From the course: CompTIA Security+ (SY0-601) Cert Prep: 9 Operations and Incident Response
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Diamond Model of Intrusion Analysis
From the course: CompTIA Security+ (SY0-601) Cert Prep: 9 Operations and Incident Response
Diamond Model of Intrusion Analysis
- [Instructor] The Diamond Model of intrusion analysis provides us with an analytical framework for understanding intrusion events. The model is a very helpful tool to guide the work of intrusion analysis, ensuring that you've gathered all of the relevant information and thought about it from different angles. In the Diamond Model, intrusion events have four core features. The adversary is the person or group that's trying to compromise your information or information systems, in an effort to achieve their own objectives. The adversary could be an external threat, such as a nation state or a hacking group, or it could be an internal threat, such as a malicious insider. The victim is the organization targeted by an attack. The victim might be described as a broad organization or a specific system depending upon the nature of the intrusion event. Now, the adversary has capabilities that they use to engage in an attack.…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.