Glossary

General Cybersecurity Concepts

• Cybersecurity: The practice of protecting networks, devices, people, and data from unauthorized access and criminal exploitation.

• CIA Triad: A model guiding organizations in risk management regarding confidentiality, integrity, and availability.

• Compliance: Adhering to internal standards and external regulations.

• Security Governance: Practices that define and direct an organization’s security efforts.

• Security Ethics: Guidelines for making ethical decisions in security roles.

• Security Frameworks: Guidelines for building plans to mitigate risks to data and privacy.

Confidentiality, Integrity, and Availability

• Confidentiality: Ensuring that only authorized users can access specific assets or data.

• Integrity: The assurance that data is correct, authentic, and reliable.

• Availability: Ensuring that data is accessible to authorized users.

Threats and Vulnerabilities

• Threat: Any event that can negatively impact assets.

• Threat Actor: Individuals or groups posing security risks.

• Internal Threat: Current or former employees or trusted partners posing a security risk.

• External Threat: Risks posed by individuals or entities outside the organization.

Types of Attacks

• Adversarial Artificial Intelligence: Techniques that manipulate AI and machine learning to conduct attacks efficiently.

• Phishing: Digital communications designed to trick individuals into revealing sensitive data.

• Spear Phishing: Targeted phishing attacks directed at specific individuals.

• Social Engineering: Techniques exploiting human error to gain private information.

• Vishing: Exploiting voice communication to obtain sensitive information.

• USB Baiting: Leaving malware-infected USB drives for users to find and connect.

• Watering Hole Attack: Compromising a website frequented by a specific user group.

• Supply-Chain Attack: Targeting vulnerabilities in systems, applications, or software.

• Physical Attack: Security incidents affecting both digital and physical environments.

• Physical Social Engineering: Impersonating individuals to gain unauthorized physical access.

Security Measures and Tools

• Antivirus Software: Programs used to prevent, detect, and eliminate malware and viruses.

• Malware: Software designed to harm devices or networks.

• Intrusion Detection System (IDS): An application that monitors system activity for potential intrusions.

• Security Information and Event Management (SIEM): Applications that collect and analyze log data for monitoring.

• Network Security: Practices to secure an organization's network from unauthorized access.

• Cloud Security: Ensuring that cloud-stored assets are configured correctly and accessible only to authorized users.

• Security Controls: Safeguards to reduce specific security risks.

Data and Privacy

• Personally Identifiable Information (PII): Information that can be used to infer an individual’s identity.

• Sensitive Personally Identifiable Information (SPII): A specific type of PII with stricter handling guidelines.

• Protected Health Information (PHI): Information regarding an individual’s health or medical conditions.

• Privacy Protection: Safeguarding personal information from unauthorized use.

Technical Skills

• Technical Skills: Skills requiring knowledge of specific tools and procedures.

• Programming: Creating instructions for computers.

• SQL (Structured Query Language): A programming language for managing databases.

• Using SIEM Tools: Familiarity with tools for security information and event management.

Roles and Responsibilities

• Cybersecurity Analyst: Focuses on monitoring networks for breaches, developing security strategies, and researching IT security trends.

• Security Architecture: A design composed of components to protect an organization from risks.

• Security Posture: An organization's ability to manage its defense against threats.

Regulatory and Compliance

• Health Insurance Portability and Accountability Act (HIPAA): U.S. federal law protecting patients’ health information.

• National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF): A voluntary framework with standards to manage cybersecurity risk.

Analyst is more focused on operations Enginereer can do operations but also builds the detections and do more project focused work

A playbook is a list of how to go through a certain detection and what the analyst needs to look at in order to investigate those incidents

Viruses, Malware, Social Engineering, The Digital Age and Security Domains

Common Attacks + Effectiveness

Previously, you learned about past and present attacks that helped shape the cybersecurity industry. These included the LoveLetter attack, also called the ILOVEYOU virus, and the Morris worm. One outcome was the establishment of response teams, which are now commonly referred to as computer security incident response teams (CSIRTs). In this reading, you will learn more about common methods of attack. Becoming familiar with different attack methods, and the evolving tactics and techniques threat actors use, will help you better protect organizations and people.

Phishing

Phishing is the use of digital communications to trick people into revealing sensitive data or deploying malicious software.

Some of the most common types of phishing attacks today include:

• Business Email Compromise (BEC): A threat actor sends an email message that seems to be from a known source to make a seemingly legitimate request for information, in order to obtain a financial advantage.

• Spear phishing: A malicious email attack that targets a specific user or group of users. The email seems to originate from a trusted source.

• Whaling: A form of spear phishing. Threat actors target company executives to gain access to sensitive data.

• Vishing: The exploitation of electronic voice communication to obtain sensitive information or to impersonate a known source.

• Smishing: The use of text messages to trick users, in order to obtain sensitive information or to impersonate a known source.

Malware

Malware is software designed to harm devices or networks. There are many types of malware. The primary purpose of malware is to obtain money, or in some cases, an intelligence advantage that can be used against a person, an organization, or a territory.

Some of the most common types of malware attacks today include:

• Viruses: Malicious code written to interfere with computer operations and cause damage to data and software. A virus needs to be initiated by a user (i.e., a threat actor), who transmits the virus via a malicious attachment or file download. When someone opens the malicious attachment or download, the virus hides itself in other files in the now infected system. When the infected files are opened, it allows the virus to insert its own code to damage and/or destroy data in the system.

• Worms: Malware that can duplicate and spread itself across systems on its own. In contrast to a virus, a worm does not need to be downloaded by a user. Instead, it self-replicates and spreads from an already infected computer to other devices on the same network.

• Ransomware: A malicious attack where threat actors encrypt an organization's data and demand payment to restore access.

• Spyware: Malware that’s used to gather and sell information without consent. Spyware can be used to access devices. This allows threat actors to collect personal data, such as private emails, texts, voice and image recordings, and locations.

Social Engineering

Social engineering is a manipulation technique that exploits human error to gain private information, access, or valuables. Human error is usually a result of trusting someone without question. It’s the mission of a threat actor, acting as a social engineer, to create an environment of false trust and lies to exploit as many people as possible.

Some of the most common types of social engineering attacks today include:

• Social media phishing: A threat actor collects detailed information about their target from social media sites. Then, they initiate an attack.

• Watering hole attack: A threat actor attacks a website frequently visited by a specific group of users.

• USB baiting: A threat actor strategically leaves a malware USB stick for an employee to find and install, to unknowingly infect a network.

• Physical social engineering: A threat actor impersonates an employee, customer, or vendor to obtain unauthorized access to a physical location.

Social engineering principles

Social engineering is incredibly effective. This is because people are generally trusting and conditioned to respect authority. The number of social engineering attacks is increasing with every new social media application that allows public access to people's data. Although sharing personal data—such as your location or photos—can be convenient, it’s also a risk.

