cmsc 426 final lecture 12

policy?

Formal rules and guidelines. Can be organizational, state, national, or international.

examples of cyber policies?

Security plans, laws, frameworks (like NIST), treaties (e.g., Budapest Convention).

Why is policy hard?

Balancing security, privacy, usability, and compliance is tricky.

What are common policy trade-offs?

Security vs. privacy, centralization vs. federation.

intelligence in cybersecurity?

Collecting and analyzing info to understand threats (Cyber Threat Intelligence).

Why is Cyber Threat Intelligence (CTI) important?

Helps make decisions, update policies, and defend systems proactively.

What are the stages of the CTI lifecycle?

• Direction

• Collection

• Enrichment

• Analysis

• Dissemination

• Feedback

Indicators of Compromise (IOCs)?

Clues left behind in attacks: IPs, file hashes, domains, emails, wallets.

Tactics, Techniques, and Procedures (TTPs)?

A hacker’s habits—what they do, how, and who they target.

attribution in cyberattacks?

Figuring out who did it using IOCs/TTPs. Hard due to fake clues (“false flags”).

Why share threat intelligence?

Stronger together—sharing helps defend everyone against threats.

. What is modeling in cybersecurity?

Finding threats and weaknesses using STRIDE, PASTA, or MITRE ATT&CK.