Foundations of Cybersecurity

computer virus

A _____ is malicious code written to interfere with computer operations and cause damage to data.

Whaling

A form of spear phishing during which threat actors target executives in order to gain access to sensitive data

Virus

A malware program that modifies other computer programs by inserting its own code to damage and/or destroy data

Social engineering

A manipulation technique that exploits human error to gain unauthorized access to sensitive, private, and/or valuable data

Watering hole attack

An attack in which a threat actor compromises a website frequently visited by a specific group of users

Business email compromise (BEC)

An attack in which a threat actor impersonates a known source to obtain a financial advantage

Physical social engineering

An attack in which a threat actor impersonates an employee, customer, or vendor to obtain unauthorized access to a physical location

Which of the following tasks are part of the security and risk management domain?

Compliance Business continuity Defining security goals and objectives

Which of the following tasks may be part of the security operations domain?

Conducting investigations Implementing preventive measures Investigating an unknown device that has connected to an internal network

Which of the following tasks may be part of the security architecture and engineering domain?

Ensuring that effective systems and processes are in place Configuring a firewall

What do security professionals typically do with SIEM tools?

Identify and analyze security threats, risks, and vulnerabilities

Security frameworks are guidelines used for building plans to help mitigate risks and threats to data and privacy. They have four core components:

Identifying and documenting security goals Setting guidelines to achieve security goals Implementing strong security processes Monitoring and communicating results

A security professional conducts internal training to teach their coworkers how to identify a social engineering attack. What types of security issues are they trying to avoid?

Malicious software being deployed Employees inadvertently revealing sensitive data Phishing attacks

Spyware

Malicious software installed on a user's computer without their permission, which is used to spy on and steal user data

worm

Malware that self-replicates, spreading across the network and infecting computers

Encryption

Process of converting readable data into unreadable characters to prevent unauthorized access./ the process of converting data from a readable format to a cryptographically encoded format

Transferable skills

Skills from other areas that can apply to different careers

Vishing

The exploitation of electronic voice communication to obtain sensitive information or to impersonate a known source

Morris Worm

The first network worm to infest the Internet; deployed in 1988 by Robert T. Morris lead to the creation of Computer Emergency Response Teams, known as CERTs®,

Phishing

The use of digital communications to trick people into revealing sensitive data or deploying malicious software

security assessment and testing

This domain focuses on conducting security control testing, collecting and analyzing data, and conducting security audits to monitor for risks, threats, and vulnerabilities. Security analysts may conduct regular audits of user permissions, to make sure that users have the correct level of access. For example, access to payroll information is often limited to certain employees, so analysts may be asked to regularly audit permissions to ensure that no unauthorized person can view employee salaries.

security operations

This domain focuses on conducting investigations and implementing preventative measures. Imagine that you, as a security analyst, receive an alert that an unknown device has been connected to your internal network. You would need to follow the organization's policies and procedures to quickly stop the potential threat.

communication and network security

This domain focuses on managing and securing physical networks and wireless communications. As a security analyst, you may be asked to analyze user behavior within your organization.

asset security

This domain focuses on securing digital and physical assets. It's also related to the storage, maintenance, retention, and destruction of data. When working with this domain, security analysts may be tasked with making sure that old equipment is properly disposed of and destroyed, including any type of confidential information.

software development security

This domain focuses on using secure coding practices, which are a set of recommended guidelines that are used to create secure applications and services. A security analyst may work with software development teams to ensure security practices are incorporated into the software development life-cycle. If, for example, one of your partner teams is creating a new mobile app, then you may be asked to advise on the password policies or ensure that any user data is properly secured and managed.

LoveLetter attack

What historical event used a malware attachment to steal user information and passwords?

Confidentiality, integrity, and availability (CIA) triad

What is a foundational model that informs how organizations consider risk when setting up systems and security policies?

cryptographic attack

affects secure forms of communication between a sender and intended recipient. Some forms of cryptographic attacks are: Birthday Collision Downgrade Cryptographic attacks fall under the communication and network security domain.

internal threat

can be a current or former employee, an external vendor, or a trusted partner who poses a security risk. At times, an internal threat is accidental. For example, an employee who accidentally clicks on a malicious email link would be considered an accidental threat. Other times, the internal threat actor intentionally engages in risky activities, such as unauthorized data access.

Cryptographic encoding

converting plaintext into secure ciphertext

SIEM tools provide a series of

dashboards that visually organize data into categories, allowing users to select the data they wish to analyze

Logs help security professionals

identify vulnerabilities and potential security breaches.

Personally identifiable information (PII):

information about an individual that identifies, links, relates, or describes them.

confidentiality, integrity, and availability (CIA) triad

is a model that helps inform how organizations consider risk when setting up systems and security policies.