Reasons why social engineering attacks are effective include:

• Authority: Threat actors impersonate individuals with power. This is because people, in general, have been conditioned to respect and follow authority figures.

• Intimidation: Threat actors use bullying tactics. This includes persuading and intimidating victims into doing what they’re told.

• Consensus/Social proof: Because people sometimes do things that they believe many others are doing, threat actors use others’ trust to pretend they are legitimate. For example, a threat actor might try to gain access to private data by telling an employee that other people at the company have given them access to that data in the past.

• Scarcity: A tactic used to imply that goods or services are in limited supply.

• Familiarity: Threat actors establish a fake emotional connection with users that can be exploited.

• Trust: Threat actors establish an emotional relationship with users that can be exploited over time. They use this relationship to develop trust and gain personal information.

• Urgency: A threat actor persuades others to respond quickly and without questioning.

Key takeaways

In this reading, you learned about some common attacks and their impacts. You also learned about social engineering and why it’s so successful. While this is only a brief introduction to attack types, you will have many opportunities throughout the program to further develop your understanding of how to identify and defend against cybersecurity attacks.

• Types of Malware

  More Terms

  Virus= Malware Computer Virus: malicious code- it attatches itself to programs or network in the computer. A malware program that modifies other computer programs by inserting its own code to damage and/or destroy data

  Worm: Malware that self-replicates, spreading across the network and infecting computers

  Ransomware: A malicious attack during which threat actors encrypt an organization's data and demand payment to restore access Spyware: Malicious software installed on a user’s computer without their permission, which is used to spy on and steal user data Phishing: The use of digital communications to trick people into revealing sensitive data or deploying malicious software Spear Phishing: The use of digital communications to trick people into revealing sensitive data or deploying malicious software Whaling: A form of spear phishing during which threat actors target executives in order to gain access to sensitive data Business Email Compromise (BEC) : An attack in which a threat actor impersonates a known source to obtain a financial advantage Example of: Phishing

• CISSP domains

  Security domains are core security concepts within the feild CISSP has defined 8 domains These domains are related and gaps in one of them can result in negative consequences for the organization.

  Security and Risk Management- Defines security goals and objectives, risk management, compliance, business continuity and the law. They may need to update company policies related to private health information if a change is made to a federal compliance regulation (health insurance portability and accountability act HPPA)

  Asset Security- secures digital and physical assets as well as the storage, maintenance, retention and destruction of date May be tasks with properly disposing of old equipment and confidential information Security Architecture and Engineering- optimizing data security by ensuring effective tools, systems and processes are in place Eg. Configuring a firewall- a device used to monitor and filter incoming and outgoing computer network traffic and helps prevent attacks Commination and network security- managing and securing physical networks and wireless communications Eg. Analyse user behaviour within the organization. Creating a network policy to prevent and mitigate exposure to risks Identity and Access Management- Keeps data secure by ensuring users follow established policies to control and manage physical assets like office spaces, and logical assets such as networks and applications eg. Set up employees keycard access to buildings Security Assessment and Testing- Conducting security control testing, collecting and analyzing data, conducting security audits to monitor for risk, threats and vulnerabilities eg. Conduct audits of user permissions to check access, eg audit permission to access payroll info Security operations- conducts investigations and implements preventative measures. Eg. If an unknown device is connected to your internal network- follows policies and procedures to quickly stop the threat Software development security- Uses secure coding practices which are a set of recommended guidelines that are used to create secure application and services eg. Work with software dev teams to ensure security practices are incorporated into the life cycle- advising on password policies and ensure proper management of user data

• How organizations protect themselves

  Frameworks Controls Ethics

  Understand the threats and create policies and procedures around the threats.

  Security Frameworks and Controls -Confidentiality Integrity and Availability Triad (CIA Triad)

  • Ethical concerns in the field.

  You receive alerts You must implement additional security measures Start by identifying the organizations critical assets and risks Implement necessary frameworks and controls

  Security frameworks are guidelines to create plans to mitigate risks

  A security lifestyle is a constantly evolving set of policies

  Frameworks Protect PII, Secure financial info,

  Frameworks have 4 core component

  1. identify and document goals eg. Align with regulations, GDPR

  2. Set guidelines to achieve security goals- eg develop new policies

• Types of attacks

  Determine the type of attack

  Previously, you learned about the eight Certified Information Systems Security Professional (CISSP) security domains. The domains can help you better understand how a security analyst's job duties can be organized into categories. Additionally, the domains can help establish an understanding of how to manage risk. In this reading, you will learn about additional methods of attack. You’ll also be able to recognize the types of risk these attacks present.

  !https://d3c33hcgiwev3.cloudfront.net/imageAssetProxy.v1/fJ0g68UxToW3OSJob2ecKg_30973561259c420c8fe8ae7697cf10f1_CS_R-021_Security-domains.png?expiry=1727913600000&hmac=a4BCnYM-Rq_T4sEA4g01YfVYrWDtjDb86DG9Dh2U3Xo

  Attack types

  Password attack

  A password attack is an attempt to access password-secured devices, systems, networks, or data. Some forms of password attacks that you’ll learn about later in the certificate program are:

  • Brute force

  • Rainbow table

  Password attacks fall under the communication and network security domain.

  Social engineering attack

  Social engineering is a manipulation technique that exploits human error to gain private information, access, or valuables. Some forms of social engineering attacks that you will continue to learn about throughout the program are:

  • Phishing

  • Smishing

  • Vishing

  • Spear phishing

  • Whaling

  • Social media phishing

  • Business Email Compromise (BEC)

  • Watering hole attack

  • USB (Universal Serial Bus) baiting

  • Physical social engineering

  Social engineering attacks are related to the security and risk management domain.

  Physical attack

  A physical attack is a security incident that affects not only digital but also physical environments where the incident is deployed. Some forms of physical attacks are:

  • Malicious USB cable

  • Malicious flash drive

  • Card cloning and skimming

  Physical attacks fall under the asset security domain.

  Adversarial artificial intelligence

  Adversarial artificial intelligence is a technique that manipulates artificial intelligence and machine learning technology to conduct attacks more efficiently. Adversarial artificial intelligence falls under both the communication and network security and the identity and access management domains.

  Supply-chain attack

  A supply-chain attack targets systems, applications, hardware, and/or software to locate a vulnerability where malware can be deployed. Because every item sold undergoes a process that involves third parties, this means that the security breach can occur at any point in the supply chain. These attacks are costly because they can affect multiple organizations and the individuals who work for them. Supply-chain attacks can fall under several domains, including but not limited to the security and risk management, security architecture and engineering, and security operations domains.

  Cryptographic attack

  A cryptographic attack affects secure forms of communication between a sender and intended recipient. Some forms of cryptographic attacks are:

  • Birthday

  • Collision

  • Downgrade

  Cryptographic attacks fall under the communication and network security domain.

