When guarding against threats and vulnerabilities, it is important to understand the various sources of threat and how to leverage intelligence sources to mitigate them. In this course, you'll learn about threat actors and threat vectors, attributes of threat actors and agents, threat intelligence sources such as OSINT and the dark web, and various research sources. Then, you'll move on to examine different types of vulnerabilities, including cloud-based and on-premises, zero-day, weak configurations, third-party risks, improper patch management, and legacy platforms. Finally, you'll examine various impacts such as data loss and data breach, as you prepare for the CompTIA Security+ SY0-601 certification exam.
describe threats and threat actors like privileged insiders, state actors, hacktivists, script kiddies, and criminal syndicates
define the attributes of actors such as internal, external, sophistication, capability, resources, funding, intent, and motivation
compare threat vectors as in direct access, wireless, e-mail, supply chain, social media, removable media, and cloud-based
survey intelligence sources like OSINT, proprietary, vulnerability databases, public or private information, sharing centers, and the dark web
describe research sources as in vendor web sites, vulnerability feeds, conferences, academic journals, and request for comments
compare cloud-based vs. on-premise vulnerabilities
describe zero-day vulnerabilities as in computer-software threats that are unknown to, or unaddressed by, those who should be interested in mitigating the vulnerability, including the vendor of the target software
survey weak configurations such as open permissions, unsecured root accounts, errors, weak encryption, and unsecure protocols
define third-party risks including partner or vendor management, system integration, lack of vendor support, supply chain risk, and outsourced code development
describe improper patch management for firmware, operating systems, and applications
recognize legacy platforms and varied impacts like data leakage and loss, data breaches, data exfiltration, and identity theft