Cybersecurity Skills: Transferable and Technical

Questions and Answers

What does PHI stand for?

Private Health Inquiry

Protected Health Information (correct)

Personal Health Information

Public Health Initiative

SIEM tools reduce the amount of data an analyst must review by providing alerts for specific types of threats, risks, and vulnerabilities.

True

What is a playbook?

A manual that provides details about operational actions, such as how to respond to a security incident.

Encryption makes data ________ and difficult to decode for an unauthorized user.

unreadable

What is the purpose of the Federal Risk and Authorization Management Program (FedRAMP)?

To standardize security assessment, authorization, monitoring, and handling of cloud services and product offerings.

HIPAA prohibits sharing patient information without their consent.

True

The General Data Protection Regulation (GDPR) protects the processing of E.U. residents' data and their right to privacy in and out of E.U. territory. If an organization is not transparent about the data they are holding about an E.U. citizen, it is considered an infringement that can result in a fine. Additionally, if a breach occurs, the affected organization has __ hours to notify the E.U. citizen about the breach.

72

What are the three rules governed by the Health Insurance Portability and Accountability Act (HIPAA)?

All of the above

What are some forms of password attacks discussed in the reading? (Select all that apply)

Brute force

Which domain do social engineering attacks fall under?

Security and risk management

Cryptographic attacks affect only digital communication.

False

What is the main motivation behind hacktivists' actions?

political agenda

Supply-chain attacks target systems, applications, hardware, and/or software to locate a vulnerability where __________ can be deployed.

malware

What are transferable skills?

Skills from other areas of study or practice that can apply to different careers

Which of the following is a technical skill related to cybersecurity?

Programming languages

Phishing involves the use of electronic voice communication.

False

What is the primary purpose of malware?

Obtain money or intelligence advantage

______ is a manipulation technique that exploits human error to gain private information, access, or valuables.

Social engineering

Why do professionals use portfolios when applying for jobs?

To demonstrate their passion for their work and capabilities

What is the main difference between a resume and a portfolio?

A portfolio is a one-to-two page summary of relevant information

What are some examples of items one can include in a portfolio?

Drafting a professional statement, conducting a security audit, analyzing network structure and security, using Linux commands, applying filters to SQL queries, identifying vulnerabilities, documenting incidents, importing and parsing text files.

A ___ repository is a folder within a project used to store the documents, labs, and screenshots completed during each course of the certificate program.

Git

Match the glossary term with its definition:

Antivirus software = A software program used to prevent, detect, and eliminate malware and viruses Database = An organized collection of information or data Data point = A specific piece of information Intrusion detection system (IDS) = An application that monitors system activity and alerts on possible intrusions Linux = An open-source operating system Log = A record of events that occur within an organization’s systems Network protocol analyzer (packet sniffer) = A tool designed to capture and analyze data traffic within a network Order of volatility = A sequence outlining the order of data that must be preserved from first to last Programming = A process that can be used to create a specific set of instructions for a computer to execute tasks Protecting and preserving evidence = The process of properly working with fragile and volatile digital evidence Security information and event management (SIEM) = An application that collects and analyzes log data to monitor critical activities in an organization SQL (Structured Query Language) = A query language used to create, interact with, and request information from a database

Study Notes

Cybersecurity Skills

• Transferable skills:
  • Communication: essential for mitigating security issues quickly
  • Problem-solving: identifying and solving problems, recognizing attack patterns, and finding efficient solutions
  • Time management: prioritizing tasks, managing urgency, and minimizing potential damage
  • Growth mindset: willingness to learn and adapt in an evolving industry
  • Diverse perspectives: respect for others and encouraging diverse perspectives leads to better solutions
• Technical skills:
  • Programming languages: automating tasks, searching data, and identifying patterns
  • Security Information and Event Management (SIEM) tools: collecting and analyzing log data, monitoring critical activities, and identifying potential threats
  • Intrusion Detection Systems (IDSs): monitoring system activity, detecting potential intrusions, and alerting security teams
  • Threat landscape knowledge: staying up to date on current trends, attack patterns, and threat methodologies
  • Incident response: following established policies and procedures to respond to incidents

CompTIA Security+

• The Google Cybersecurity Certificate prepares learners for the CompTIA Security+ exam
• Completing the certificate program unlocks a 30% discount for the exam and additional practice materials

Common Attacks and Their Effectiveness

• Phishing: using digital communications to trick people into revealing sensitive data or deploying malicious software
  • Types:
    • Business Email Compromise (BEC)
    • Spear phishing
    • Whaling
    • Vishing
    • Smishing
• Malware: software designed to harm devices or networks
  • Types:
    • Viruses
    • Worms
    • Ransomware
    • Spyware
• Social Engineering: manipulating human error to gain private information, access, or valuables
  • Types:
    • Social media phishing
    • Watering hole attack
    • USB baiting
    • Physical social engineering
  • Principles:
    • Authority
    • Intimidation
    • Consensus/Social proof
    • Scarcity
    • Familiarity
    • Trust
    • Urgency

