Cyber essentials

smishing

(Short Message Service phishing) is phishing using text messaging on mobile phones. Criminals impersonate a legitimate source in an attempt to gain the trust of the victim. For example, a smishing attack might send the victim a website link. When the victim visits the website, malware is installed on the mobile phone.

Guidelines

- suggestions - National Institute of Standards and Technology (NIST) Computer Security Resource Center (Figure 1) National Security Agency (NSA) Security Configuration Guides (Figure 2) The Common Criteria standard

procedures

-maintain consistency and necessary for a secure environment -include implementation details that usually contain step-by-step instructions and graphics.

standards

-needed for a organizations consistency. -standards documents provide the technologies that specific users or programs need in addition to any program requirements or criteria that an organization must follow. This helps IT staff improve efficiency and simplicity in design, maintenance, and troubleshooting.

APT

Advanced persistent threat a continuous computer hack that occurs under the radar against a specific object. Criminals usually choose an APT for business or political motives. An APT occurs over a long period with a high degree of secrecy using sophisticated malware.

social engineering tactics

Authority - people are more likely to comply when instructed by "an authority" Intimidation - criminals bully a victim into taking action Consensus/Social Proof - people will take action if they think that other people like it too Scarcity - people will take action when they think there is a limited quantity Urgency - people will take action when they think there is a limited time Familiarity/Liking - Criminals build a rapport with the victim to establish a relationship Trust - Criminals build a trusting relationship with a victim which may require more time to establish

The impact of big data

Big data is the result of data sets that are large and complex, making traditional data processing applications inadequate. Big data poses both challenges and opportunities based on three dimensions: The volume or amount of data The velocity or speed of data The variety or range of data types and sources

ITaas

Cloud service providers have extended these options to include IT as a Service (ITaaS), which provides IT support for IaaS, PaaS, and SaaS service models. In the ITaaS model, an organization contracts with the Cloud provider for individual or bundled services.

Traditional Data

Corporate data: - personnel information, intellectual property and financial data. Personnel information: - application materials, payrool, offer letters, employee agreements, any info in making employment decisions. Intellectual property:- patents, trademarks, new product plans ( anything that allows the business to gain a advantage over its competitors- trade secret) . Financial Data: - income statements, balance sheets, cash flow statements (anything that gives insight into the health of a company).

External security threats

External threats from amateurs or skilled attackers can exploit vulnerabilities in networked devices, or can use social engineering, such as trickery, to gain access. External attacks exploit weaknesses or vulnerabilities to gain access to internal resources

hardware based technology safegaurds

Firewall appliances block unwanted traffic. Firewalls contain rules that define the traffic allowed into and out of a network. Dedicated Intrusion Detection Systems (IDS) detect signs of attacks or unusual traffic on a network and send an alert. Intrusion Prevention Systems (IPS) detect signs of attacks or unusual traffic on a network, generate an alert and take corrective actions. Content filtering services control access and transmission of objectionable or offensive content.

Third dimension of thee cybersecurity cube.

Identifies the expertise to provide protection. - often called the three categories of cybersecurity safeguards technological skills are not always enough a cyber expert must also build a strong defense by establishing policies, procedures, and guidelines that enable the users of cyber space to stay safe and follow good practices. -maintain knowledgeable -establish a culture of learning and awareness.

First dimension of the cybersecurity cube.

Includes the three principles of information security - referred to as the CIA triad. Identifies the goals to protect cyberspace. (the foundational principles) CIA - these provide focus the cybersecurity expert and enables the to prioritize actions when protecting and networked system.

ISO

International Organization for Standardization

key industry sectors

Key industry sectors offer networking infrastructure systems such as manufacturing, energy, communication and transportation.

Defending against deception

Never provide confidential information or credentials via email, chat sessions, in-person, or on the phone to unknown parties. Resist the urge to click on enticing emails and website links. Keep an eye out for uninitiated or automatic downloads. Establish policies and educate employees about those policies. When it comes to security, give employees a sense of ownership. Do not fall to pressure from unknown individuals.

