The Environment presented in the cyber-attack model is the “cyberspace”, it’s where the attack takes place. This is the battlefield between attackers and defenders, the environment is where vulnerabilities can be found and exploited. Each actor in the cyber domain must master the internals of their environment. Eventually, each environment has a different vulnerability due to architecture, human flaws, and many other reasons.
Each type of asset may operate in a totally different environment, and each type of environment is studied deeply by the researchers.
The environment is constructed from 5 elements: Hardware, Operation system, Software, Network, and human interaction with it. Each element can hold different vulnerabilities that can be exploited later by an attacker.
In this chapter I explain each element in the context of regular computers, there is a wide range of different types of environments to explore, such as SCADA, IoT, etc.
As I always write, this is just a general overview and most certainly NOT a sufficient amount of information for becoming any kind of expert. Nevertheless, this is good enough to get you started with some cyber use cases in the future.
BTW – each and one of the components below hold various vulnerabilities!