Determine the Type of Attack

• Password attack: attempting to access password-secured devices, systems, networks, or data
  • Types:
    • Brute force
    • Rainbow table
  • Related to: Communication and Network Security domain
• Social engineering attack: manipulating human error to gain private information, access, or valuables
  • Types:
    • Phishing
    • Smishing
    • Vishing
    • Spear phishing
    • Whaling
    • Social media phishing
    • Business Email Compromise (BEC)
    • Watering hole attack
    • USB baiting
    • Physical social engineering
  • Related to: Security and Risk Management domain
• Physical attack: affecting physical environments where the incident is deployed
  • Types:
    • Malicious USB cable
    • Malicious flash drive
    • Card cloning and skimming
  • Related to: Asset Security domain
• Adversarial artificial intelligence: manipulating AI and machine learning technology to conduct attacks
  • Related to: Communication and Network Security and Identity and Access Management domains
• Supply-chain attack: targeting systems, applications, hardware, and/or software to locate vulnerabilities
  • Related to: Security and Risk Management, Security Architecture and Engineering, and Security Operations domains
• Cryptographic attack: affecting secure forms of communication between a sender and intended recipient
  • Types:
    • Birthday
    • Collision
    • Downgrade
  • Related to: Communication and Network Security domain

Threat Actors

• Types:
  • Advanced persistent threats (APTs): accessing an organization's network without authorization
    • Intentions: damaging critical infrastructure, gaining access to intellectual property
  • Insider threats: abusing authorized access to obtain data
    • Intentions: sabotage, corruption, espionage, unauthorized data access or leaks
  • Hacktivists: driven by a political agenda
    • Intentions: demonstrations, propaganda, social change campaigns, fame
  • Hacker types:
    • Authorized (ethical hackers): following a code of ethics and adhering to the law
    • Semi-authorized (researchers): searching for vulnerabilities but not taking advantage
    • Unauthorized (unethical hackers): malicious threat actors collecting and selling confidential data
    • New and unskilled: learning, seeking revenge, exploiting security weaknesses
    • Vigilantes: protecting the world from unethical hackers### Glossary Terms from Module 2

Adversarial Artificial Intelligence (AI)

• Manipulates AI and machine learning (ML) technology to conduct attacks more efficiently

Business Email Compromise (BEC)

• A type of phishing attack where a threat actor impersonates a known source to obtain financial advantage

CISSP

• Certified Information Systems Security Professional, a globally recognized and highly sought-after information security certification

Computer Virus

• Malicious code written to interfere with computer operations and cause damage to data and software

Cryptographic Attack

• An attack that affects secure forms of communication between a sender and intended recipient

Hacker

• Any person who uses computers to gain access to computer systems, networks, or data

Malware

• Software designed to harm devices or networks

Password Attack

• An attempt to access password-secured devices, systems, networks, or data

Phishing

• The use of digital communications to trick people into revealing sensitive data or deploying malicious software

Physical Attack

• A security incident that affects not only digital but also physical environments where the incident is deployed

Physical Social Engineering

• An attack in which a threat actor impersonates an employee, customer, or vendor to obtain unauthorized access to a physical location

Social Engineering

• A manipulation technique that exploits human error to gain private information, access, or valuables

Social Media Phishing

• A type of attack where a threat actor collects detailed information about their target on social media sites before initiating the attack

Spear Phishing

• A malicious email attack targeting a specific user or group of users, appearing to originate from a trusted source

Supply-Chain Attack

• An attack that targets systems, applications, hardware, and/or software to locate a vulnerability where malware can be deployed

USB Baiting

• An attack in which a threat actor strategically leaves a malware USB stick for an employee to find and install to unknowingly infect a network

Vishing

• The exploitation of electronic voice communication to obtain sensitive information or to impersonate a known source

Watering Hole Attack

• A type of attack when a threat actor compromises a website frequently visited by a specific group of users

Controls, Frameworks, and Compliance

CIA Triad

• A model that helps inform how organizations consider risk when setting up systems and security policies
• Three foundational principles: confidentiality, integrity, and availability

Security Frameworks

• Guidelines used for building plans to help mitigate risks and threats to data and privacy
• Four core components:
  • Identifying and documenting security goals
  • Setting guidelines to achieve security goals
  • Implementing strong security processes
  • Monitoring and communicating results

Compliance

• The process of adhering to internal standards and external regulations
• Examples of frameworks: NIST Cybersecurity Framework (CSF), NIST Risk Management Framework (RMF), FERC-NERC, FedRAMP, CIS, GDPR, PCI DSS, HIPAA