  Key takeaways

  The eight CISSP security domains can help an organization and its security team fortify against and prepare for a data breach. Data breaches range from simple to complex and fall under one or more domains. Note that the methods of attack discussed are only a few of many. These and other types of attacks will be discussed throughout the certificate program.

  Resources for more information

  To view detailed information and definitions of terms covered in this reading, visit the National Institute of Standards and Technology (NIST) glossary.

  Pro tip: If you cannot find a term in the NIST glossary, enter the appropriate search term (e.g., “cybersecurity birthday attack”) into your preferred search engine to locate the definition in another reliable source such as a .edu or .gov site.

• Understand attackers

  Understand attackers

  Previously, you were introduced to the concept of threat actors. As a reminder, a threat actor is any person or group who presents a security risk. In this reading, you’ll learn about different types of threat actors. You will also learn about their motivations, intentions, and how they’ve influenced the security industry.

  Threat actor types

  Advanced persistent threats

  Advanced persistent threats (APTs) have significant expertise accessing an organization's network without authorization. APTs tend to research their targets (e.g., large corporations or government entities)  in advance and can remain undetected for an extended period of time. Their intentions and motivations can include:

  • Damaging critical infrastructure, such as the power grid and natural resources

  • Gaining access to intellectual property, such as trade secrets or patents

  Insider threats

  Insider threats abuse their authorized access to obtain data that may harm an organization. Their intentions and motivations can include:

  • Sabotage

  • Corruption

  • Espionage

  • Unauthorized data access or leaks

  Hacktivists

  Hacktivists are threat actors that are driven by a political agenda. They abuse digital technology to accomplish their goals, which may include:

  • Demonstrations

  • Propaganda

  • Social change campaigns

  • Fame

  Hacker types

  !https://d3c33hcgiwev3.cloudfront.net/imageAssetProxy.v1/OHc71ylUQoWnWRkgeKXEgw_2c16d4ed0420478c938c9af9257ccff1_image1.png?expiry=1727913600000&hmac=xW5CV6qpZdhfqoTeRnmkEN4YyffZEIBELHGQoRKc50I

  A hacker is any person who uses computers to gain access to computer systems, networks, or data. They can be beginner or advanced technology professionals who use their skills for a variety of reasons. There are three main categories of hackers:

  • Authorized hackers are also called ethical hackers. They follow a code of ethics and adhere to the law to conduct organizational risk evaluations. They are motivated to safeguard people and organizations from malicious threat actors.

  • Semi-authorized hackers are considered researchers. They search for vulnerabilities but don’t take advantage of the vulnerabilities they find.

  • Unauthorized hackers are also called unethical hackers. They are malicious threat actors who do not follow or respect the law. Their goal is to collect and sell confidential data for financial gain.

  Note: There are multiple hacker types that fall into one or more of these three categories.

  New and unskilled threat actors have various goals, including:

  • To learn and enhance their hacking skills

  • To seek revenge

  • To exploit security weaknesses by using existing malware, programming scripts, and other tactics

  Other types of hackers are not motivated by any particular agenda other than completing the job they were contracted to do. These types of hackers can be considered unethical or ethical hackers. They have been known to work on both illegal and legal tasks for pay.

  There are also hackers who consider themselves vigilantes. Their main goal is to protect the world from unethical hackers.

  Key takeaways

  Threat actors are defined by their malicious intent and hackers are defined by their technical skills and motivations. Understanding their motivations and intentions will help you be better prepared to protect your organization and the people it serves from malicious attacks carried out by some of these individuals and groups.

  Resources for more information

  To learn more about how security teams work to keep organizations and people safe, explore the Hacking Google series of videos.

  Mark as completed

  Like

  Dislike

  Report an issue

• Module 2 Glossary

  Terms and definitions from Course 1, Module 2

  Adversarial artificial intelligence (AI): A technique that manipulates artificial intelligence (AI) and machine learning (ML) technology to conduct attacks more efficiently

  Business Email Compromise (BEC): A type of phishing attack where a threat actor impersonates a known source to obtain financial advantage

  CISSP: Certified Information Systems Security Professional is a globally recognized and highly sought-after information security certification, awarded by the International Information Systems Security Certification Consortium

  Computer virus: Malicious code written to interfere with computer operations and cause damage to data and software

  Cryptographic attack: An attack that affects secure forms of communication between a sender and intended recipient

  Hacker: Any person who uses computers to gain access to computer systems, networks, or data

  Malware: Software designed to harm devices or networks

  Password attack: An attempt to access password secured devices, systems, networks, or data

  Phishing: The use of digital communications to trick people into revealing sensitive data or deploying malicious software

  Physical attack: A security incident that affects not only digital but also physical environments where the incident is deployed

  Physical social engineering: An attack in which a threat actor impersonates an employee, customer, or vendor to obtain unauthorized access to a physical location

  Social engineering: A manipulation technique that exploits human error to gain private information, access, or valuables

  Social media phishing: A type of attack where a threat actor collects detailed information about their target on social media sites before initiating the attack

  Spear phishing: A malicious email attack targeting a specific user or group of users, appearing to originate from a trusted source

  Supply-chain attack: An attack that targets systems, applications, hardware, and/or software to locate a vulnerability where malware can be deployed

  USB baiting: An attack in which a threat actor strategically leaves a malware USB stick for an employee to find and install to unknowingly infect a network

  Virus: refer to “computer virus”

  Vishing: The exploitation of electronic voice communication to obtain sensitive information or to impersonate a known source

  Watering hole attack: A type of attack when a threat actor compromises a website frequently visited by a specific group of users

  Phishing

  Phishing is the use of digital communications to trick people into revealing sensitive data or deploying malicious software.

  Some of the most common types of phishing attacks today include:

  • Business Email Compromise (BEC): A threat actor sends an email message that seems to be from a known source to make a seemingly legitimate request for information, in order to obtain a financial advantage.

  • Spear phishing: A malicious email attack that targets a specific user or group of users. The email seems to originate from a trusted source.

  • Whaling: A form of spear phishing. Threat actors target company executives to gain access to sensitive data.

  • Vishing: The exploitation of electronic voice communication to obtain sensitive information or to impersonate a known source.

  • Smishing: The use of text messages to trick users, in order to obtain sensitive information or to impersonate a known source.

  Malware

  Malware is software designed to harm devices or networks. There are many types of malware. The primary purpose of malware is to obtain money, or in some cases, an intelligence advantage that can be used against a person, an organization, or a territory.

  Some of the most common types of malware attacks today include:

  • Viruses: Malicious code written to interfere with computer operations and cause damage to data and software. A virus needs to be initiated by a user (i.e., a threat actor), who transmits the virus via a malicious attachment or file download. When someone opens the malicious attachment or download, the virus hides itself in other files in the now infected system. When the infected files are opened, it allows the virus to insert its own code to damage and/or destroy data in the system.