Acceptable use policy (AUP)

One of the most common security policy components is an acceptable use policy (AUP). This component defines what users can and cannot do on the various system components. The AUP should be as explicit as possible to avoid misunderstanding. For example, an AUP lists specific websites, newsgroups, or bandwidth intensive applications that users cannot access using company computers or the company network.

Types of sensitive information

Personal information is personally identifiable information (PII) that traces back to an individual.. Business information is information that includes anything that poses a risk to the organization if discovered by the public or a competitor. Classified information is information belonging to a government body classified by its level of sensitivity.

methods to transmit information between devices.

Sneaker net - uses removable media to physically move data from one computer to another Wired networks - uses cables to transmit data Wireless networks - uses radio waves to transmit data

Cloud based technology safeguards

Software as a Service (SaaS) allows users to gain access to application software and databases. Cloud providers manage the infrastructure. Users store data on the cloud provider's servers. Infrastructure as a Service (IaaS) provides virtualized computing resources over the Internet. The provider hosts the hardware, software, servers, and storage components. Platform as a Service (PaaS) provides access to the development tools and services used to deliver the applications.

stored data

Stored data refers to data at rest. Data at rest means that a type of storage device retains the data when no user or process is using it. A storage device can be local (on a computing device) or centralized (on the network). A number of options exist for storing data.

Stuxnet

Targeted the Supervisory Control and Data Acquisition (SCADA) system used to control and monitor industrial processes. SCADA can be part of various industrial processes in manufacturing, production, energy and communications systems.

APWG

The Anti-Phishing Working Group (APWG) is an industry association focused on eliminating the identity theft and fraud that result from phishing and email spoofing.

ISO 27000 VS ISO 27001

The ISO 27000 is a universal framework for every type of organization. In order to use the framework effectively, an organization must narrow down which domains, control objectives, and controls apply to its environment and operations. The ISO 27001 control objectives serve as a checklist. The first step an organization takes is to determine if these control objectives are applicable to the organization. Most organizations generate a document called the Statement of Applicability (SOA). The SOA defines which control objectives that the organization needs to use.

pretexting

This is when an attacker calls an individual and lies to them in an attempt to gain access to privileged data. An example involves an attacker who pretends to need personal or financial data in order to confirm the identity of the recipient.

TDoS (telephony denial of service) attacks

Uses high volumes of automated calls to tie up a target phone system, halting incoming and outgoing calls

Network based safe guards

Virtual Private Network (VPN) is a secure virtual network that uses the public network (i.e., the Internet). The security of a VPN lies in the encryption of packet content between the endpoints that define the VPN. Network access control (NAC) requires a set of checks before allowing a device to connect to a network. Some common checks include up-to-data antivirus software or operating system updates installed. Wireless access point security includes the implementation of authentication and encryption.

critical situations within cyber security

When a threat is the possibility that a harmful event, such as an attack, will occur. When a vulnerability makes a target susceptible to an attack.

DDOS

can be used on VOIP systems such as next gen 911 call centers

national institute of standards and technologies (NIST)

created a framework for companies and organizations in need of cybersecurity professionals. The framework enables companies to identify the major types of responsibilities, job titles, and workforce skills needed. The National Cybersecurity Workforce Framework categorizes and describes cybersecurity work. It provides a common language that defines cybersecurity work along with a common set of tasks and skills required to become a cybersecurity specialist. The framework helps to define professional requirements in cybersecurity.

Cybersecurity Cube

created by John McCumber. A tool used for managing the protections of networks, domains, and the internet. looks somewhat like a rubik's cube.

what a security policy should accomplish

demonstrates an organization's commitment to security. It sets the rules for expected behavior. It ensures consistency in system operations, software and hardware acquisition and use, and maintenance. It defines the legal consequences of violations. It gives security staff the backing of management.

