Unlocking Ethical Hacking: Protecting Digital Assets (CEH Module 1 Mind Map)

1
learntorise
2
THREAT INTELLIGENCE LIFECYCLE
Define intelligence requirements Make a
collection plan Example Deciding to focus on
phishing threats and planning data collection
accordingly Collect required data to satisfy
intelligence goals SourcesOSINT (open-source
intelligence), HUMINT
Planning and Direction
Collection
(human intelligence), IMINT (imagery
intelligence), MASINT (measurement and signature
intelligence) Example Gathering data from online
forums and dark web sources about potential
phishing campaigns Process raw data for
exploitation
CEH MODULE 1
Processing and Exploitation
Convert data into a usable format for analysis
Example Filtering and organizing collected data
into categories like email addresses, IP
addresses, etc. Combine information from the
collection phase into a single entity Include
facts, findings, and forecasts Ensure analysis is
objective, timely, accurate, and
actionable Example Analyzing data to identify
trends and predict future phishing
attacks Deliver intelligence to the intended
consumers at different levels Types Strategic
(high-level business strategies), Tactical
(TTPs), Operational (specific threats), Technical
(IOCs) Example Sharing analysis results with IT
teams to improve email filtering systems and with
executives for strategic planning
Analysis and Production
Dissemination and Integration
www.infosectrain.com
3
THREAT MODELING PROCESS
Determine effort needed for subsequent steps
Identify Security Objectives
Example Ensuring that customer data privacy is a
top priority
Identify components, data flows, and trust
boundaries
CEH MODULE 1
Application Overview
Example Mapping out how user data moves through
an e-commerce website
Find relevant and detailed threats Decompose the
Application Example Breaking down the login
process to identify potential attack
points Identify threats relevant to the control
scenario and context
Identify Threats
ExampleRecognizing that a weak password policy
could lead to unauthorized access
Identify weaknesses related to threats using
vulnerability categories Example Finding that
the application is susceptible to SQL injection
attacks
Identify Vulnerabilities
www.infosectrain.com
4
INCIDENT MANAGEMENT
Managing and addressing system vulnerabilities Vul
nerability Handling Example Patching software to
fix security weaknesses Managing and analyzing
artifacts from incidents
CEH MODULE 1
Artifact Handling
Example Analyzing malware samples to understand
the threat
Communicating important updates and
information Announcements Example Notifying
staff about a security and actions taken Issuing
warnings about potential or ongoing
incidents Alerts Example Sending alerts about
detected phishing attempts
www.infosectrain.com
5
INCIDENT MANAGEMENT
Prioritizing and categorizing incidents Triage Exa
mple Assessing the severity of a detected
intrusion Identifying and documenting incidents
Reporting and Detection
CEH MODULE 1
Example Logging detected anomalies in a security
incident report
Incident Handling
Taking actions to mitigate and resolve incidents
Incident Response
Example Isolating affected systems to prevent
further damage Investigating incidents to
understand their cause and impact
Analysis Example Analyzing log files to trace
the source of a breach
Additional services related to incident management
Other Incident Management Services
Example Providing post-incident recovery support
www.infosectrain.com
6
INCIDENT HANDLING AND RESPONSE
Establishing procedures and training for incident
response Preparation Example Conducting regular
drills for data breach scenarios
CEH MODULE 1
Documenting the incident and assigning tasks to
the response team
Incident Recording and Assignment
Example Logging a detected intrusion and
assigning a team to investigate
Prioritizing incidents based on severity and
impact Incident Triage Example Focusing on a
ransomware attack over a minor phishing
attempt Informing relevant stakeholders about
the incident Notification Example Alerting IT
staff and executives about a major security breach
www.infosectrain.com
7
INCIDENTDEHFAENNDSLEI-NING-ADNEPDTRHESPONSE
Isolating affected systems to prevent further
damage Containment Example Example
Disconnecting compromised servers from the network
Collecting data and analyzing the incident to
understand its cause
Evidence Gathering and Forensic Analysis
CEH MODULE 1
Example Example Examining log files and malware
samples to trace the attack

• Removing the root cause of the incident
• Eradication
• Example Example Deleting malware and closing
  exploited vulnerabilities
• Restoring systems and services to normal
  operation
• Recovery

Example Rebuilding and securing affected
servers Documenting the incident, assessing its
impact, and revising policies
Post-Incident Activities
Example Writing a report on the incident and
updating security protocols
www.infosectrain.com
8
FOUND THIS USEFUL?
To Get More Insights
Through Our FREE
Courses Workshops eBooks Checklists Mock
Tests
LIKE
FOLLOW
SHARE