From the course: CompTIA CySA+ (CS0-002) Cert Prep: 1 Threat Management

Unlock the full course today

Join today to access over 22,400 courses taught by industry experts or purchase this course individually.

Diamond Model of Intrusion Analysis

Diamond Model of Intrusion Analysis

From the course: CompTIA CySA+ (CS0-002) Cert Prep: 1 Threat Management

Start my 1-month free trial

Diamond Model of Intrusion Analysis

- [Instructor] The Diamond Model of intrusion analysis provides us with an analytical framework for understanding intrusion events. The model is a very helpful tool to guide the work of intrusion analysis, ensuring that we've gathered all of the relevant information and thought about it from different angles. In the Diamond Model, intrusion events have four core features. The adversary is the person or group that's trying to compromise your information or information systems in an effort to achieve their own objectives. The adversary could be an external threat, such as a nation state or hacking group, or an internal threat, such as malicious insider. The victim is the entity that is targeted by an attack. The victim might be described as a broad organization or a specific system depending upon the nature of the intrusion event. The adversary has capabilities that they use to engage in an attack. You can think of these…

Contents