  • Worms: Malware that can duplicate and spread itself across systems on its own. In contrast to a virus, a worm does not need to be downloaded by a user. Instead, it self-replicates and spreads from an already infected computer to other devices on the same network.

  • Ransomware: A malicious attack where threat actors encrypt an organization's data and demand payment to restore access.

  • Spyware: Malware that’s used to gather and sell information without consent. Spyware can be used to access devices. This allows threat actors to collect personal data, such as private emails, texts, voice and image recordings, and locations.

  Social Engineering

  Social engineering is a manipulation technique that exploits human error to gain private information, access, or valuables. Human error is usually a result of trusting someone without question. It’s the mission of a threat actor, acting as a social engineer, to create an environment of false trust and lies to exploit as many people as possible.

  Some of the most common types of social engineering attacks today include:

  • Social media phishing: A threat actor collects detailed information about their target from social media sites. Then, they initiate an attack.

  • Watering hole attack: A threat actor attacks a website frequently visited by a specific group of users.

  • USB baiting: A threat actor strategically leaves a malware USB stick for an employee to find and install, to unknowingly infect a network.

  • Physical social engineering: A threat actor impersonates an employee, customer, or vendor to obtain unauthorized access to a physical location.

  Social engineering principles

  Social engineering is incredibly effective. This is because people are generally trusting and conditioned to respect authority. The number of social engineering attacks is increasing with every new social media application that allows public access to people's data. Although sharing personal data—such as your location or photos—can be convenient, it’s also a risk.

  Reasons why social engineering attacks are effective include:

  • Authority: Threat actors impersonate individuals with power. This is because people, in general, have been conditioned to respect and follow authority figures.

  • Intimidation: Threat actors use bullying tactics. This includes persuading and intimidating victims into doing what they’re told.

  • Consensus/Social proof: Because people sometimes do things that they believe many others are doing, threat actors use others’ trust to pretend they are legitimate. For example, a threat actor might try to gain access to private data by telling an employee that other people at the company have given them access to that data in the past.

  • Scarcity: A tactic used to imply that goods or services are in limited supply.

  • Familiarity: Threat actors establish a fake emotional connection with users that can be exploited.

  • Trust: Threat actors establish an emotional relationship with users that can be exploited over time. They use this relationship to develop trust and gain personal information.

  • Urgency: A threat actor persuades others to respond quickly and without questioning.

• ---

  ---

Viruses, Malware, Social Engineering, The Digital Age and Security Domains

Common Attacks + Effectiveness

Previously, you learned about past and present attacks that helped shape the cybersecurity industry. These included the LoveLetter attack, also called the ILOVEYOU virus, and the Morris worm. One outcome was the establishment of response teams, which are now commonly referred to as computer security incident response teams (CSIRTs). In this reading, you will learn more about common methods of attack. Becoming familiar with different attack methods, and the evolving tactics and techniques threat actors use, will help you better protect organizations and people.

Phishing

Phishing is the use of digital communications to trick people into revealing sensitive data or deploying malicious software.

Some of the most common types of phishing attacks today include:

• Business Email Compromise (BEC): A threat actor sends an email message that seems to be from a known source to make a seemingly legitimate request for information, in order to obtain a financial advantage.

• Spear phishing: A malicious email attack that targets a specific user or group of users. The email seems to originate from a trusted source.

• Whaling: A form of spear phishing. Threat actors target company executives to gain access to sensitive data.

• Vishing: The exploitation of electronic voice communication to obtain sensitive information or to impersonate a known source.

• Smishing: The use of text messages to trick users, in order to obtain sensitive information or to impersonate a known source.

Malware

Malware is software designed to harm devices or networks. There are many types of malware. The primary purpose of malware is to obtain money, or in some cases, an intelligence advantage that can be used against a person, an organization, or a territory.

Some of the most common types of malware attacks today include:

• Viruses: Malicious code written to interfere with computer operations and cause damage to data and software. A virus needs to be initiated by a user (i.e., a threat actor), who transmits the virus via a malicious attachment or file download. When someone opens the malicious attachment or download, the virus hides itself in other files in the now infected system. When the infected files are opened, it allows the virus to insert its own code to damage and/or destroy data in the system.

• Worms: Malware that can duplicate and spread itself across systems on its own. In contrast to a virus, a worm does not need to be downloaded by a user. Instead, it self-replicates and spreads from an already infected computer to other devices on the same network.

• Ransomware: A malicious attack where threat actors encrypt an organization's data and demand payment to restore access.

• Spyware: Malware that’s used to gather and sell information without consent. Spyware can be used to access devices. This allows threat actors to collect personal data, such as private emails, texts, voice and image recordings, and locations.

Social Engineering

Social engineering is a manipulation technique that exploits human error to gain private information, access, or valuables. Human error is usually a result of trusting someone without question. It’s the mission of a threat actor, acting as a social engineer, to create an environment of false trust and lies to exploit as many people as possible.

Some of the most common types of social engineering attacks today include:

• Social media phishing: A threat actor collects detailed information about their target from social media sites. Then, they initiate an attack.

• Watering hole attack: A threat actor attacks a website frequently visited by a specific group of users.

• USB baiting: A threat actor strategically leaves a malware USB stick for an employee to find and install, to unknowingly infect a network.

• Physical social engineering: A threat actor impersonates an employee, customer, or vendor to obtain unauthorized access to a physical location.

Social engineering principles

Social engineering is incredibly effective. This is because people are generally trusting and conditioned to respect authority. The number of social engineering attacks is increasing with every new social media application that allows public access to people's data. Although sharing personal data—such as your location or photos—can be convenient, it’s also a risk.

Reasons why social engineering attacks are effective include:

• Authority: Threat actors impersonate individuals with power. This is because people, in general, have been conditioned to respect and follow authority figures.

• Intimidation: Threat actors use bullying tactics. This includes persuading and intimidating victims into doing what they’re told.

• Consensus/Social proof: Because people sometimes do things that they believe many others are doing, threat actors use others’ trust to pretend they are legitimate. For example, a threat actor might try to gain access to private data by telling an employee that other people at the company have given them access to that data in the past.

• Scarcity: A tactic used to imply that goods or services are in limited supply.

• Familiarity: Threat actors establish a fake emotional connection with users that can be exploited.

• Trust: Threat actors establish an emotional relationship with users that can be exploited over time. They use this relationship to develop trust and gain personal information.

• Urgency: A threat actor persuades others to respond quickly and without questioning.

Key takeaways

In this reading, you learned about some common attacks and their impacts. You also learned about social engineering and why it’s so successful. While this is only a brief introduction to attack types, you will have many opportunities throughout the program to further develop your understanding of how to identify and defend against cybersecurity attacks.

