Cybersecurity Fundamentals

Questions and Answers

Ensuring that authorized users have timely and reliable access to information and resources refers to ______.

availability

A ______ attack is a targeted phishing attack directed at high-profile individuals, such as executives, within an organization.

whaling

A ______ is a network security device that monitors and controls incoming and outgoing network traffic based on predetermined security rules.

firewall

Unlike viruses, ______ do not require a host program to spread and can self-replicate across networks.

worms

[Blank] involves manipulating individuals into divulging confidential information or performing actions that compromise security.

social engineering

Exploiting vulnerabilities in database applications to inject malicious SQL code and gain unauthorized access to data is known as ______.

SQL injection

Protecting sensitive information from unauthorized disclosure aligns with the cybersecurity principle of ______.

confidentiality

Maintaining the accuracy and completeness of data, preventing unauthorized modification describes the cybersecurity principle of ______.

integrity

An ______ detects, prevents, and removes malware from computer systems.

Antivirus Software

______ involves converting data into an unreadable format to protect it from unauthorized access.

Encryption

______ are secure connections that encrypt internet traffic to protect user privacy.

Virtual Private Networks (VPNs)

______ divides a network into smaller, isolated segments to limit the impact of security breaches.

Network Segmentation

Assigning access privileges based on a user's role within an organization is known as ______.

Role-Based Access Control (RBAC)

Applying software updates and security patches to fix known vulnerabilities is called ______.

Patch Management

______ prevent sensitive data from leaving an organization's control.

Data Loss Prevention (DLP)

Monitoring and managing security risks in cloud environments is the goal of ______.

Cloud Security Posture Management (CSPM)

Using cryptography to verify the authenticity and integrity of digital documents involves ______.

Digital Signatures

A ______ is a set of guidelines for managing cybersecurity risks.

NIST Cybersecurity Framework

Documenting lessons learned and improving security measures is part of ______ in incident response.

Post-Incident Activity

Requiring users to provide multiple forms of identification to verify their identity is known as ______.

Multi-Factor Authentication (MFA)

Systems that collect and analyze security logs from various sources to detect and respond to security incidents are known as ______.

Security Information and Event Management (SIEM)

Securing wireless networks typically involves using protocols such as ______.

WPA2/3

Systems that monitor network traffic for malicious activity and take automated actions to prevent or mitigate attacks are ______.

Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS)

Flashcards

Cybersecurity

Protecting systems and data from unauthorized access, damage, or theft.

Confidentiality

Ensuring sensitive information isn't disclosed to unauthorized parties.

Integrity

Maintaining data accuracy and completeness, preventing unauthorized changes.

Availability

Ensuring reliable access to information and resources for authorized users.

Malware

Malicious software designed to infiltrate and damage computer systems.

Phishing

Deceptive attempts to steal sensitive information by posing as a trustworthy entity.

Social Engineering

Manipulating people to reveal confidential info or take actions against security.

Firewalls

Network security devices that control traffic based on security rules.

IDS/IPS

Monitors network traffic, taking actions against malicious activity.

Antivirus Software

Detects, prevents, and removes malware.

Endpoint Detection and Response (EDR)

Monitors endpoints for suspicious activity, investigates, and responds to incidents.

SIEM

Collects and analyzes security logs to detect and respond to incidents.

VPN

Encrypts internet traffic to protect user privacy.

Access Controls

Controls who can access resources and what actions they can perform.

Role-Based Access Control (RBAC)

Assigns access based on a user's role.

Multi-Factor Authentication (MFA)

Requires multiple forms of identification.

Encryption

Converts data into an unreadable format.

Data in Transit

Encrypting data while it's being sent.

Data at Rest

Encrypting data when it's stored.

Patch Management

Applying updates to fix vulnerabilities.

Network Segmentation

Dividing a network to limit breach impact.

Input Validation

Verifying user input to prevent attacks.

Web Application Firewalls (WAFs)

Filtering malicious HTTP traffic.

Study Notes

Cybersecurity protects computer systems, networks, and digital data from unauthorized access, damage, theft, or disruption. The field includes technologies, processes, and practices for ensuring confidentiality, integrity, and availability of information.

Core Principles

• Confidentiality protects sensitive information from unauthorized disclosure.
• Integrity maintains data accuracy and completeness, preventing unauthorized modification.
• Availability ensures timely and reliable access to information and resources for authorized users.

Threat Landscape

• Malware is malicious software designed to infiltrate and damage computer systems.
  • Viruses are self-replicating code that attaches to files/programs and spreads to other systems.
  • Worms are self-replicating, standalone malware that spreads without needing a host program.
  • Trojans are malicious programs disguised as legitimate software.
  • Ransomware encrypts a victim's files and demands ransom for decryption.
  • Spyware secretly monitors user activity and collects personal information.
  • Adware displays unwanted advertisements.
• Phishing involves deceptive attempts to acquire sensitive information by disguising as a trustworthy entity.
  • Spear Phishing involves targeted phishing attacks aimed at specific individuals or organizations.
  • Whaling involves phishing attacks targeting high-profile individuals, such as executives.
• Social Engineering involves manipulating individuals into divulging confidential information or performing actions that compromise security.
• Distributed Denial-of-Service (DDoS) Attacks overwhelm a target system or network with traffic, making it unavailable to legitimate users.
• Man-in-the-Middle (MitM) Attacks intercept and alter communication between two parties without their knowledge.
• SQL Injection exploits vulnerabilities in database applications to inject malicious SQL code and gain unauthorized data access.
• Zero-Day Exploits are attacks exploiting previously unknown software vulnerabilities before a patch is available.
• Insider Threats are security risks originating from within an organization, whether intentional or unintentional.
• Advanced Persistent Threats (APTs) are sophisticated, long-term cyberattacks targeting specific organizations or industries.