Key Takeaways

• Understanding controls, frameworks, and compliance is crucial for maintaining a low level of risk
• Staying up-to-date with changes and exploring more frameworks, controls, and compliance is essential for security professionals

Ethical Concepts that Guide Cybersecurity Decisions

United States Standpoint on Counterattacks

• Deploying a counterattack on a threat actor is illegal in the U.S. due to laws like the Computer Fraud and Abuse Act of 1986 and the Cybersecurity Information Sharing Act of 2015

International Standpoint on Counterattacks

• The International Court of Justice (ICJ) states that a person or group can counterattack if:
  • The counterattack will only affect the party that attacked first
  • The counterattack is a direct communication asking the initial attacker to stop
  • The counterattack does not escalate the situation
  • The counterattack effects can be reversed

Ethical Principles and Methodologies

• Confidentiality, integrity, and availability (CIA) triad
• Respect for privacy and confidentiality
• Protection of personally identifiable information (PII) and sensitive personally identifiable information (SPII)

Glossary Terms from Module 3

Asset

• An item perceived as having value to an organization

Availability

• The idea that data is accessible to those who are authorized to access it

Compliance

• The process of adhering to internal standards and external regulations

Confidentiality

• The idea that only authorized users can access specific assets or data

CIA Triad

• A model that helps inform how organizations consider risk when setting up systems and security policies

Hacktivist

• A person who uses hacking to achieve a political goal

HIPAA

• A U.S. federal law established to protect patients' health information

Integrity

• The idea that the data is correct, authentic, and reliable

NIST Cybersecurity Framework (CSF)

• A voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity risk

Privacy Protection

• The act of safeguarding personal information from unauthorized use

Protected Health Information (PHI)

• Information that relates to the past, present, or future physical or mental health or condition of an individual

Security Architecture

• A type of security design composed of multiple components, such as tools and processes, that are used to protect an organization from risks and external threats

Security Controls

• Safeguards designed to reduce specific security risks

Security Ethics

• Guidelines for making appropriate decisions as a security professional

Security Frameworks

• Guidelines used for building plans to help mitigate risk and threats to data and privacy

Security Governance

• Practices that help support, define, and direct security efforts of an organization

Sensitive Personally Identifiable Information (SPII)

• A specific type of PII that falls under stricter handling guidelines### Playbooks in Forensic Investigation

• Playbooks are documents that guide analysts through a series of steps to complete specific security-related tasks.

• In a forensic investigation, playbooks outline the specific actions to take to conduct the investigation and ensure proper protocols and procedures are followed.

Chain of Custody Playbook

• A chain of custody playbook documents evidence possession and control during an incident lifecycle.
• It involves documenting who, what, where, and why evidence was collected, and tracking its movement to ensure its integrity.
• The playbook helps ensure that evidence is kept safe and tracked, and all parties involved know its location at all times.

Protecting and Preserving Evidence Playbook

• A protecting and preserving evidence playbook outlines the process of properly working with fragile and volatile digital evidence.
• It involves following the order of volatility, which prioritizes the preservation of volatile data that may be lost if a device powers off.
• The playbook ensures that digital evidence is properly preserved and managed to prevent compromise or alteration during an investigation.

Tools for Cybersecurity Professionals

• Programming languages, such as Python, are used to execute automation and reduce human error.
• Structured Query Language (SQL) is used to create, interact with, and request information from a database.
• Operating systems, such as Linux, macOS, and Windows, are the interface between computer hardware and the user.
• Linux is an open-source operating system that involves the use of a command line.

Web Vulnerability and Antivirus Software

• A web vulnerability is a unique flaw in a web application that can be exploited by a threat actor.
• Antivirus software, also known as anti-malware, is used to prevent, detect, and eliminate malware and viruses.
• It scans the memory of a device to find patterns that indicate the presence of malware.

Intrusion Detection System and Encryption

• An intrusion detection system (IDS) is an application that monitors system activity and alerts on possible intrusions.
• It scans network packets to identify potential threats to sensitive data.
• Encryption makes data unreadable and difficult to decode for an unauthorized user, ensuring the confidentiality of private data.
• Cryptographic encoding converts plaintext into secure ciphertext.

Penetration Testing and Cybersecurity Portfolio

• Penetration testing, also known as pen testing, is a simulated attack that helps identify vulnerabilities in systems, networks, websites, applications, and processes.
• A cybersecurity portfolio is a collection of documents and projects that demonstrate a professional's security skills and knowledge.
• It can be created using various tools, such as documents folders, Google Drive, Dropbox, Google Sites, or Git repositories.
• A portfolio can be used to showcase skills and knowledge to potential employers in the cybersecurity field.

Description

Explore the importance of transferable and technical skills for cybersecurity analysts, including the knowledge of specific tools, procedures, and policies.