Types of Malware

Virus= Malware Computer Virus: malicious code- it attatches itself to programs or network in the computer. A malware program that modifies other computer programs by inserting its own code to damage and/or destroy data

Worm: Malware that self-replicates, spreading across the network and infecting computers

Ransomware: A malicious attack during which threat actors encrypt an organization's data and demand payment to restore access Spyware: Malicious software installed on a user’s computer without their permission, which is used to spy on and steal user data Phishing: The use of digital communications to trick people into revealing sensitive data or deploying malicious software Spear Phishing: The use of digital communications to trick people into revealing sensitive data or deploying malicious software Whaling: A form of spear phishing during which threat actors target executives in order to gain access to sensitive data Business Email Compromise (BEC) : An attack in which a threat actor impersonates a known source to obtain a financial advantage Example of: Phishing

CISSP domains

Security domains are core security concepts within the feild CISSP has defined 8 domains These domains are related and gaps in one of them can result in negative consequences for the organization.

Security and Risk Management- Defines security goals and objectives, risk management, compliance, business continuity and the law. They may need to update company policies related to private health information if a change is made to a federal compliance regulation (health insurance portability and accountability act HPPA)

Asset Security- secures digital and physical assets as well as the storage, maintenance, retention and destruction of date May be tasks with properly disposing of old equipment and confidential information Security Architecture and Engineering- optimizing data security by ensuring effective tools, systems and processes are in place Eg. Configuring a firewall- a device used to monitor and filter incoming and outgoing computer network traffic and helps prevent attacks Commination and network security- managing and securing physical networks and wireless communications Eg. Analyse user behaviour within the organization. Creating a network policy to prevent and mitigate exposure to risks Identity and Access Management- Keeps data secure by ensuring users follow established policies to control and manage physical assets like office spaces, and logical assets such as networks and applications eg. Set up employees keycard access to buildings Security Assessment and Testing- Conducting security control testing, collecting and analyzing data, conducting security audits to monitor for risk, threats and vulnerabilities eg. Conduct audits of user permissions to check access, eg audit permission to access payroll info Security operations- conducts investigations and implements preventative measures. Eg. If an unknown device is connected to your internal network- follows policies and procedures to quickly stop the threat Software development security- Uses secure coding practices which are a set of recommended guidelines that are used to create secure application and services eg. Work with software dev teams to ensure security practices are incorporated into the life cycle- advising on password policies and ensure proper management of user data

How organizations protect themselves

Frameworks Controls Ethics

Understand the threats and create policies and procedures around the threats.

Security Frameworks and Controls -Confidentiality Integrity and Availability Triad (CIA Triad)

• Ethical concerns in the field.

You receive alerts You must implement additional security measures Start by identifying the organizations critical assets and risks Implement necessary frameworks and controls

Security frameworks are guidelines to create plans to mitigate risks

A security lifestyle is a constantly evolving set of policies

Frameworks Protect PII, Secure financial info,

Frameworks have 4 core component

1. identify and document goals eg. Align with regulations, GDPR

2. Set guidelines to achieve security goals- eg develop new policies

• Types of attacks

  Determine the type of attack

  Previously, you learned about the eight Certified Information Systems Security Professional (CISSP) security domains. The domains can help you better understand how a security analyst's job duties can be organized into categories. Additionally, the domains can help establish an understanding of how to manage risk. In this reading, you will learn about additional methods of attack. You’ll also be able to recognize the types of risk these attacks present.

  !https://d3c33hcgiwev3.cloudfront.net/imageAssetProxy.v1/fJ0g68UxToW3OSJob2ecKg_30973561259c420c8fe8ae7697cf10f1_CS_R-021_Security-domains.png?expiry=1727913600000&hmac=a4BCnYM-Rq_T4sEA4g01YfVYrWDtjDb86DG9Dh2U3Xo

  Attack types

  Password attack

  A password attack is an attempt to access password-secured devices, systems, networks, or data. Some forms of password attacks that you’ll learn about later in the certificate program are:

  • Brute force

  • Rainbow table

  Password attacks fall under the communication and network security domain.

  Social engineering attack

  Social engineering is a manipulation technique that exploits human error to gain private information, access, or valuables. Some forms of social engineering attacks that you will continue to learn about throughout the program are:

  • Phishing

  • Smishing

  • Vishing

  • Spear phishing

  • Whaling

  • Social media phishing

  • Business Email Compromise (BEC)

  • Watering hole attack

  • USB (Universal Serial Bus) baiting

  • Physical social engineering

  Social engineering attacks are related to the security and risk management domain.

  Physical attack

  A physical attack is a security incident that affects not only digital but also physical environments where the incident is deployed. Some forms of physical attacks are:

  • Malicious USB cable

  • Malicious flash drive

  • Card cloning and skimming

  Physical attacks fall under the asset security domain.

  Adversarial artificial intelligence

  Adversarial artificial intelligence is a technique that manipulates artificial intelligence and machine learning technology to conduct attacks more efficiently. Adversarial artificial intelligence falls under both the communication and network security and the identity and access management domains.

  Supply-chain attack

  A supply-chain attack targets systems, applications, hardware, and/or software to locate a vulnerability where malware can be deployed. Because every item sold undergoes a process that involves third parties, this means that the security breach can occur at any point in the supply chain. These attacks are costly because they can affect multiple organizations and the individuals who work for them. Supply-chain attacks can fall under several domains, including but not limited to the security and risk management, security architecture and engineering, and security operations domains.

  Cryptographic attack

  A cryptographic attack affects secure forms of communication between a sender and intended recipient. Some forms of cryptographic attacks are:

  • Birthday

  • Collision

  • Downgrade

  Cryptographic attacks fall under the communication and network security domain.

  Key takeaways

  The eight CISSP security domains can help an organization and its security team fortify against and prepare for a data breach. Data breaches range from simple to complex and fall under one or more domains. Note that the methods of attack discussed are only a few of many. These and other types of attacks will be discussed throughout the certificate program.

  Resources for more information

  To view detailed information and definitions of terms covered in this reading, visit the National Institute of Standards and Technology (NIST) glossary.

  Pro tip: If you cannot find a term in the NIST glossary, enter the appropriate search term (e.g., “cybersecurity birthday attack”) into your preferred search engine to locate the definition in another reliable source such as a .edu or .gov site.

• Understand attackers

  Understand attackers

  Previously, you were introduced to the concept of threat actors. As a reminder, a threat actor is any person or group who presents a security risk. In this reading, you’ll learn about different types of threat actors. You will also learn about their motivations, intentions, and how they’ve influenced the security industry.