Security Measures

• Firewalls are network security devices that monitor and control network traffic based on security rules.
• Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) monitor network traffic for malicious activity and take automated actions.
• Antivirus Software detects, prevents, and removes malware.
• Endpoint Detection and Response (EDR) monitors endpoints for suspicious activity, investigates threats, and responds to incidents.
• Security Information and Event Management (SIEM) collects and analyzes security logs to detect and respond to incidents.
• Virtual Private Networks (VPNs) are secure connections that encrypt internet traffic and protect user privacy.
• Access Controls manage who can access specific resources and what actions they can perform.
  • Role-Based Access Control (RBAC) assigns access privileges based on a user's role in an organization.
  • Multi-Factor Authentication (MFA) requires multiple forms of identification to verify user identity.
• Encryption converts data into an unreadable format to protect it from unauthorized access.
  • Data in Transit encryption secures data as it is transmitted over a network.
  • Data at Rest encryption secures data stored on devices or servers.
• Regular Security Audits and Vulnerability Assessments identify and address security weaknesses.
• Patch Management applies software updates and security patches to fix vulnerabilities.
• Security Awareness Training educates employees about cybersecurity threats and best practices.
• Incident Response Planning creates a plan for responding to and recovering from security incidents.
• Data Loss Prevention (DLP) prevents sensitive data from leaving organizational control.

Network Security

• Network Segmentation divides a network into smaller segments to limit the impact of security breaches.
• Virtual LANs (VLANs) logically separate network devices into different broadcast domains.
• Network Address Translation (NAT) translates private IP addresses to public IP addresses to hide the internal network structure.
• Wireless Security secures wireless networks using protocols like WPA2/3.

Application Security

• Secure Coding Practices involve writing code free from vulnerabilities.
• Input Validation verifies user input is valid and safe before processing.
• Output Encoding encodes data before displaying it to prevent cross-site scripting (XSS) attacks.
• Web Application Firewalls (WAFs) filter malicious HTTP traffic to protect web applications.

Cloud Security

• Cloud Security Posture Management (CSPM) monitors and manages security risks in cloud environments.
• Data Encryption in the Cloud encrypts data stored and processed in the cloud.
• Identity and Access Management (IAM) in the Cloud controls access to cloud resources.
• Cloud-Based Security Tools are security tools and services provided by cloud providers.

Mobile Security

• Mobile Device Management (MDM) manages and secures mobile devices used by employees.
• Mobile Application Security secures mobile applications from vulnerabilities.
• Data Encryption on Mobile Devices encrypts data stored on mobile devices.

IoT Security

• Securing IoT Devices protects Internet of Things (IoT) devices from cyberattacks.
• Firmware Updates for IoT Devices keeps IoT devices up to date with the latest security patches.
• Network Segmentation for IoT Devices isolates IoT devices from other network devices.

Cryptography

• Symmetric-Key Cryptography uses the same key for encryption and decryption (e.g., AES).
• Asymmetric-Key Cryptography uses a pair of keys (public and private) for encryption and decryption (e.g., RSA).
• Hashing creates a unique, fixed-size representation of data for integrity verification (e.g., SHA-256).
• Digital Signatures use cryptography to verify the authenticity and integrity of digital documents.

Risk Management

• Identifying Assets determines the value of assets needing protection.
• Threat Modeling identifies potential threats and vulnerabilities.
• Risk Assessment evaluates the likelihood and impact of potential security incidents.
• Risk Mitigation implements security measures to reduce or eliminate risks.

Compliance and Regulations

• GDPR (General Data Protection Regulation) is a European Union law on data protection and privacy.
• HIPAA (Health Insurance Portability and Accountability Act) is a United States law on protecting sensitive health information.
• PCI DSS (Payment Card Industry Data Security Standard) is a security standard for organizations handling credit card information.
• ISO 27001 is an international standard for information security management systems.
• NIST Cybersecurity Framework provides guidelines for managing cybersecurity risks.

Security Governance

• Security Policies establish rules and guidelines for acceptable use of technology and data.
• Security Procedures document step-by-step instructions for performing security tasks.
• Security Roles and Responsibilities define roles and responsibilities for maintaining security.
• Security Awareness Training educates employees about cybersecurity threats and best practices.

Incident Response

• Incident Detection identifies and reports security incidents.
• Incident Analysis investigates the cause and scope of security incidents.
• Incident Containment prevents further damage from security incidents.
• Incident Eradication removes the root cause of security incidents.
• Incident Recovery restores systems and data to a normal state.
• Post-Incident Activity documents lessons learned and improves security measures.

Emerging Trends

• Artificial Intelligence (AI) in Cybersecurity uses AI to detect and respond to cyber threats.
• Machine Learning (ML) in Cybersecurity uses ML to analyze security data and identify patterns.
• Blockchain Security uses blockchain technology to enhance security and trust.
• Quantum Computing and Cryptography prepares for the impact of quantum computing on cryptography.
• Zero Trust Architecture is a security model that assumes no user or device is trusted by default.

Description

Learn about cybersecurity, which protects digital data from damage, theft, or disruption. Understand the core principles of confidentiality, integrity, and availability. Explore the threat landscape, including malware types like viruses, worms, trojans, and ransomware.