What is Hunting?

Most security technologies, tools, and processes are passive. They’re triggered by events or conditions that generate some prescribed response ─ not unlike how your immune system works to detect and address foreign bodies. Enterprise antivirus is a well-known class of technologies that illustrate this process particularly well. But these passive controls and workflows are rarely immediate. Adversaries may be able to dwell undetected in your environment for hours, days, weeks, months, or years. Even worse, adversaries have learned to maximize their success with minimal dwell time, which leaves you the narrowest margin of error to prevent data theft or business disruption.

Threat hunting has become one of the more important functions of mature security organizations – a rare capability that enables them to address gaps in passive security solutions. But at first, threat hunting can be a daunting endeavor. How can you detect attacks that don’t deploy malware or leave behind known indicators of compromise? How can you deduce the presence of “fileless”attacks that minimize disk-based evidence? The goal of this guide is to help security teams cultivate the skills and procedures that enable threat hunting.

The first chapter provides an overview of threat hunting concepts and shares ideas for integrating threat hunting into security operations. Subsequent chapters explore techniques for hunts based on different adversary techniques. Appendices offer reference materials to remind you of key information. When you pick up this guide you join a global community of security professionals. Together we can reshape the security landscape by sharing knowledge and best practices on how to protect the world’s data from attack.

Click to download

Cyber resiliency, like security, is a concern at multiple levels in an organization. The four cyber resiliency goals, which are common to many resilience definitions, are included in the definition and the cyber resiliency engineering framework to provide linkage between risk management decisions at the mission and business process level and at the system level with those at the organizational level. Organizational risk management strategies can use the cyber resiliency goals and associated strategies to incorporate cyber resiliency.

Cyber resiliency objectives are more specific statements of what a system must achieve in its operational environment and throughout its life cycle to meet stakeholder needs for mission assurance and resilient security.

The purpose of this document is to supplement [SP 800-160 v1] and [SP 800-37] (or other risk management processes or methodologies) with guidance on how to apply cyber resiliency concepts, constructs, and engineering practices as part of systems security engineering and risk management for systems and organizations. This document identifies considerations of the engineering of systems that include the following circumstances or systems that depend on cyber resources. Circumstances or types of systems to which this document applies include:

Click to download 

The OECD Corporate Governance Factbook supports the implementation of good corporate governance practices by providing an easily accessible and up-to-date, factual underpinning to help understand countries’ institutional, legal and regulatory frameworks. Governments may use the Factbook to compare their own frameworks with those of other countries or to obtain information about policies and practices in specific jurisdictions. It also serves as a useful reference for market participants and analysts seeking to understand how such frameworks vary across different jurisdictions, and how they have been evolving.

The 2021 edition of the OECD Corporate Governance Factbook contains comparative data and information across 50 jurisdictions including all G20, OECD and Financial Stability Board members. The information is presented and commented in 63 figures and 42 tables covering a broad range of institutional, legal and regulatory provisions. The Factbook provides an important and unique tool for monitoring the implementation of the G20/OECD Principles of Corporate Governance (the “G20/OECD Principles”). Issued every two years, it is actively used by governments, regulators and other stakeholders for information about implementation and latest trends. It is divided into four chapters addressing:
 1) the global market and corporate ownership landscape;
 2) the corporate governance and institutional framework;
 3) the rights of shareholders and key ownership functions; and
 4) the corporate boards of directors.

Click to download

Condition-based maintenance (CBM) is a maintenance strategy that monitors the actual condition of an asset to decide what maintenance needs to be done. CBM dictates that maintenance should only be performed when specific indicators show signs of decreasing performance or upcoming failure. Checking a machine for these indicators may include non-invasive measurements, visual inspection, performance data and scheduled tests. Condition data can then be gathered at specific intervals or continuously (as is done when a machine has internal sensors). Condition-based maintenance can be applied to mission-critical and non-mission-critical assets.

Unlike in planned maintenance (PM), where maintenance is performed based upon predefined scheduled intervals, condition-based maintenance is performed only after a decrease in the equipment condition has been observed. Compared with preventive maintenance, this increases the time between maintenance repairs because maintenance is done on an as-needed basis. This also helps in reducing the unplanned downtime because of sudden breakdowns as machines are continuously monitored using sensors.

Click to download

On May 12, 2021, President Biden issued an Executive Order (EO) aiming to improve the federal government’s efforts to “identify, deter, protect against, detect and respond” to cybersecurity incidents.

Released five days after the ransomware attack on Colonial Pipeline, it is intended as a comprehensive response to anongoing trend of increased threats.

The EO is intended to help the government modernize and mitigate the risk of cyber incidents. It also aims to encourage private-sector-owned domestic critical infrastructure to partner with and follow the federal government’s lead to take ambitious measures to augment and aligncybersecurity investments with the goal of minimizing future incidents.

The EO required quick action, with 30-day, 90-day and 365-day deadlines across seven key objectives.

Click to download