  Threat actor types

  Advanced persistent threats

  Advanced persistent threats (APTs) have significant expertise accessing an organization's network without authorization. APTs tend to research their targets (e.g., large corporations or government entities)  in advance and can remain undetected for an extended period of time. Their intentions and motivations can include:

  • Damaging critical infrastructure, such as the power grid and natural resources

  • Gaining access to intellectual property, such as trade secrets or patents

  Insider threats

  Insider threats abuse their authorized access to obtain data that may harm an organization. Their intentions and motivations can include:

  • Sabotage

  • Corruption

  • Espionage

  • Unauthorized data access or leaks

  Hacktivists

  Hacktivists are threat actors that are driven by a political agenda. They abuse digital technology to accomplish their goals, which may include:

  • Demonstrations

  • Propaganda

  • Social change campaigns

  • Fame

  Hacker types

  !https://d3c33hcgiwev3.cloudfront.net/imageAssetProxy.v1/OHc71ylUQoWnWRkgeKXEgw_2c16d4ed0420478c938c9af9257ccff1_image1.png?expiry=1727913600000&hmac=xW5CV6qpZdhfqoTeRnmkEN4YyffZEIBELHGQoRKc50I

  A hacker is any person who uses computers to gain access to computer systems, networks, or data. They can be beginner or advanced technology professionals who use their skills for a variety of reasons. There are three main categories of hackers:

  • Authorized hackers are also called ethical hackers. They follow a code of ethics and adhere to the law to conduct organizational risk evaluations. They are motivated to safeguard people and organizations from malicious threat actors.

  • Semi-authorized hackers are considered researchers. They search for vulnerabilities but don’t take advantage of the vulnerabilities they find.

  • Unauthorized hackers are also called unethical hackers. They are malicious threat actors who do not follow or respect the law. Their goal is to collect and sell confidential data for financial gain.

  Note: There are multiple hacker types that fall into one or more of these three categories.

  New and unskilled threat actors have various goals, including:

  • To learn and enhance their hacking skills

  • To seek revenge

  • To exploit security weaknesses by using existing malware, programming scripts, and other tactics

  Other types of hackers are not motivated by any particular agenda other than completing the job they were contracted to do. These types of hackers can be considered unethical or ethical hackers. They have been known to work on both illegal and legal tasks for pay.

  There are also hackers who consider themselves vigilantes. Their main goal is to protect the world from unethical hackers.

  Key takeaways

  Threat actors are defined by their malicious intent and hackers are defined by their technical skills and motivations. Understanding their motivations and intentions will help you be better prepared to protect your organization and the people it serves from malicious attacks carried out by some of these individuals and groups.

  Resources for more information

  To learn more about how security teams work to keep organizations and people safe, explore the Hacking Google series of videos.

  Mark as completed

  Like

  Dislike

  Report an issue

Phishing

Phishing is the use of digital communications to trick people into revealing sensitive data or deploying malicious software.

Some of the most common types of phishing attacks today include:

• Business Email Compromise (BEC): A threat actor sends an email message that seems to be from a known source to make a seemingly legitimate request for information, in order to obtain a financial advantage.

• Spear phishing: A malicious email attack that targets a specific user or group of users. The email seems to originate from a trusted source.

• Whaling: A form of spear phishing. Threat actors target company executives to gain access to sensitive data.

• Vishing: The exploitation of electronic voice communication to obtain sensitive information or to impersonate a known source.

• Smishing: The use of text messages to trick users, in order to obtain sensitive information or to impersonate a known source.

Malware

Malware is software designed to harm devices or networks. There are many types of malware. The primary purpose of malware is to obtain money, or in some cases, an intelligence advantage that can be used against a person, an organization, or a territory.

Some of the most common types of malware attacks today include:

• Viruses: Malicious code written to interfere with computer operations and cause damage to data and software. A virus needs to be initiated by a user (i.e., a threat actor), who transmits the virus via a malicious attachment or file download. When someone opens the malicious attachment or download, the virus hides itself in other files in the now infected system. When the infected files are opened, it allows the virus to insert its own code to damage and/or destroy data in the system.

• Worms: Malware that can duplicate and spread itself across systems on its own. In contrast to a virus, a worm does not need to be downloaded by a user. Instead, it self-replicates and spreads from an already infected computer to other devices on the same network.

• Ransomware: A malicious attack where threat actors encrypt an organization's data and demand payment to restore access.

• Spyware: Malware that’s used to gather and sell information without consent. Spyware can be used to access devices. This allows threat actors to collect personal data, such as private emails, texts, voice and image recordings, and locations.

Social Engineering

Social engineering is a manipulation technique that exploits human error to gain private information, access, or valuables. Human error is usually a result of trusting someone without question. It’s the mission of a threat actor, acting as a social engineer, to create an environment of false trust and lies to exploit as many people as possible.

Some of the most common types of social engineering attacks today include:

• Social media phishing: A threat actor collects detailed information about their target from social media sites. Then, they initiate an attack.

• Watering hole attack: A threat actor attacks a website frequently visited by a specific group of users.

• USB baiting: A threat actor strategically leaves a malware USB stick for an employee to find and install, to unknowingly infect a network.

• Physical social engineering: A threat actor impersonates an employee, customer, or vendor to obtain unauthorized access to a physical location.

Social engineering principles

Social engineering is incredibly effective. This is because people are generally trusting and conditioned to respect authority. The number of social engineering attacks is increasing with every new social media application that allows public access to people's data. Although sharing personal data—such as your location or photos—can be convenient, it’s also a risk.

Reasons why social engineering attacks are effective include:

• Authority: Threat actors impersonate individuals with power. This is because people, in general, have been conditioned to respect and follow authority figures.

• Intimidation: Threat actors use bullying tactics. This includes persuading and intimidating victims into doing what they’re told.

• Consensus/Social proof: Because people sometimes do things that they believe many others are doing, threat actors use others’ trust to pretend they are legitimate. For example, a threat actor might try to gain access to private data by telling an employee that other people at the company have given them access to that data in the past.

• Scarcity: A tactic used to imply that goods or services are in limited supply.

• Familiarity: Threat actors establish a fake emotional connection with users that can be exploited.

• Trust: Threat actors establish an emotional relationship with users that can be exploited over time. They use this relationship to develop trust and gain personal information.

• Urgency: A threat actor persuades others to respond quickly and without questioning.

Analyst is more focused on operations Enginereer can do operations but also builds the detections and do more project focused work

A playbook is a list of how to go through a certain detection and what the analyst needs to look at in order to investigate those incidents

Morris worm Brain Virus Love letter attack Equifax breach

What are the 8 domains

Terms and definitions from Course 1, Module 3

Asset: An item perceived as having value to an organization

Availability: The idea that data is accessible to those who are authorized to access it

Compliance: The process of adhering to internal standards and external regulations

Confidentiality: The idea that only authorized users can access specific assets or data

Confidentiality, integrity, availability (CIA) triad: A model that helps inform how organizations consider risk when setting up systems and security policies

Hacktivist: A person who uses hacking to achieve a political goal

Health Insurance Portability and Accountability Act (HIPAA): A U.S. federal law established to protect patients' health information

Integrity: The idea that the data is correct, authentic, and reliable

National Institute of Standards and Technology (NIST) Cyber Security Framework (CSF): A voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity risk

Privacy protection: The act of safeguarding personal information from unauthorized use

Protected health information (PHI): Information that relates to the past, present, or future physical or mental health or condition of an individual

Security architecture: A type of security design composed of multiple components, such as tools and processes, that are used to protect an organization from risks and external threats

Security controls: Safeguards designed to reduce specific security risks

Security ethics: Guidelines for making appropriate decisions as a security professional

Security frameworks: Guidelines used for building plans to help mitigate risk and threats to data and privacy

Security governance: Practices that help support, define, and direct security efforts of an organization

Sensitive personally identifiable information (SPII): A specific type of PII that falls under stricter handling guidelines

GDPR - GDPR compliance-

Frameworks and Controls

Controls, frameworks, and compliance

Previously, you were introduced to security frameworks and how they provide a structured approach to implementing a security lifecycle. As a reminder, a security lifecycle is a constantly evolving set of policies and standards. In this reading, you will learn more about how security frameworks, controls, and compliance regulations—or laws—are used together to manage security and make sure everyone does their part to minimize risk.