Security posture

is an organization's ability to manage its defense of critical assets and data and react to change. A strong security posture leads to lower risk for the organization.

Python

programming language used for automation to reduce human and manual effort in performing common and repetitive tasks

supply-chain attack

targets systems, applications, hardware, and/or software to locate a vulnerability where malware can be deployed. Because every item sold undergoes a process that involves third parties, this means that the security breach can occur at any point in the supply chain. These attacks are costly because they can affect multiple organizations and the individuals who work for them. Supply-chain attacks fall under the security and risk management, security architecture and engineering, and security operations domains.

Penetration Testing

the act of participating in a simulated attack that helps identify vulnerabilities in systems, networks, websites, applications, and processes. It is a thorough risk assessment that can evaluate and identify external and internal threats as well as weaknesses.

Compliance

the process of adhering to internal standards and external regulations and enables organizations to avoid fines and security breaches.

secure ciphertext

the result of encryption

LoveLetter Malware

A form of social engineering attack that took advantage of people who had not developed a healthy suspicion for unsolicited emails. Users received an email with the subject line, "I Love You." Each email contained an attachment labeled, "Love Letter For You." When the attachment was opened, the malware scanned a user's address book. Then, it automatically sent itself to each person on the list and installed a program to collect user information and passwords. Recipients would think they were receiving an email from a friend, but it was actually malware

Ransomware

A malicious attack during which threat actors encrypt an organization's data and demand payment to restore access

spear phishing

A malicious email attack targeting a specific user or group of users that appears to originate from a trusted source

Malware

A software designed to harm devices or networks

Sensitive personally identifiable information (SPII)

A specific type of PII that falls under stricter handling guidelines

Social media phishing

An attack in which a threat actor collects detailed information about their target on social media sites before initiating an attack

USB baiting

An attack in which a threat actor strategically leaves a malware USB stick for an employee to find and unknowingly infect a network

Security posture

An organization's ability to manage its defense of critical assets and data and react to change

A security professional is ensuring proper storage, maintenance, and retention of their organization's data. Which domain does this scenario describe?

Asset security

Which domain involves keeping data secure by ensuring users follow established policies to control and manage physical assets?

Identity and access management

security and risk management

Security and risk management focuses on defining security goals and objectives, risk mitigation, compliance, business continuity, and the law. For example, security analysts may need to update company policies related to private health information if a change is made to a federal compliance regulation such as the Health Insurance Portability and Accountability Act, also known as HIPAA.

Which domain involves conducting, collecting, and analyzing data, as well as conducting security audits to monitor for risks, threats, and vulnerabilities?

Security assessment and testing

event

Security information and _____ management (SIEM) tools enable security professionals to identify and analyze threats, risks, and vulnerabilities.

Technical skills

Skills that require knowledge of specific tools, procedures, and policies

human

Social engineering is a manipulation technique that exploits _____ error to gain access to private information

examples of commonly used SIEM tools

Splunk and Chronicle.

Cybersecurity (or security)

The practice of ensuring confidentiality, integrity, and availability of information by protecting networks, devices, people, and data from unauthorized access or criminal exploitation

cybersecurity

The purpose of _____ is to protect networks, devices, people, and data from unauthorized access or criminal exploitation

Smishing

The use of text messages to trick users, in order to obtain sensitive information or to impersonate a known source.

security architecture and engineering

This domain focuses on optimizing data security by ensuring effective tools, systems, and processes are in place. As a security analyst, you may be tasked with configuring a firewall. A firewall is a device used to monitor and filter incoming and outgoing computer network traffic. Setting up a firewall correctly helps prevent attacks that could affect productivity.

The National Institute of Standards and Technology (NIST)

a U.S.-based agency that develops multiple voluntary compliance frameworks that organizations worldwide can use to help manage short or longterm risks. The more aligned an organization is with compliance, the lower the risk.

Social engineering attack

a manipulation technique that exploits human error to gain private information, access, or valuables. Some forms of social engineering attacks that you will continue to learn about throughout the program are: Phishing Smishing Vishing Spear phishing Whaling Social media phishing Business Email Compromise (BEC) Watering hole attack USB (Universal Serial Bus) baiting Physical social engineering Social engineering attacks are related to the security and risk management domain.

playbook

a manual that provides details about any operational action, such as how to respond to a security incident.

Center for Internet Security (CIS®)

a nonprofit with multiple areas of emphasis. It provides a set of controls that can be used to safeguard systems and networks against attacks. Its purpose is to help organizations establish a better plan of defense. CIS also provides actionable controls that security professionals may follow if a security incident occurs.