High availability

describes systems designed to avoid downtime. High availability ensures a level of performance for a higher than normal period. High availability systems typically include three design principles (Figure 1): Eliminate single points of failure Provide for reliable crossover Detect failures as they occur The goal is the ability to continue to operate under extreme conditions, such as during an attack. One of the most popular high availability practices is five nines. The five nines refer to 99.999%. This means that downtime is less than 5.26 minutes per year.

Second dimension of the cybersecurity cube.

identifies the three states of information or data. data states -data in transit -data at rest or in storage -data in process

pharming

impersonation of a legitimate website in an effort to deceive users into entering their credentials. Pharming misdirects users to a fake website that appears to be official. Victims then enter their personal information thinking that they connected to a legitimate site.

company- sponsored certifications

important credential for cybersecurity specialists are company-sponsored certifications. These certifications measure knowledge and competency in installing, configuring, and maintaining vendor products. Cisco and Microsoft are examples of companies with certifications that test knowledge of their products

ISMS

information security management system

ISO/IEC 27000

information security standard published in 2005 and revised in 2013. ISO publishes the ISO 27000 standards. The ISO 27000 standards describe the implementation of a comprehensive information security management system (ISMS). An ISMS consists of all of the administrative, technical and operational controls to keep information safe within an organization. Twelve independent domains represent the components of the ISO 27000 standard. These twelve domains serve to organize, at a high level, the vast areas of information under the umbrella of information security. The structure of the ISO cybersecurity model is different from the OSI model in that it uses domains rather than layers to describe the categories for security. The reason for this is that the ISO cybersecurity model is not a hierarchical relationship. It is a peer model in which each domain has a direct relationship with the other domains. The ISO 27000 cybersecurity model is very similar to the OSI model in that it is vital for cybersecurity specialists to understand both of these models to be successful. The twelve domains serve as a common basis for developing organizational security standards and effective security management practices. They also help to facilitate communication between organizations.

IEC

international Electrotechnical Commission

Federated identity

links a subject's electronic identity across separate identity management systems. For example, a subject may be able to log onto Yahoo! with Google or Facebook credentials. This is an example of social login. The most common way to protect federated identity is to tie login ability to an authorized device.

Types of personal records

medical records educational records Employment and Financial records

packets forgery

packet injection

vishing

phishing using voice communication technology. Criminals can spoof calls from legitimate sources using voice over IP (VoIP) technology. Victims may also receive a recorded message that appears legitimate. Criminals want to obtain credit card numbers or other information to steal the victim's identity. Vishing takes advantage of the fact that people trust the telephone network.

Federated Identity Management

refers to multiple enterprises that let their users use the same identification credentials gaining access to the networks of all enterprises in the group. This broadens the scope and increases the probability of a cascading effect should an attack occur. goal of federated identity management is to share identity information automatically across castle boundaries. From the individual user's perspective, this means a single sign-on to the web.

ISO cybersecurity model

represents the international frameworks to standardize the management of information systems.

threats to internet services- prime targets

routing, addressing, domain naming, and database management

Algorithm attacks

track system self-reporting data, like how much energy a computer is using, and use that information to select targets or trigger false alerts. Algorithmic attacks can also disable a computer by forcing it to use memory or by overworking its central processing unit. Algorithmic attacks are more devious because they exploit designs used to improve energy savings, decrease system failures, and improve efficiencies.

malware

umbrella term used to describe all hostile or intrusive software

zero day attacks

zero-day attack, sometimes referred to as a zero-day threat, is a computer attack that tries to exploit software vulnerabilities that are unknown or undisclosed by the software vendor. The term zero hour describes the moment when someone discovers the exploit. During the time it takes the software vendor to develop and release a patch, the network is vulnerable to these exploits, as shown in the figure. Defending against these fast-moving attacks requires network security professionals to adopt a more sophisticated view of the network architecture. It is no longer possible to contain intrusions at a few points in the network.