How controls, frameworks, and compliance are related

The confidentiality, integrity, and availability (CIA) triad is a model that helps inform how organizations consider risk when setting up systems and security policies.

CIA are the three foundational principles used by cybersecurity professionals to establish appropriate controls that mitigate threats, risks, and vulnerabilities.

As you may recall, security controls are safeguards designed to reduce specific security risks. So they are used alongside frameworks to ensure that security goals and processes are implemented correctly and that organizations meet regulatory compliance requirements.

Security frameworks are guidelines used for building plans to help mitigate risks and threats to data and privacy. They have four core components:

1. Identifying and documenting security goals

2. Setting guidelines to achieve security goals

3. Implementing strong security processes

4. Monitoring and communicating results

Compliance is the process of adhering to internal standards and external regulations.

Specific controls, frameworks, and compliance

The National Institute of Standards and Technology (NIST) is a U.S.-based agency that develops multiple voluntary compliance frameworks that organizations worldwide can use to help manage risk. The more aligned an organization is with compliance, the lower the risk.

Examples of frameworks include the NIST Cybersecurity Framework (CSF) and the NIST Risk Management Framework (RMF).

Note: Specifications and guidelines can change depending on the type of organization you work for.

In addition to the NIST CSF and NIST RMF, there are several other controls, frameworks, and compliance standards that are important for security professionals to be familiar with to help keep organizations and the people they serve safe.

The Federal Energy Regulatory Commission - North American Electric Reliability Corporation (FERC-NERC)

FERC-NERC is a regulation that applies to organizations that work with electricity or that are involved with the U.S. and North American power grid. These types of organizations have an obligation to prepare for, mitigate, and report any potential security incident that can negatively affect the power grid. They are also legally required to adhere to the Critical Infrastructure Protection (CIP) Reliability Standards defined by the FERC.

The Federal Risk and Authorization Management Program (FedRAMP®)

FedRAMP is a U.S. federal government program that standardizes security assessment, authorization, monitoring, and handling of cloud services and product offerings. Its purpose is to provide consistency across the government sector and third-party cloud providers.

Center for Internet Security (CIS®)

CIS is a nonprofit with multiple areas of emphasis. It provides a set of controls that can be used to safeguard systems and networks against attacks. Its purpose is to help organizations establish a better plan of defense. CIS also provides actionable controls that security professionals may follow if a security incident occurs.

General Data Protection Regulation (GDPR)

GDPR is a European Union (E.U.) general data regulation that protects the processing of E.U. residents’ data and their right to privacy in and out of E.U. territory. For example, if an organization is not being transparent about the data they are holding about an E.U. citizen and why they are holding that data, this is an infringement that can result in a fine to the organization. Additionally, if a breach occurs and an E.U. citizen’s data is compromised, they must be informed. The affected organization has 72 hours to notify the E.U. citizen about the breach.

Payment Card Industry Data Security Standard (PCI DSS)

PCI DSS is an international security standard meant to ensure that organizations storing, accepting, processing, and transmitting credit card information do so in a secure environment. The objective of this compliance standard is to reduce credit card fraud.

The Health Insurance Portability and Accountability Act (HIPAA)

HIPAA is a U.S. federal law established in 1996 to protect patients' health information. This law prohibits patient information from being shared without their consent. It is governed by three rules:

1. Privacy

2. Security

3. Breach notification

Organizations that store patient data have a legal obligation to inform patients of a breach because if patients' Protected Health Information (PHI) is exposed, it can lead to identity theft and insurance fraud. PHI relates to the past, present, or future physical or mental health or condition of an individual, whether it’s a plan of care or payments for care. Along with understanding HIPAA as a law, security professionals also need to be familiar with the Health Information Trust Alliance (HITRUST®), which is a security framework and assurance program that helps institutions meet HIPAA compliance.

International Organization for Standardization (ISO)

ISO was created to establish international standards related to technology, manufacturing, and management across borders. It helps organizations improve their processes and procedures for staff retention, planning, waste, and services.

System and Organizations Controls (SOC type 1, SOC type 2)

The American Institute of Certified Public Accountants® (AICPA) auditing standards board developed this standard. The SOC1 and SOC2 are a series of reports that focus on an organization's user access policies at different organizational levels such as:

• Associate

• Supervisor

• Manager

• Executive

• Vendor

• Others

They are used to assess an organization’s financial compliance and levels of risk. They also cover confidentiality, privacy, integrity, availability, security, and overall data safety. Control failures in these areas can lead to fraud.

Pro tip: There are a number of regulations that are frequently revised. You are encouraged to keep up-to-date with changes and explore more frameworks, controls, and compliance. Two suggestions to research: the Gramm-Leach-Bliley Act and the Sarbanes-Oxley Act.

United States Presidential Executive Order 14028

On May 12, 2021, President Joe Biden released an executive order related to improving the nation’s cybersecurity to remediate the increase in threat actor activity. Remediation efforts are directed toward federal agencies and third parties with ties to U.S. [critical infrastructure](https://csrc.nist.gov/glossary/term/critical_infrastructure#:~:text=Definition(s)%3A,any combination of those matters.). For additional information, review the Executive Order on Improving the Nation’s Cybersecurity.

Key takeaways

In this reading you learned more about controls, frameworks, and compliance. You also learned how they work together to help organizations maintain a low level of risk.

As a security analyst, it’s important to stay up-to-date on common frameworks, controls, and compliance regulations and be aware of changes to the cybersecurity landscape to help ensure the safety of both organizations and people.

Ethical concepts that guide cybersecurity decisions

Previously, you were introduced to the concept of security ethics. Security ethics are guidelines for making appropriate decisions as a security professional. Being ethical requires that security professionals remain unbiased and maintain the security and confidentiality of private data. Having a strong sense of ethics can help you navigate your decisions as a cybersecurity professional so you’re able to mitigate threats posed by threat actors’ constantly evolving tactics and techniques. In this reading, you’ll learn about more ethical concepts that are essential to know so you can make appropriate decisions about how to legally and ethically respond to attacks in a way that protects organizations and people alike.

