Security+ SY0-601 Notes and Resources

Documentation for Sec+ SY0-601 learning materials and notes.

Back to Home | Back to Domain One

Subdomain 1.5

Explain different threat actors, vectors, and intelligence sources.

Terms: 44

Actors and threats

An actor is an entity that performs actions on a system or network. Actors can be a human or non-human, such as a software program or a bot. Actors can perform a threat, which is defined as a possible danger that can exploit a vulnerability to breach the security of a system and cause harm.

Advanced Persistent Threat (APT)

Insider threats

State actors

Hacktivists

Script kiddies
Criminal Syndicates

Hackers

An individual who exploits vulnerabilities in computer systems, networks, or firewalls to gain unauthorized access. It is important to note that there are different types of hacking.

Authorized
Unauthorized
Semi-authorized
Shadow IT
Competitors

Attributes of actors

Some attributes that distinguish the different types of threat actors include their level of sophistication, resources, motivation, funding, among others.

Internal/external
Level of sophistication/capability
Resources/funding
Intent/motivation

Vectors

Refer to the methods that attackers use to gain unauthorized access to a computer system or network. Can be classified into various categories such as direct access, wireless, email, supply chain, and many others.

Direct access
Wireless
Email
Supply chain
Social media
Removable media
Cloud

Threat intelligence sources

Are a crucial component of cybersecurity. They provide information about potential threats and vulnerabilities that can be used to prevent attacks.

Open-source intelligence (OSINT)
Closed/proprietary
Vulnerability databases
Public/private information-sharing centers
Dark web
Indicators of compromise
Automated Indicator Sharing (AIS)
Structured Threat Information eXpression (STIX)

Trusted Automated eXchange of Intelligence Information (TAXII)
Predictive analysis
Threat maps
File/code repositories

Research sources

Researching and understanding potential threats is an ongoing part of any security professional’s job. There are several sources that can be used to gather information about potential threats including vendor websites, vulnerability feeds, academic journals and RFCs.

Vendor websites
Vulnerability feeds

Conferences
Academic journals

Request for comments (RFC)
Local industry groups

Social media
Threat feeds
Adversary tactics, techniques, and procedures (TTP)

Demonstrate Your Understanding

Back to Top | Study in a New Tab

Click or tap on ‘Choose a Study Mode’ to switch between flash cards, match, learn, test and more.