Controls

*Controls are more detailed than objectives. Control objectives tell the organization what to do. Controls define how to accomplish the objective.* Cybersecurity professionals recognize the following: Controls are not mandatory, but they are widely accepted and adopted. Controls must maintain vendor-neutrality to avoid the appearance of endorsing a specific product or company. Controls are like guidelines. This means that there can be more than one way to comply with the objective.

Internal security threats

An internal user, such as an employee or contract partner, can accidently or intentionally: Mishandle confidential data Threaten the operations of internal servers or network infrastructure devices Facilitate outside attacks by connecting infected USB media into the corporate computer system Accidentally invite malware onto the network through malicious email or websites Internal threats have the potential to cause greater damage than external threats because internal users have direct access to the building and its infrastructure devices. Internal attackers typically have knowledge of the corporate network, its resources, and its confidential data. They may also have knowledge of security countermeasures, policies and higher levels of administrative privileges

Industry specifications

CompTIA Security+ Security+ is a CompTIA-sponsored testing program that certifies the competency of IT administrators in information assurance. The Security+ test covers the most important principles for securing a network and managing risk, including concerns associated with cloud computing. EC-Council Certified Ethical Hacker (CEH) This intermediate-level certification asserts that cybersecurity specialists holding this credential possess the skills and knowledge for various hacking practices. These cybersecurity specialists use the same skills and techniques used by the cyber criminals to identify system vulnerabilities and access points into systems. SANS GIAC Security Essentials (GSEC) The GSEC certification is a good choice for an entry-level credential for cybersecurity specialists who can demonstrate that they understand security terminology and concepts and have the skills and expertise required for "hands-on" security roles. The SANS GIAC program offers a number of additional certifications in the fields of security administration, forensics, and auditing. (ISC)^2 Certified Information Systems Security Professional (CISSP) The CISSP certification is a vendor-neutral certification for those cybersecurity specialists with a great deal of technical and managerial experience. It is also formally approved by the U.S. Department of Defense (DoD) and is a globally recognized industry certification in the security field. ISACA Certified Information Security Manager (CISM) Cyber heroes responsible for managing, developing and overseeing information security systems at the enterprise level or for those developing best security practices can qualify for CISM. Credential holders possess advanced skills in security risk management.

Confidentiality vs privacy

Confidentiality and privacy seem interchangeable, but from a legal standpoint, they mean different things. Most privacy data is confidential, but not all confidential data is private. Access to confidential information occurs after confirming proper authorization. Financial institutions, hospitals, medical professionals, law firms, and businesses handle confidential information. Confidential information has a non-public status. Maintaining confidentiality is more of an ethical duty. Privacy is the appropriate use of data. When organizations collect information provided by customers or employees, they should only use that data for its intended purpose. Most organizations will require the customer or employee to sign a release form giving the organization permission to use the data.

thwarting cyber criminals

Creating comprehensive databases of known system vulnerabilities and attack signatures (a unique arrangement of information used to identify an attacker's attempt to exploit a known vulnerability). Organizations share these databases worldwide to help prepare for and fend off many common attacks. Establishing early warning sensors and alert networks. Due to cost and the impossibility of monitoring every network, organizations monitor high-value targets or create imposters that look like high-value targets. Because these high-value targets are more likely to experience attacks, they warn others of potential attacks. Sharing cyber intelligence information. Business, government agencies and countries now collaborate to share critical information about serious attacks to critical targets in order to prevent similar attacks in other places. Many countries have established cyber intelligence agencies to collaborate worldwide in combating major cyberattacks. Establishing information security management standards among national and international organizations. The ISO 27000 is a good example of these international efforts. Enacting new laws to discourage cyberattacks and data breaches. These laws have severe penalties to punish cyber criminals caught carrying out illegal actions.

