Unlock the full potential of your projects.
Show full map
Copy and edit map Copy

Random Security Information

Lawrence Pingree
Get Started. It's Free
or sign up with your email address
Similar Mind Maps Mind Map Outline
Random Security Information by Mind Map: Random Security Information

1. Compliance Mandates

1.1. PCI

1.1.1. WorldWide

1.1.1.1. BT

1.1.1.2. Dell Secureworks

1.1.1.3. Deloitte and Touche

1.1.1.4. EY

1.1.1.5. PWC

1.1.1.6. Wipro

1.1.2. Regional

1.1.2.1. North America

1.1.2.1.1. West Coast

1.1.2.1.2. Midwest

1.1.2.1.3. East Coast

1.1.2.2. Latin America

1.1.2.2.1. Ernst and Young

1.1.2.2.2. Deloitte

1.1.2.2.3. PWC

1.1.2.2.4. KPMG

1.1.2.3. EMEA

1.1.2.3.1. Deloitte

1.1.2.3.2. Ernst and Young

1.1.2.3.3. K2 Intelligence

1.1.2.3.4. KPMG

1.1.2.3.5. PWC

1.1.2.4. Asia Pacific

1.1.2.4.1. Ernst and Young

1.1.2.4.2. Deloitte

1.1.2.4.3. PWC

1.1.2.4.4. KPMG

1.2. ISO

1.3. HITECH

1.4. HIPAA

2. Detection Methods

2.1. File Analysis

2.1.1. Computed Hash

2.1.1.1. Uniqueness

2.1.1.2. Prevelance

2.1.1.2.1. How many of these files exist on systems in visible domain

2.1.1.3. Known Good Universe (Whitelist)

2.1.1.4. Known Bad Universe (Blacklist)

2.1.2. Metadata Attributes

2.1.2.1. Temporal Analysis

2.1.2.1.1. Passage of time since creation

2.1.2.2. Temporal Analysis with Prevalence

2.1.2.2.1. How many users and how much time has taken place.

2.1.2.3. Time/Date

2.1.2.4. Certificate and Signature Evaluation (PKI)

2.1.2.5. Owner/Creator

2.1.3. Content Analysis

2.1.3.1. Binary File Headers

2.1.3.2. Packing Method

2.1.3.2.1. Multi-packing Analysis

2.1.3.3. File Content Inspection

2.2. Network Specific

2.2.1. Protocol/File/Session Decode & Analysis

2.2.1.1. File Extraction

2.2.1.2. Playback (Surveillance)

2.2.1.3. File/Session Viewing

2.2.1.4. Correlation

2.2.1.5. Machine Learning (AI)

2.2.1.5.1. Classification, Correlation , Deviance from Baselines (Heuristics)

2.2.2. Network Flow Analysis

2.2.2.1. Machine Learning (AI)

2.2.2.1.1. Classification, Correlation , Deviance from Baselines (Heuristics)

2.2.3. Application Layer Analysis

2.2.3.1. Classification, Correlation , Deviance from Baselines (Heuristics)

2.2.3.2. Deep Packet Inspection (DPI)

2.2.3.2.1. Application Identification

2.2.3.3. Application Command and Input Analysis

2.2.3.3.1. Normalized session inspection using regular expressions (REGEX)

2.2.4. IP Layer Analysis

2.2.4.1. TCP/UDP Ports

2.2.4.1.1. Source and Destination Analysis

2.2.4.2. IP Address

2.2.4.2.1. Source and Destination Analysis

2.3. Malware Behavioral Evaluations

2.3.1. Persistence

2.3.1.1. Installs as System Service

2.3.1.2. Installs Registry Keys in Startup locations

2.3.1.3. Modifies filesystem in specific locations

2.3.2. Suspicious Behaviors Evaluated

2.3.2.1. Attempts to login to systems that a specific user credential is not normally used on

2.3.2.2. Becomes another user on the system

2.3.2.3. CPU of Processes Spawned is high

2.3.2.4. Connects with a known bad URL or IP Address

2.3.2.5. Escalates privileges

2.3.2.6. Examines the Documents Folder or User Document Folders

2.3.2.7. File Isn't widely prevalent in user population

2.3.2.8. Injects data into memory of another running process

2.3.2.9. Modifies memory of another process

2.3.2.10. Opens TCP/IP Connections to other hosts

2.3.2.11. Performs a network port sweep

2.3.2.12. Process executes net use DOS command inside command.exe

2.3.2.13. Process spawns command.exe

2.3.2.14. Removes logs/events of application logs or operating system

2.3.2.15. Self Delete of files

2.3.2.16. Self-copy of files

2.3.2.17. Starts to repeatedly call the crypt function (ransom sign)

2.3.2.18. Time of execution is not normal in context of historical analysis

2.4. User

2.4.1. Activity on system when user's employment is in termination status

2.4.2. Deviates from past user behavior

2.4.3. Device not historically associated to user

2.4.4. Login time anamoly

2.4.5. Login time outside user's home timezone

2.4.6. Privileged data accessed

2.4.6.1. Volumetric analysis

2.4.6.2. Deviation from baseline

2.4.6.3. Cut-paste function used

2.4.7. Remote access and time of day abnormal from baselines

2.4.8. User authentication failure

2.4.9. User's browser or viewer is not the same as the baseline

2.4.10. User is logging into system remotely and locally simultaneously

2.4.11. User is logging into system remotely  (not expected)

2.4.12. User is logging into system remotely at an abnormal time

2.4.13. User is abnormally leveraging applications that are administrative in nature (Control Panel, Command.exe, Group Policy Editor, etc)