedures Used for Documenting and Querying Reported Incidents, Problems, and Events
Security Incident Reporting Procedures
K0381: Knowledge of Collateral Damage and Estimating Impact(s)
S0054: Skill in Using Incident Handling Methodologies
S0080: Skill in Performing Damage Assessments
S0098: Skill in Detecting Host- and Network-Based Intrusions Via Intrusion Detection Technologies
S0173: Skill in Using Security Event Correlation Tools
A0025: Ability to Accurately Define Incidents, Problems, and Events in the Trouble Ticketing System
References
Chapter 14: Collection Operations
K0371: Knowledge of Intelligence Collection Development Processes (e.g., Dialed Number Recognition, Social Network Analysis)
Social Media Bots
K0557: Knowledge of Terminal or Environmental Collection (Process, Objectives, Organization, Targets, etc.)
References
Chapter 15: Computer Network Defense
K0405: Knowledge of Current Computer-Based Intrusion Sets
Related Definitions
K0440: Knowledge of Host-Based Security Products and How Those Products Affect Exploitation and Reduce Vulnerability
K0493: Knowledge of Obfuscation Techniques (e.g., TOR/Onion/Anonymizers, VPN/VPS, Encryption)
K0507: Knowledge of Organization or Partner Exploitation of Digital Networks
K0472: Knowledge of Intrusion Detection Systems and Signature Development
References
Chapter 16: Data Analysis
K0356: Knowledge of Analytic Tools and Techniques for Language, Voice, and/or Graphic Material
K0056: Knowledge of Network Access, Identity, and Access Management (e.g., Public)
Key Infrastructure, Oauth, OpenID, SAML, SPML)
Access Control Models
ISO 27001
NIST SP 800–53
Authentication Protocols or Standards (OWASP 2017)
K0229: Knowledge of Applications that Can Log Errors, Exceptions, and Application Faults and Logging
Windows Registry
Event Viewers
Web Logs
References
Chapter 17: Threat Analysis
K0177: Knowledge of Cyberattack Stages (e.g., Reconnaissance, Scanning, Enumeration, Gaining Access, Escalation of Privileges, Maintaining Access, Network Exploitation, Covering Tracks)
K0362: Knowledge of Attack Methods and Techniques (DDoS, Brute Force, Spoofing, Etc.)
K0479: Knowledge of Malware Analysis and Characteristics
Chapter 18: Vulnerability Assessment
K0005: Knowledge of Cyber Threats and Vulnerabilities
K0006: Knowledge of Specific Operational Impacts of Cybersecurity Lapses
K0392: Knowledge of Common Computer/Network Infections (Virus, Trojan, etc.) and Methods of Infection (Ports, Attachments, etc.)
Ransomware
Worms
Types of Computer Worms
Trojan Horses
Types of Computer Trojan Horses (Goertzel 2009)
Internet Bots
K0402: Knowledge of Criticality and Vulnerability Factors (e.g., Value, Recuperation, Cushion, Countermeasures) for Target Selection and Applicability to the Cyber Domain
References
Index
