在網絡安全領域，安全域（Security Domains）是指不同的安全範疇或領域，
每個領域都專注於保護資訊資產的某一特定方面。
以下是一些主要的網絡安全安全域：

CISSP's 8 security domain

1. 資訊安全治理與風險管理 security and risk management ：

   • defining security goals and objectives
   • risk mitigation
   • business continuity
   • compliance and
   • the law.
     For example, security analysts may need to update company policies related to private health information if a change is made to a federal compliance regulation such as the Health Insurance Portability and Accountability Act, also known as HIPAA.

2. 存取控制 Access security（Control） ：關注於確保只有授權用戶可以訪問系統和數據

   • securing digital and physical assets. It's also related to
   • the storage, maintenance, retention, and
   • destruction/ disposal of data.
     Making sure that old equipment is properly disposed of and destroyed, including any type of confidential information.

3. Security architecture and engineering: This domain focuses on optimizing data security by :

   • ensuring effective tools, systems, and processes are in place.
   • Ex: configuring a firewall.

4. 溝通和網路安全Communication and Network Security ：涉及保護網絡基礎設施和數據傳輸的安全。 This domain focuses on managing and securing physical networks and wireless communications.
   Imagine discovering that users are connecting to unsecured wireless hotspots. This could leave the organization and its employees vulnerable to attacks. To ensure communications are secure, you would create a network policy to prevent and mitigate exposure.

5. 身份和訪問管理 Identity and access management :

   • Managing and controlling physical and logical assets
   • Ensuring users follow established policies
   • Setting up an employee's access keycard
   • A security professional must deactivate user accounts when employees leave the company to remove access to sensitive information and resources.

6. 安全評估與測試 security assessment and testing :這個領域的主要重點是進行安全控制測試、數據收集和分析，以及進行安全審計（檢查作業的過程），以便監控風險、威脅和漏洞。
   ＊安全評估與測試：這個領域的核心是確保組織的安全措施有效運作，能夠抵禦潛在的威脅和漏洞。透過有效的安全評估與測試，組織可以充分了解自身的安全狀態，並且及時做出相應的調整。
   ＊Conducting security audits進行安全控制測試：安全控制測試是一個重要的過程，這包括測試已有的安全措施是否可以有效防範攻擊，並且是否遵從既定的安全政策。這可能涉及到穿透測試、漏洞掃描等技術。
   ＊Collecting and analyzing data數據收集與分析：在進行安全評估時，收集數據是至關重要的，這能夠幫助分析潛在的威脅和漏洞。數據可以是系統日誌、用戶活動記錄等，這些都可以提供有價值的資訊，供安全分析師進行後續的分析。
   ＊Auditing user permissions 安全審計：審計是一個系統性的過程，用於評估安全措施的有效性。
   * 安全分析師定期進行用戶權限的審計，以確認用戶是否擁有正確的訪問級別。這是確保組織內部資訊不會被未授權的人員訪問的重要步驟。（例如，是否存在過多的權限或未授權的訪問）。
   * 驗證離職員工的帳戶是否已正確停用。
   * 進行漏洞掃描和滲透測試，找出系統中的潛在弱點。

7. 操作安全 security operations ：關注日常運營中的安全措施，如安全配置和補丁管理。This domain focuses on

   • conducting investigations and
   • implementing preventative measures.
   • EX:A security professional receives an alert that an unknown device has connected to their organization's internal network.
   • They follow policies and procedures to quickly stop the potential threat.

8. software development security 應用安全：涉及保護應用程式免受漏洞和攻擊。旨在提高應用程序的抵抗力，防止惡意攻擊。這可能包括如何安全地處理輸入資料、正確的認證機制和權限控制等等。

Determine the type of attack

1. Password attack:

   • 暴力破解（Brute force）：這是一種通過不斷嘗試所有可能的密碼組合來取得訪問權限的攻擊方式。雖然這種方法有效，但如果密碼足夠複雜且長，則暴力破解所需的時間會非常漫長。

   • 彩虹表（Rainbow table）：這是一種利用預計算的散列函數的攻擊方式，可以快速查找出現的密碼，減少破解所需的時間。彩虹表本質上是對密碼的預先計算，利用已知的散列值來迅速獲取原始密碼。

2. 社交工程攻擊 Social engineering attack: 被定義為一種心理操縱技巧，旨在利用人類的錯誤，以獲取私人信息、訪問或貴重物品:The use of digital communications to trick people into revealing sensitive data or deploying malicious software

   • 釣魚（Phishing）：透過假網站或電子郵件來欺騙用戶提供敏感信息。

   • 短信釣魚（Smishing）：透過短信進行的釣魚攻擊。

   • 語音釣魚（Vishing）：利用電話進行的詐騙。

   • 魚叉式釣魚（Spear phishing）：針對特定個人的定制釣魚攻擊。A malicious email attack targeting a specific user or group of users that appears to originate from a trusted source

   • 鯨魚釣魚（Whaling）：針對高層管理人員的釣魚攻擊。A form of spear phishing during which threat actors target executives in order to gain access to sensitive data

   • 社交媒體釣魚（Social media phishing）：在社交平台上進行的欺詐。An attack in which a threat actor collects detailed information about their target on social media sites before initiating an attack

   • 商業電子郵件妥協（BEC）：通過假冒電子郵件獲取商業信息。An attack in which a threat actor impersonates a known source to obtain a financial advantage

   • 水洞攻擊（Watering hole attack）：針對某個特定群體訪問的網站進行攻擊。An attack in which a threat actor compromises a website frequently visited by a specific group of users

   • USB餌食（USB baiting）：使用USB設備吸引受害者以獲取信息。

   • 實體社交工程（Physical social engineering）：直接的面對面操控或欺詐。An attack in which a threat actor impersonates an employee, customer, or vendor to obtain unauthorized access to a physical location

3. Physical attack:A physical attack is a security incident that affects not only digital but also physical environments where the incident is deployed. Some forms of physical attacks are:
   • Malicious USB cable
   • Malicious flash drive
   • Card cloning and skimming
4. Adversarial artificial intelligence:對抗性人工智能是一種技術，用於更高效地操控人工智能和機器學習技術發動攻擊。它涉及通訊和網絡安全以及身份和訪問管理兩個領域。
5. Supply-chain attack:當攻擊者針對供應鏈進行攻擊時，目標通常是那些依賴第三方提供的組件和服務的系統。透過攻擊供應鏈，攻擊者可以在不直接攻擊目標組織的情況下，將惡意代碼注入到合法產品中。
6. Cryptographic attack:A cryptographic attack affects secure forms of communication between a sender and intended recipient. Some forms of cryptographic attacks are:
   • Birthday
   • Collision
   • Downgrade

Understand attackers

Threat actor types