Ethical concerns and laws related to counterattacks

United States standpoint on counterattacks

In the U.S., deploying a counterattack on a threat actor is illegal because of laws like the Computer Fraud and Abuse Act of 1986 and the Cybersecurity Information Sharing Act of 2015, among others. You can only defend. The act of counterattacking in the U.S. is perceived as an act of vigilantism. A ****vigilante is a person who is not a member of law enforcement who decides to stop a crime on their own. And because threat actors are criminals, counterattacks can lead to further escalation of the attack, which can cause even more damage and harm. Lastly, if the threat actor in question is a state-sponsored hacktivist, a counterattack can lead to serious international implications. A hacktivist is a person who uses hacking to achieve a political goal. The political goal may be to promote social change or civil disobedience.

For these reasons, the only individuals in the U.S. who are allowed to counterattack are approved employees of the federal government or military personnel.

International standpoint on counterattacks

The International Court of Justice (ICJ), which updates its guidance regularly, states that a person or group can counterattack if:

• The counterattack will only affect the party that attacked first.

• The counterattack is a direct communication asking the initial attacker to stop.

• The counterattack does not escalate the situation.

• The counterattack effects can be reversed.

Organizations typically do not counterattack because the above scenarios and parameters are hard to measure. There is a lot of uncertainty dictating what is and is not lawful, and at times negative outcomes are very difficult to control. Counterattack actions generally lead to a worse outcome, especially when you are not an experienced professional in the field.

To learn more about specific scenarios and ethical concerns from an international perspective, review updates provided in the Tallinn Manual online.

Ethical principles and methodologies

Because counterattacks are generally disapproved of or illegal, the security realm has created frameworks and controls—such as the confidentiality, integrity, and availability (CIA) triad and others discussed earlier in the program—to address issues of confidentiality, privacy protections, and laws. To better understand the relationship between these issues and the ethical obligations of cybersecurity professionals, review the following key concepts as they relate to using ethics to protect organizations and the people they serve.

Confidentiality means that only authorized users can access specific assets or data. Confidentiality as it relates to professional ethics means that there needs to be a high level of respect for privacy to safeguard private assets and data.

Privacy protection means safeguarding personal information from unauthorized use. Personally identifiable information (PII) and sensitive personally identifiable information (SPII) ****are types of personal data that can cause people harm if they are stolen. PII data is any information used to infer an individual's identity, like their name and phone number. SPII data is a specific type of PII that falls under stricter handling guidelines, including social security numbers and credit card numbers. To effectively safeguard PII and SPII ****data, security professionals hold an ethical obligation to secure private information, identify security vulnerabilities, manage organizational risks, and align security with business goals.

Laws are rules that are recognized by a community and enforced by a governing entity. As a security professional, you will have an ethical obligation to protect your organization, its internal infrastructure, and the people involved with the organization. To do this:

• You must remain unbiased and conduct your work honestly, responsibly, and with the highest respect for the law.

• Be transparent and just, and rely on evidence.

• Ensure that you are consistently invested in the work you are doing, so you can appropriately and ethically address issues that arise.

• Stay informed and strive to advance your skills, so you can contribute to the betterment of the cyber landscape.

As an example, consider the Health Insurance Portability and Accountability Act (HIPAA), which is a U.S. federal law established to protect patients' health information, also known as PHI, or protected health information. This law prohibits patient information from being shared without their consent. So, as a security professional, you might help ensure that the organization you work for adheres to both its legal and ethical obligation to inform patients of a breach if their health care data is exposed.

Key takeaways

As a future security professional, ethics will play a large role in your daily work. Understanding ethics and laws will help you make the correct choices if and when you encounter a security threat or an incident that results in a breach.

Module 4

This section explores common tools like Network protocol analyzers (packet sniffers) Linux operating system Programming languages

Use tools to protect business operations

Previously, you were introduced to programming, operating systems, and tools commonly used by cybersecurity professionals. In this reading, you’ll learn more about programming and operating systems, as well as other tools that entry-level analysts use to help protect organizations and the people they serve.

Tools and their purposes

Programming

Programming is a process that can be used to create a specific set of instructions for a computer to execute tasks. Security analysts use programming languages, such as Python, to execute automation. Automation is the use of technology to reduce human and manual effort in performing common and repetitive tasks. Automation also helps reduce the risk of human error.

Another programming language used by analysts is called Structured Query Language (SQL). SQL is used to create, interact with, and request information from a database. A database is an organized collection of information or data. There can be millions of data points ****in a database. A data point is a specific piece of information.

Operating systems

An operating system is the interface between computer hardware and the user. Linux®, macOS®, and Windows are operating systems. They each offer different functionality and user experiences.

Previously, you were introduced to Linux as an open-source operating system. Open source means that the code is available to the public and allows people to make contributions to improve the software. Linux is not a programming language; however, it does involve the use of a command line within the operating system. A command is an instruction telling the computer to do something. A command-line interface ****is a text-based user interface that uses commands to interact with the computer. You will learn more about Linux, including the Linux kernel and GNU, in a later course.

Web vulnerability

A web vulnerability is a unique flaw in a web application that a threat actor could exploit by using malicious code or behavior, to allow unauthorized access, data theft, and malware deployment.

To stay up-to-date on the most critical risks to web applications, review the Open Web Application Security Project (OWASP) Top 10.

Antivirus software

Antivirus software is a software program used to prevent, detect, and eliminate malware and viruses. It is also called anti-malware. Depending on the type of antivirus software, it can scan the memory of a device to find patterns that indicate the presence of malware.

Intrusion detection system

An intrusion detection system (IDS) is an application that monitors system activity and alerts on possible intrusions. The system scans and analyzes network packets, which carry small amounts of data through a network. The small amount of data makes the detection process easier for an IDS to identify potential threats to sensitive data. Other occurrences an IDS might detect can include theft and unauthorized access.

Encryption

Encryption makes data unreadable and difficult to decode for an unauthorized user; its main goal is to ensure confidentiality of private data. Encryption is the process of converting data from a readable format to a cryptographically encoded format. Cryptographic encoding means converting plaintext into secure ciphertext. Plaintext is unencrypted information and secure ciphertext is the result of encryption.

Note: Encoding and encryption serve different purposes. Encoding uses a public conversion algorithm to enable systems that use different data representations to share information.

Penetration testing

Penetration testing, also called pen testing, is the act of participating in a simulated attack that helps identify vulnerabilities in systems, networks, websites, applications, and processes. It is a thorough risk assessment that can evaluate and identify external and internal threats as well as weaknesses.

Key takeaways

In this reading, you learned more about programming and operating systems. You were also introduced to several new tools and processes. Every organization selects their own set of tools. Therefore, the more tools you know, the more valuable you are to an organization. Tools help security analysts complete their tasks more efficiently and effectively.