1/44
A comprehensive set of vocabulary flashcards for the CPTIA exam, covering threat intelligence models, the intelligence cycle, collection methods, and legal/ethical frameworks in the UK.
Name | Mastery | Learn | Test | Matching | Spaced | Call with Kai | Chat |
|---|
No analytics yet
Send a link to your students to track their progress
Risk Formula
Risk=Threat×Vulnerability or Risk=Threat×Vulnerability×Impact
Threat Formula
Threat=Intent×Capability
Vulnerability
A weakness that can be exploited by an attacker.
Exploit
The specific code or method used to leverage a vulnerability.
Threat Vector
The path an attacker uses to reach a target, such as email, USB, or the web.
Data
Raw facts in large volumes, such as IP addresses or logs, that have low value on their own.
Information
Data that has been collated into a useful output, such as logs showing a specific spike in activity.
Intelligence
Analyzed information that supports decision-making processes.
Reconnaissance
The first step of the Cyber Kill Chain involving research and selection of targets.
Weaponization
The second step of the Cyber Kill Chain where malware is paired with an exploit into a payload on the attacker side.
Delivery
The third step of the Cyber Kill Chain and the earliest step a victim can defend against; involves sending the weapon via email, website, or USB.
Exploitation
The fourth step of the Cyber Kill Chain where the code triggers and leverages the vulnerability.
Installation
The fifth step of the Cyber Kill Chain where a backdoor is installed for persistence.
Command & Control (C2)
The sixth step of the Cyber Kill Chain where the attacker gains hands-on-keyboard access.
Actions on Objectives
The final step of the Cyber Kill Chain involving exfiltration, encryption, or destruction of data.
Objective (CROSSCAT)
The principle of intelligence where the analyst removes cognitive bias.
Planning and Direction
The first phase of the CREST Intelligence Cycle where Intelligence Requirements (IRs) and Priority Intelligence Requirements (PIRs) are defined.
Collection
The second phase of the CREST Intelligence Cycle where data is gathered from sources and where HUMINT occurs.
Processing and Analysis
The third phase of the CREST Intelligence Cycle where data is collated, fused, and analyzed; it is the stage where bias primarily enters.
Dissemination
The fourth phase of the CREST Intelligence Cycle where intelligence is delivered in the correct format to the consumer.
F3EAD
A military alternative intelligence cycle standing for Find, Fix, Finish, Exploit, Analyze, and Disseminate.
Strategic CTI
Intelligence focused on 'who and why' for senior decision makers, delivered in plain language regarding business risk.
Operational CTI
Intelligence focused on 'how and where' for network defenders regarding impending attacks.
Tactical CTI
Intelligence focused on 'what' (TTPs and IOCs) for the SOC and signature-based systems.
Hacktivists
Threat actors motivated by political or social causes, such as the group Anonymous.
Script Kiddies / Opportunists
Threat actors with the lowest capability, high frequency, and low skill, motivated by notoriety or fun.
Nation States
Threat actors with the largest resources, primarily motivated by espionage and disruption.
Diamond Model
An analytic model for intrusion analysis consisting of four vertices: Adversary, Capability, Infrastructure, and Victim.
MOSCOW
A prioritization framework standing for Must have, Should have, Could have, and Won't have.
Intelligence Gap
The difference between what is currently known and what is needed to answer an Intelligence Requirement.
Collection Plan
A bridge between Direction and Collection that turns IRs/PIRs into tasks with sources, agencies, and timescales.
Collection Worksheet
A record of actual collection activities (sources checked, search terms, dates) used to bridge Collection to Analysis.
5x5x5 Grading
A system used to grade Source reliability (A-E), Intelligence credibility (1-5), and Handling instructions (1-5).
WHOIS
A source for registrar and registrant contact details, delivered in an unstructured, human-readable format.
TAILS
The Amnesic Incognito Live System; a live OS that routes all traffic through Tor and leaves no trace on the machine.
Analysis of Competing Hypotheses (ACH)
The best structured analytical method used to remove cognitive bias.
Likelihood Yardstick (Almost Certain)
A probability assessment reflecting a value of approximately 95%+ or 0.95.
STIX
Structured Threat Information Expression; a machine-readable language for describing threat intelligence (v1 is XML, v2 is JSON).
TAXII
Trusted Automated eXchange of Indicator Information; the HTTPS-based RESTful API transport for sharing STIX data.
CybOX
Cyber Observable eXpression; a schema used to describe observables, merged into STIX 2.
Computer Misuse Act 1990
The UK law governing unauthorized access, data interference, and malware (hacking).
RIPA 2000
The Regulation of Investigatory Powers Act; governs surveillance, interception by public bodies, and Covert Human Intelligence Sources (CHIS).
GPMS
The Government Protective Marking Scheme, currently consisting of three tiers: OFFICIAL, SECRET, and TOP SECRET.
CVE
Common Vulnerabilities and Exposures; a list of publicly disclosed cybersecurity vulnerabilities maintained by MITRE.
CVSS
Common Vulnerability Scoring System; a numerical score used to reflect the severity of a vulnerability.