CyberSecurity 101

This blog is designed to provide beginners and enthusiasts with a solid foundation in cybersecurity by exploring the fundamental concepts, tools, and techniques used to protect networks, devices, people, and data

Note

We will dive into various terms and definitions related to cybersecurity, breaking down complex concepts into easily understandable explanations. From the basics of authentication and antivirus software to advanced topics such as adversarial artificial intelligence and supply-chain attacks, I will cover a wide range of subjects that are crucial for building a strong cybersecurity knowledge base. Also, in this dynamic blog, I am committed to providing you with up-to-date and relevant lessons on cybersecurity. As the cybersecurity landscape continues to evolve at a rapid pace, I will regularly add new lessons to ensure that you stay informed about the latest trends, threats, and techniques in the field.

Foundations of Cybersecurity

Terms and definitions

Cybersecurity (or security): The practice of ensuring confidentiality, integrity, and availability of information by protecting networks, devices, people, and data from unauthorized access or criminal exploitation

Cloud security: The process of ensuring that assets stored in the cloud are properly configured and access to those assets is limited to authorized users

Internal threat: A current or former employee, external vendor, or trusted partner who poses a security risk

Network security: The practice of keeping an organization's network infrastructure secure from unauthorized access

Personally identifiable information (PII): Any information used to infer an individual’s identity

Security posture: An organization’s ability to manage its defense of critical assets and data and react to change

Sensitive personally identifiable information (SPII): A specific type of PII that falls under stricter handling guidelines

Technical skills: Skills that require knowledge of specific tools, procedures, and policies

Threat: Any circumstance or event that can negatively impact assets

Threat actor: Any person or group who presents a security risk

Transferable skills: Skills from other areas that can apply to different careers

Adversarial artificial intelligence (AI): A technique that manipulates artificial intelligence (AI) and machine learning (ML) technology to conduct attacks more efficiently

Antivirus software: A software program used to prevent, detect, and eliminate malware and viruses

Asset: An item perceived as having value to an organization

Availability: The idea that data is accessible to those who are authorized to access it

Business Email Compromise (BEC): A type of phishing attack where a threat actor impersonates a known source to obtain financial advantage

Compliance: The process of adhering to internal standards and external regulations

Computer virus: Malicious code written to interfere with computer operations and cause damage to data and software

Confidentiality: Only authorized users can access specific assets or data

Confidentiality, integrity, availability (CIA) triad: A model that helps inform how organizations consider risk when setting up systems and security policies

Cryptographic attack: An attack that affects secure forms of communication between a sender and intended recipient

Database: An organized collection of information or data

Data point: A specific piece of information

Hacker: Any person who uses computers to gain access to computer systems, networks, or data

Hacktivist: A person who uses hacking to achieve a political goal

Health Insurance Portability and Accountability Act (HIPAA): A U.S. federal law established to protect patients’ health information

Integrity: The idea that the data is correct, authentic, and reliable

Internal threat: A current or former employee, external vendor, or trusted partner who poses a security risk

Intrusion detection system (IDS): An application that monitors system activity and alerts on possible intrusions

Linux: An open-source operating system

Log: A record of events that occur within an organization’s systems

Malware: Software designed to harm devices or networks

National Institute of Standards and Technology (NIST) Cyber Security Framework (CSF): A voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity risk

Network protocol analyzer (packet sniffer): A tool designed to capture and analyze data traffic within a network

Network security: The practice of keeping an organization's network infrastructure secure from unauthorized access Open Web Application Security Project (OWASP): A non-profit organization focused on improving software security

Order of volatility: A sequence outlining the order of data that must be preserved from first to last

Password attack: An attempt to access password secured devices, systems, networks, or data

Personally identifiable information (PII): Any information used to infer an individual’s identity

Phishing: The use of digital communications to trick people into revealing sensitive data or deploying malicious software

Physical attack: A security incident that affects not only digital but also physical environments where the incident is deployed

Physical social engineering: An attack in which a threat actor impersonates an employee, customer, or vendor to obtain unauthorized access to a physical location Privacy protection: The act of safeguarding personal information from unauthorized use

Programming: A process that can be used to create a specific set of instructions for a computer to execute tasks

Protected health information (PHI): Information that relates to the past, present, or future physical or mental health or condition of an individual

Protecting and preserving evidence: The process of properly working with fragile and volatile digital evidence

Security architecture: A type of security design composed of multiple components, such as tools and processes, that are used to protect an organization from risks and external threats

Security controls: Safeguards designed to reduce specific security risks

Security ethics: Guidelines for making appropriate decisions as a security professional

Security frameworks: Guidelines used for building plans to help mitigate risk and threats to data and privacy

Security governance: Practices that help support, define, and direct security efforts of an organization

Security information and event management (SIEM): An application that collects and analyzes log data to monitor critical activities in an organization

Security posture: An organization’s ability to manage its defense of critical assets and data and react to change

Sensitive personally identifiable information (SPII): A specific type of PII that falls under stricter handling guidelines

Social engineering: A manipulation technique that exploits human error to gain private information, access, or valuables

Social media phishing: A type of attack where a threat actor collects detailed information about their target on social media sites before initiating the attack

Spear phishing: A malicious email attack targeting a specific user or group of users, appearing to originate from a trusted source

SQL (Structured Query Language): A programming language used to create, interact with, and request information from a database

Supply-chain attack: An attack that targets systems, applications, hardware, and/or software to locate a vulnerability where malware can be deployed

Technical skills: Skills that require knowledge of specific tools, procedures, and policies

Threat: Any circumstance or event that can negatively impact assets

Threat actor: Any person or group who presents a security risk

Transferable skills: Skills from other areas that can apply to different careers

USB baiting: An attack in which a threat actor strategically leaves a malware USB stick for an employee to find and install to unknowingly infect a network

Virus: refer to “computer virus”

Vishing: The exploitation of electronic voice communication to obtain sensitive information or to impersonate a known source

Watering hole attack: A type of attack when a threat actor compromises a website frequently visited by a specific group of users

Manage Security Risks

A primary goal of organizations is to protect assets. An asset is an item perceived as having value to an organization. Assets can be digital or physical. Examples of digital assets include the personal information of employees, clients, or vendors, such as:

Social Security Numbers (SSNs), or unique national identification numbers assigned to individuals

Dates of birth

Bank account numbers

Mailing addresses

The relationship between frameworks and controls

Security frameworks are guidelines used for building plans to help mitigate risk and threats to data and privacy. Frameworks support organizations’ ability to adhere to compliance laws and regulations. For example, the healthcare industry uses frameworks to comply with the United States’ Health Insurance Portability and Accountability Act (HIPAA), which requires that medical professionals keep patient information safe.

Security controls are safeguards designed to reduce specific security risks. Security controls are the measures organizations use to lower risk and threats to data and privacy. For example, a control that can be used alongside frameworks to ensure a hospital remains compliant with HIPAA is requiring that patients use multi-factor authentication (MFA) to access their medical records. Using a measure like MFA to validate someone’s identity is one way to help mitigate potential risks and threats to private data.