the International Olympic Association (IOA) and the International Olympic Committee (IOC), it becomes clear that the IOC plays the central role in overseeing and organizing the Olympic Games and promoting the Olympic Movement globally.
2. IOA or Indicator of Attack, is a pattern of behavior
that indicates that a cyber attack is in progress or
is about to happen. IOAs are based on the
knowledge of how attackers typically operate,
and they can be used to detect a wide range of
attacks.
EXAMPLE
โข A sudden increase in the number of failed login
attempts to a system.
IOA
#
l
e
a
r
n
t
o
r
i
s
e
Swipe
www.infosectrain.com
3. IOC or Indicator of Compromise, is a piece of
evidence that indicates that a system has been
compromised. IOCs can be anything from a
speci๏ฌc IP address to a ๏ฌle hash to a registry
entry. IOCs are often used to detect known
threats, such as speci๏ฌc malware strains or
attack vectors.
EXAMPLE
โข The presence of a speci๏ฌc malware ๏ฌle on a
system.
IOC
#
l
e
a
r
n
t
o
r
i
s
e
Swipe
www.infosectrain.com
4. 1. De๏ฌne Objectives
โข IOA: Identify the objectives for detecting mali
cious activities before they compromise the
system.
โข IOC: De๏ฌne the goals for identifying signs of
a successful breach or compromise.
2. Gather Data
โข IOA: Collect data on attack tactics,
techniques, and procedures (TTPs).
โข IOC: Gather logs, network traf๏ฌc data, and
system events.
HOW TO BUILD
#
l
e
a
r
n
t
o
r
i
s
e
Swipe
www.infosectrain.com
5. 3. Analyze Threat Intelligence
โข IOA: Analyze threat intelligence feeds,
reports, and forums for emerging threats and
attack patterns.
โข IOC: Review threat intelligence for known
signatures, malware hashes, malicious IPs,
and domains.
4. Develop Indicators
โข IOA: Develop indicators based on observed
attack behaviors, anomalies, and patterns.
โข IOC: Create indicators using known
compromised elements such as ๏ฌle hashes,
IP addresses, URLs, and email addresses.
#
l
e
a
r
n
t
o
r
i
s
e
Swipe
www.infosectrain.com
6. 5. Implement Detection
โข IOA: Implement detection rules and alerts in
security tools such as SIEM, IDS, and EDR.
โข IOC: Integrate IOC signatures into security
appliances, ๏ฌrewalls, and endpoint protection
platforms.
6. Test and Validate
โข IOA & IOC: Test the indicators against
historical data and simulated attack
scenarios to validate their effectiveness.
7. Re๏ฌne and Update:
โข IOA & IOC: Continuously re๏ฌne and update
indicators based on evolving threats and
false positive/negative feedback.
#
l
e
a
r
n
t
o
r
i
s
e
Swipe
www.infosectrain.com
7. 8. Automate and Integrate:
โข IOA & IOC: Automate the process of gathering
and analyzing threat intelligence. Integrate
IOA and IOC with incident response and threat
hunting work๏ฌows.
9. Share and Collaborate:
โข IOA & IOC: Share indicators with trusted
partners, ISACs (Information Sharing and
Analysis Centers), and threat intelligence
communities.
10. Educate and Train:
โข IOA & IOC: Educate and train security teams
on the latest threats and indicators. Conduct
regular drills and exercises to enhance
detection and response capabilities.
#
l
e
a
r
n
t
o
r
i
s
e
Swipe
www.infosectrain.com
8. To Get More Insights Through Our FREE
FOUND THIS USEFUL?
Courses | Workshops | eBooks | Checklists | Mock Tests
LIKE FOLLOW
SHARE