Glossary

  • CTI - Cyber Threat Intelligence
    • a nice definition https://www.cisecurity.org/blog/what-is-cyber-threat-intelligence/ excerpt below:
    • In cyber threat intelligence, analysis often hinges on the triad of actors, intent, and capability, with consideration given to their tactics, techniques, and procedures (TTPs), motivations, and access to the intended targets. By studying this triad it is often possible to make informed, forward-leaning strategic, operational, and tactical assessments.
      • Strategic intelligence assesses disparate bits of information to form integrated views. It informs decision and policy makers on broad or long-term issues and/or provides a timely warning of threats. Strategic cyber threat intelligence forms an overall picture of the intent and capabilities of malicious cyber threats, including the actors, tools, and TTPs, through the identification of trends, patterns, and emerging threats and risks, in order to inform decision and policy makers or to provide timely warnings.
      • Operational intelligence assesses specific, potential incidents related to events, investigations, and/or activities, and provides insights that can guide and support response operations. Operational or technical cyber threat intelligence provides highly specialized, technically-focused, intelligence to guide and support the response to specific incidents; such intelligence is often related to campaigns, malware, and/or tools, and may come in the form of forensic reports.
      • Tactical intelligence assesses real-time events, investigations, and/or activities, and provides day-to-day operational support. Tactical cyber threat intelligence provides support for day-to-day operations and events, such as the development of signatures and indicators of compromise (IOC). It often involves limited application of traditional intelligence analysis techniques.
  • Dark Web
    • The web of generally unindexed, often temporal data that may be stolen, or related to criminal activity.
  • Deep Web
    • The majority of the data on the web is considered deep web. It's the web that is partitioned from public view through credentialed access, which may be subscription or identity based. Your email, social network, and any data that requires a subscription or credential are all considered Deep Web.
  • Public Web
    • The generally indexed (by Google, Bing, Yahoo for example) web that is freely available on the internet. The public web doesn't require anything more than an internet connection to access, although it may be limited by firewalls or policies imposed by connection providers, regulators, or supervisors (The Great Firewall, Corporate Gateways, etc...)