Explain the Diamond Model of Intrusion Analysis and how it complements other threat frameworks. How would you apply it during an active investigation to identify threat actor attribution and infrastructure?

Sample answer preview

The Diamond Model of Intrusion Analysis is a framework that structures cyber threat intelligence around four core features of any intrusion event: the adversary, the capability, the infrastructure, and the victim.