SQL (Structured Query Language)

a programming language used to create, interact with, and request information from a database.

log

a record of events that occur within an organization's systems. Examples include records of employees signing into their computers or accessing web-based services

Network protocol analyzers (packet sniffers)

a tool designed to capture and analyze data traffic in a network. This means that the tool keeps a record of all the data that a computer within an organization's network encounters

SIEM Tools

an application that collects and analyzes log data to monitor critical activities in an organization

intrusion detection system (IDS)

an application that monitors system activity and alerts on possible intrusions. The system scans and analyzes network packets, which carry small amounts of data through a network

Security frameworks

are guidelines used for building plans to help mitigate risks and threats to data and privacy.

Security controls

are safeguards designed to reduce specific security risks. They are used with security frameworks to establish a strong security posture.

Equifax Breach

attackers successfully infiltrated the credit reporting agency, This resulted in one of the largest known data breaches of sensitive information. Over 143 million customer records were stolen, and the breach affected approximately 40% of all Americans. Play video starting at :3:16 and follow The records included personally identifiable information including social security numbers, birth dates, driver's license numbers, home addresses, and credit card numbers

International Organization for Standardization (ISO)

created to establish international standards related to technology, manufacturing, and management across borders. It helps organizations improve their processes and procedures for staff retention, planning, waste, and services.

identity and access management

focuses on keeping data secure, by ensuring users follow established policies to control and manage physical assets, like office spaces, and logical assets, such as networks and applications. Validating the identities of employees and documenting access roles are essential to maintaining the organization's physical and digital security. For example, as a security analyst, you may be tasked with setting up employees' keycard access to buildings.

Programming

is a process that can be used to create a specific set of instructions for a computer to execute tasks. These tasks can include: Automation of repetitive tasks (e.g., searching a list of malicious domains) Reviewing web traffic Alerting suspicious activity

physical attack

is a security incident that affects not only digital but also physical environments where the incident is deployed. Some forms of physical attacks are: Malicious USB cable Malicious flash drive Card cloning and skimming Physical attacks fall under the asset security domain.

Adversarial artificial intelligence

is a technique that manipulates artificial intelligence and machine learning technology to conduct attacks more efficiently. Adversarial artificial intelligence falls under both the communication and network security and the identity and access management domains.

password attack

is an attempt to access password-secured devices, systems, networks, or data. Some forms of password attacks that you'll learn about later in the certificate program are: Brute force Rainbow table Password attacks fall under the communication and network security domain.

Threat Actor

is any person or group who presents a security risk. This risk can relate to computers, applications, networks, and data.

web vulnerability

is malicious code or behavior that's used to take advantage of coding flaws in a web application. Vulnerable web applications can be exploited by threat actors, allowing unauthorized access, data theft, and malware deployment.

Network security

is the practice of keeping an organization's network infrastructure secure from unauthorized access. This includes data, services, systems, and devices that are stored in an organization's network.

Cloud security

is the process of ensuring that assets stored in the cloud are properly configured, or set up correctly, and access to those assets is limited to authorized users. The cloud is a network made up of a collection of servers or computers that store resources and data in remote physical locations known as data centers that can be accessed via the internet. Cloud security is a growing subfield of cybersecurity that specifically focuses on the protection of data, applications, and infrastructure in the cloud.

Plaintext

normal text that has not been encrypted

chain of custody playbook

the process of documenting evidence possession and control during an incident lifecycle. As a security analyst involved in a forensic analysis, you will work with the computer data that was breached. You and the forensic team will also need to document who, what, where, and why you have the collected evidence. The evidence is your responsibility while it is in your possession. Evidence must be kept safe and tracked. Every time evidence is moved, it should be reported. This allows all parties involved to know exactly where the evidence is at all times.

protecting and preserving evidence playbook

the process of properly working with fragile and volatile digital evidence. As a security analyst, understanding what fragile and volatile digital evidence is, along with why there is a procedure, is critical. As you follow this playbook, you will consult the order of volatility, which is a sequence outlining the order of data that must be preserved from first to last. It prioritizes volatile data, which is data that may be lost if the device in question powers off, regardless of the reason. While conducting an investigation, improper management of digital evidence can compromise and alter that evidence. When evidence is improperly managed during an investigation, it can no longer be used. For this reason, the first priority in any investigation is to properly preserve the data. You can preserve the data by making copies and conducting your investigation using those copies.

Encoding

uses a public conversion algorithm to enable systems that use different data representations to share information

Brain Virus

virus used to track illegal copies of medical software and prevent pirated licenses and fundamentally altered the computing industry, emphasizing the need for a plan to maintain security and productivity.

security control (example)

your company may have a guideline that requires all employees to complete a privacy training to reduce the risk of data breaches