Unit 1: Security Intelligence Foundations

In this explanation, we will cover key terms and vocabulary related to Unit 1: Security Intelligence Foundations in the Professional Certificate in Security Intelligence. The terms are organized into the following categories: Security Intelligence, Intelligence Cycle, Threat Intelligence, and Security Data Analytics.

Security Intelligence

Security Intelligence is the collection, analysis, and use of information to protect an organization's information, assets, and people from threats and risks. Security Intelligence helps organizations identify, detect, and respond to cyber threats by providing real-time insights and context to security events.

Intelligence Cycle

The Intelligence Cycle is a structured process used to collect, analyze, and disseminate intelligence information. The cycle includes the following stages: planning and direction, collection, processing, analysis, and dissemination.

Planning and Direction defines the intelligence requirements, objectives, and priorities. Collection involves gathering data from various sources, including open-source intelligence (OSINT), human intelligence (HUMINT), signals intelligence (SIGINT), and geospatial intelligence (GEOINT). Processing involves transforming raw data into usable information. Analysis is the examination of information to identify patterns, trends, and insights. Dissemination is the sharing of intelligence with stakeholders.

Threat Intelligence

Threat Intelligence is the information used to understand the risks and threats facing an organization. Threat Intelligence includes data on threat actors, their tactics, techniques, and procedures (TTPs), as well as information on vulnerabilities and exploits.

Threat actors are individuals or groups that pose a threat to an organization. Threat actors can include hackers, cybercriminals, insiders, and nation-states. TTPs are the methods used by threat actors to carry out attacks. Vulnerabilities are weaknesses in an organization's systems or applications that can be exploited by threat actors. Exploits are the tools or techniques used to exploit vulnerabilities.

Security Data Analytics

Security Data Analytics is the process of using data to identify and respond to security threats. Security Data Analytics involves collecting and analyzing data from various sources, including network devices, endpoint devices, and security tools.

Network devices include switches, routers, and firewalls. Endpoint devices include laptops, desktops, and mobile devices. Security tools include intrusion detection systems (IDS), intrusion prevention systems (IPS), and security information and event management (SIEM) systems.

Data Sources

Data sources are the places where data is collected for Security Data Analytics. Data sources can include:

Log files are text files that contain information about system events, such as login attempts, network connections, and file access.

Network traffic data is information about the data flowing through a network, including source and destination IP addresses, ports, and protocols.

Endpoint data is information about the devices connected to a network, including operating system, software, and hardware information.

Security devices are devices that monitor and protect a network, including firewalls, intrusion detection systems (IDS), and intrusion prevention systems (IPS).

Data Collection

Data collection is the process of gathering data from various sources for Security Data Analytics. Data collection can include:

Passive data collection is the process of collecting data without actively interacting with the data source. Passive data collection can include collecting log files, network traffic data, and endpoint data.

Active data collection is the process of collecting data by actively interacting with the data source. Active data collection can include running scans, queries, and probes.

Data Analysis

Data analysis is the process of examining data to identify patterns, trends, and insights for Security Data Analytics. Data analysis can include:

Descriptive analysis is the process of summarizing data to describe what has happened. Descriptive analysis can include calculating averages, totals, and percentages.

Diagnostic analysis is the process of identifying the root cause of a problem. Diagnostic analysis can include drilling down into data to identify trends and anomalies.

Predictive analysis is the process of using data to predict future events. Predictive analysis can include using machine learning algorithms to identify patterns and trends.

Prescriptive analysis is the process of using data to recommend actions. Prescriptive analysis can include using artificial intelligence to suggest actions based on data patterns and trends.

Data Visualization

Data visualization is the process of representing data in a visual format for Security Data Analytics. Data visualization can include:

Charts are graphical representations of data, such as bar charts, line charts, and pie charts.

Maps are graphical representations of geographical data, such as heat maps and geographical information system (GIS) maps.

Dashboards are graphical interfaces that provide a real-time view of data, including charts, maps, and tables.

Data Integration

Data integration is the process of combining data from various sources for Security Data Analytics. Data integration can include:

Data fusion is the process of combining data from multiple sources to create a single, integrated view of the data.

Data correlation is the process of identifying relationships between data from different sources.

Data normalization is the process of transforming data from different sources into a consistent format.

Data Quality

Data quality is the degree to which data is accurate, complete, and consistent for Security Data Analytics. Data quality can include:

Data accuracy is the degree to which data is correct and free from errors.

Data completeness is the degree to which data is complete and includes all relevant information.

Data consistency is the degree to which data is consistent and follows a standard format.

Data Governance

Data governance is the process of managing data for Security Data Analytics. Data governance can include:

Data policies are rules and guidelines for managing data.

Data standards are the formats and structures used to store and manage data.

Data stewardship is the process of assigning roles and responsibilities for managing data.

Data Privacy

Data privacy is the protection of personal information for Security Data Analytics. Data privacy can include:

Data protection is the process of securing data from unauthorized access or use.

Data anonymization is the process of removing personal information from data.

Data pseudonymization is the process of replacing personal information with a pseudonym.

Data Security

Data security is the protection of data from unauthorized access or use for Security Data Analytics. Data security can include:

Data encryption is the process of converting data into a code to prevent unauthorized access.

Data access controls are the policies and procedures used to control who can access data.

Data backup and recovery are the processes used to protect data from loss or damage.

Data Management

Data management is the process of collecting, storing, organizing, and maintaining data for Security Data Analytics. Data management can include:

Data warehousing is the process of storing data in a central location for analysis.

Data mining is the process of extracting information from data.

Data cleansing is the process of removing errors and inconsistencies from data.

Data Analytics

Data analytics is the process of analyzing data to identify patterns, trends, and insights for Security Data Analytics. Data analytics can include:

Descriptive analytics is the process of summarizing data to describe what has happened.

Diagnostic analytics is the process of identifying the root cause of a problem.

Predictive analytics is the process of using data to predict future