Types of stored data

Direct-attached storage (DAS) is storage connected to a computer. A hard drive or USB flash drive is an example of direct-attached storage. By default, systems are not set up to share direct-attached storage. Redundant array of independent disks (RAID) uses multiple hard drives in an array, which is a method of combining multiple disks so that the operating system sees them as a single disk. RAID provides improved performance and fault tolerance. A network attached storage (NAS) device is a storage device connected to a network that allows storage and retrieval of data from a centralized location by authorized network users. NAS devices are flexible and scalable, meaning administrators can increase the capacity as needed. A storage area network (SAN) architecture is a network based storage system. SAN systems connect to the network using high-speed interfaces allowing improved performance and the ability to connect multiple servers to a centralized disk storage repository. Cloud storage is a remote storage option that uses space on a data center provider and is accessible from any computer with Internet access. Google Drive, iCloud, and Dropbox are all examples of cloud storage providers.

Challenges of protecting stored data

Direct-attached storage can be one of the most difficult types of data storage to manage and control. Direct-attached storage is vulnerable to malicious attacks on the local host. Stored data may also include backup data. Backups can be manual or automatic. Organizations should limit the types of data stored on direct-attached storage. In particular, an organization would not store critical data on direct-attached storage devices. Network storage systems offer a more secure option. Network storage systems including RAID, SAN and NAS provide greater performance and redundancy. However, network storage systems are more complicated to configure and manage. They also handle more data, posing a greater risk to the organization if the device fails. The unique challenges of network storage systems include configuring, testing, and monitoring the system.

what a security policy includes

Identification and authentication policies - Specifies authorized persons that can have access to network resources and outlines verification procedures. Password policies - Ensures passwords meet minimum requirements and are changed regularly. Acceptable use policies - Identifies network resources and usage that are acceptable to the organization. It may also identify ramifications for policy violations. Remote access policies - Identifies how remote users can access a network and what is remotely accessible. Network maintenance policies - Specifies network device operating systems and end user application update procedures. Incident handling policies - Describes how security incidents are handled.

Software based technology safegaurds

Software firewalls control remote access to a system. Operating systems typically include a firewall or a user can purchase or download software from a third party. Network and port scanners discover and monitor open ports on a host or server. Protocol analyzers, or signature analyzers, are devices that collect and examine network traffic. They identify performance problems, detect misconfigurations, identify misbehaving applications, establish baseline and normal traffic patterns, and debug communication problems. Vulnerability scanners are computer programs designed to assess weaknesses on computers or networks. Host-based intrusion detection systems (IDS) examine activity on host systems only. An IDS generates log files and alarm messages when it detects unusual activity. A system storing sensitive data or providing critical services is a candidate for host-based IDS.

ISO 27001 & 27002

The ISO 27001 control objectives relate directly to the organization's cybersecurity policies, procedures and guidelines which upper management determines. The ISO 27002 controls provide technical direction.

Work force framework categories

The Workforce Framework categorizes cybersecurity work into seven categories. Operate and Maintain includes providing the support, administration, and maintenance required to ensure IT system performance and security. Protect and Defend includes the identification, analysis, and mitigation of threats to internal systems and networks. Investigate includes the investigation of cyber events and/or cyber crimes involving IT resources. Collect and Operate includes specialized denial and deception operations and the collection of cybersecurity information. Analyze includes highly specialized review and evaluation of incoming cybersecurity information to determine if it is useful for intelligence. Oversight and Development provides for leadership, management, and direction to conduct cybersecurity work effectively. Securely Provision includes conceptualizing, designing, and building secure IT systems. Within each category, there are several specialty areas. The specialty areas then define common types of cybersecurity work.

twelve domains: control objectives

The twelve domains consist of control objectives defined in the 27001 part of the standard. The control objectives define the high-level requirements to implement a comprehensive ISM. An organization's management team uses the ISO 27001 control objectives to define and publish the organization's security policies. Control objectives provide a checklist to use during security management audits. Many organizations need to pass an ISMS audit in order to earn a designation of ISO 27001 compliant. Certification and compliance provide confidence for two organizations that need to trust each other's confidential data and operations. Compliance and security audits prove that organizations are continuously improving their information security management system. The following is an example of a control objective: To control access to networks by using the appropriate authentication mechanisms for users and equipment.