Google Cybersecurity – Foundations of Cybersecurity

Posted by:

|

On:

|

,

Module 2

Computer Virus or malware:

malicious code written to interfere with computer operations and cause damage to data and software.

History:

1986 Brain Virus by Alvi brother create the software to track pirated software, unintentionally, it spreads globally and slowed down productivity and significantly impacted business. 1988 Robert Morris with the Morris worms intended to access the size of the internet, however it spreads via the web and infected connected computers, drained down memory and crashed, approximately 6,000 or 10% of the web at the time. After the incident, CERTs (Computer Emergency Response Team) and computer security incident response teams (CSIRTs) were established to respond to security incidents.

Digital Age attack:

due to the development of the internet, threat actors may not need physical access to the network, they can attack via the web.

Loveletter Malware by Onel De Guzman send the virus as email attachment label Love Letter for you. This is considered as a Social Engineer attack, takes advantage of human nature to gain private information, access and valuables.
Equifax Breach: 2017 attacker successfully infiltrated the agency and gain access to SPII, 143MM records stolen.

Glossary

  • Adversarial artificial intelligence (AI): A technique that manipulates artificial intelligence (AI) and machine learning (ML) technology to conduct attacks more efficiently 
  • Business Email Compromise (BEC): A type of phishing attack where a threat actor impersonates a known source to obtain financial advantage
  • CISSP: Certified Information Systems Security Professional is a globally recognized and highly sought-after information security certification, awarded by the International Information Systems Security Certification Consortium
  • Computer virus: Malicious code written to interfere with computer operations and cause damage to data and software
  • Cryptographic attack: An attack that affects secure forms of communication between a sender and intended recipient
  • Hacker: Any person who uses computers to gain access to computer systems, networks, or data
  • Malware: Software designed to harm devices or networks
  • Password attack: An attempt to access password secured devices, systems, networks, or data
  • Phishing: The use of digital communications to trick people into revealing sensitive data or deploying malicious software
  • Physical attack: A security incident that affects not only digital but also physical environments where the incident is deployed
  • Physical social engineering: An attack in which a threat actor impersonates an employee, customer, or vendor to obtain unauthorized access to a physical location
  • Social engineering: A manipulation technique that exploits human error to gain private information, access, or valuables
  • Social media phishing: A type of attack where a threat actor collects detailed information about their target on social media sites before initiating the attack
  • Spear phishing: A malicious email attack targeting a specific user or group of users, appearing to originate from a trusted source
  • Supply-chain attack: An attack that targets systems, applications, hardware, and/or software to locate a vulnerability where malware can be deployed
  • USB baiting: An attack in which a threat actor strategically leaves a malware USB stick for an employee to find and install to unknowingly infect a network
  • Virus: refer to “computer virus”
  • Vishing: The exploitation of electronic voice communication to obtain sensitive information or to impersonate a known source
  • Watering hole attack: A type of attack when a threat actor compromises a website frequently visited by a specific group of users

Introduction to the eight CISSP security domains

CISSP: Certified Information Systems Security Professional

  • 1. Security and Risk Management
  • This domain covers foundational concepts in security and risk management. It includes understanding the confidentiality, integrity, and availability (CIA) triad, security governance principles, compliance, risk management, and the legal and regulatory issues related to information security.
  • Key Topics:
    • Security policies and standards
    • Risk management processes and risk analysis
    • Compliance and ethics
    • Business continuity planning and disaster recovery
    • HIPAA GDPR
  • 2. Asset Security
  • This domain focuses on protecting information and assets. It deals with classification and ownership of information, privacy issues, data retention, and ensuring data security.
  • Key Topics:
    • Data classification and handling
    • Protecting data through various security controls
    • Privacy policies
    • Data lifecycle and retention policies
  • 3. Security Architecture and Engineering
  • This domain covers the design and implementation of secure infrastructure, including understanding security models, controls, and principles that underpin secure system design.
  • Key Topics:
    • Security architecture models and frameworks
    • Cryptography principles and practices
    • Physical and environmental security
    • Secure design principles
  • 4. Communication and Network Security
  • This domain deals with securing network architectures, transmission methods, and security protocols. It focuses on the protection of information in transit.
  • Key Topics:
    • Secure network architecture design
    • Network protocols and security
    • Firewalls, VPNs, IDS/IPS systems
    • Wireless security considerations
  • 5. Identity and Access Management (IAM)
  • This domain addresses the processes and technologies used to control user access to information and systems. It covers authentication, authorization, and accounting processes to ensure that the right people have the right access at the right time.
  • Key Topics:
    • Access control systems and methods
    • Authentication mechanisms (e.g., passwords, biometrics)
    • Federated identity management and SSO (Single Sign-On)
    • Identity as a Service (IDaaS)
  • 6. Security Assessment and Testing
  • This domain focuses on evaluating and validating the security posture of systems through assessments, audits, and testing methods.
  • Key Topics:
    • Vulnerability assessments and penetration testing
    • Security auditing processes
    • Log reviews and monitoring
    • Security testing and reporting
  • 7. Security Operations
  • This domain covers the day-to-day operations required to protect and maintain security in an organization. It includes incident response, resource protection, and operational security best practices.
  • Key Topics:
    • Incident response and handling
    • Business continuity planning (BCP) and disaster recovery (DRP)
    • Monitoring and logging activities
    • Investigations and forensic procedures
  • 8. Software Development Security
  • This domain covers the integration of security practices into the software development lifecycle. It deals with secure coding practices, software vulnerabilities, and ensuring that security is a key part of software development processes.

APT: advanced persistent threats