A security analyst is performing a Diamond Model analysis of an incident the company had last quarter. A potential benefit of this activity is that it can identify:

A security analyst is performing a Diamond Model analysis of an incident the company had last quarter. A potential benefit of this activity is that it can identify:
A . detection and prevention capabilities to improve.
B . which systems were exploited more frequently.
C . possible evidence that is missing during forensic analysis.
D . which analysts require more training.
E . the time spent by analysts on each of the incidents.

View Answer

Answer: A

Explanation:

A Diamond Model analysis of an incident is a framework that identifies the four essential features of

an attack: adversary, capability, infrastructure, and victim1 By analyzing these features and their relationships, a security analyst can gain insights into the attack’s objectives, methods, sources, and targets. A potential benefit of this activity is that it can identify detection and prevention capabilities to improve, such as gaps in security controls, indicators of compromise, or mitigation strategies2

Reference: 1 What is the Diamond Model of Intrusion Analysis? 2 How to use the MITRE ATT&CK® framework and diamond model of intrusion analysis together