Foundations of Cybersecurity Notes

Chapter 1: Introduction to Cybersecurity

Introductory definitions:

Security – The practice of ensuring confidentiality, integrity and availability of information by

protecting networks, devices, people and data from unauthorized access or criminal exploitation.

Threat actor – Any person or group who presents a security risk.

Benefits of security:

- Protects against internal (inside organisation, most likely accidental but can be intentional)
and external (outside organisation) threats.
- Meets regulatory compliance/laws and guidelines: Allows them to avoid fines and audits
(ethical obligation to protect users).
- Maintain and improve business productivity: allow people to do their jobs even in the case
of a data breach.
- Reduces expenses associated with risk, e.g. downtime, fines, recovering from data loss
- Maintains brand trust: Compromised data damages brand and loses customer trust.

Responsibilities of a Cybersecurity Analyst

Security analysts are responsible for monitoring and protecting information and systems.

Some of the primary responsibilities of a cybersecurity analyst include:

- Protecting computer and network systems: Requires them to monitor an organisations

internal network, if a threat is detected an analyst is generally the first to respond.
- Ethical hacking: Hack their own organisations network system to identify vulnerabilities and
suggest ways to improve security.
- Install prevention software
- Conducting periodic security audits: A security audit is a review of an organisations security
records and activities. An analyst may examine in-house security issues such as making sure
ones password isn’t available to all employees.

Common cybersecurity terminology

Compliance – The process of adhering to internal standards and external regulations and enables
organisations to avoid fines and security breaches.

Security frameworks – Guidelines used for building plans to help mitigate risks and threats to data
and privacy.

Security controls – Safeguards designed to reduce specific security risks. Used with security
frameworks to establish a strong security posture.

Security posture – An organisations ability to manage its defence of critical assets and data and react
to change. Strong security posture = lower risk for organisation.

Network security – The practice of keeping an organisations network infrastructure secure from
unauthorised access. Includes data, services, systems and devices stored in a organisations network.
 Foundations of Cybersecurity Notes

Cloud security – Process of ensuring assets stored in cloud are properly configured or set up
correctly, and access to those assets is limited to authorised users. The cloud is a network made up
of a collection of servers or computers that store resources and data in remote physical locations
known as data centres that can be accessed via the internet.

Programming - A process that can be used to create a specific set of instructions for a computer to
execute tasks. These tasks can include automation of repetitive tasks, reviewing web traffic and
alerting suspicious activity.

Chapter 2: Core Skills for cybersecurity professionals

Transferable skills – Skills from other areas that can apply to different careers.

Technical skills – Skills that require knowledge of specific tools, procedures and policies.

Core transferable skills:

- Communication – describe risks and vulnerabilities to people that don’t have background or
supervisors.
- Collaboration – security analysts often work in teams with engineers and programme
managers.
- Analysis – security analysts may need to analyse complex scenarios that they may
encounter, and make recommendations about how different tools can support efficiency
and safeguard a organisations internal network.
- Problem solving – identifying a security problem and then diagnosing it and providing
solutions is necessary.
- Time management
- Growth mindset
- Diverse perspectives

Core technical skills:

- Programming languages – used to automate tasks and identify error messages.

- Knowledge of security information and event management (SIEM) tools. Security
professionals use SIEM tools to identify and analyse security threats, risks and
vulnerabilities.
- Computer forensics: Digital forensic investigators attempt to identify, analyse and preserve
criminal evidence.
- Intrusion detection systems (IDSs) – Analysts use IDSs to monitor system activity and alerts
for possible intrusions.
- Threat landscape knowledge – Being aware of current trends related to threat actors,
malware or threat methodologies is vital. Knowledge allows security teams to build stronger
defences against threat actor tactics and techniques.
- Incident response – Cybersecurity analysts need to be able to follow established policies and
procedures to respond to incidents appropriately.

The importance of cybersecurity

Security is essential for ensuring an organisations business continuity and ethnical standing.

Personally Identifiable Information (PII) – Any information used to infer an individual’s identity.
 Foundations of Cybersecurity Notes

If a data breach occurs, an organisation is at risk of a reduction in consumer trust but also put
customers and employees in danger due to PII being leaked

Sensitive Personally Identifiable Information (SPII) –A specific type of PII that falls under stricter
handling guidelines.

Threat actors will look for PII and SPII during a data breach. The leaking of this data can lead to
identify theft (impersonating someone to commit fraud for financial gain).

Chapter 3: The history of cybersecurity

Computer Virus – Malicious code written to interfere with computer operations and cause damage
to data and software.

Malware – Software designed to harm devices or networks.

Love letter Malware (2000): Stole internet login credentials. Received an email stating “I love you”,
once attachment was opened the malware scanned address book and sent itself to each person on
the list and sent a program to steal login credentials.

Social engineering – A manipulation technique that exploits human error to gain private information,
access or valuables.

Phishing – The use of digital communications to trick people into revealing sensitive data or
deploying malicious software.

Training is usually provided to employees to prevent these attacks from happening.

The Equifax Breach (2017): Attackers infiltrated Equifax resulting in one of the largest data breaches.
Over 143 million customer records were stolen and the breach affected around 40% of all
Americans. Equifax paid over 575 million dollars to resolve customer complaints and required fines.

Types of Phishing attacks:

- Business email compromise

- Spear phishing (looks like email is from a trusted source)
- Whaling – threat actors target company executives to gain access to sensitive data.
- Vishing –Exploitation of electronic voice communication to obtain sensitive information or to
impersonate a known source.
- Smishing – use of text messages to trick uses in order to obtain sensitive information.

Types of malware:

- Viruses
- Worms – malware that can spread itself across systems on its own.
- Ransomware – threat actors encrypt an organisations data and demand payment to restore
access,
- Spyware – Malware that is used to gather and sell information without content.

Types of social engineering:

- Social media phishing

- Watering hole attack
 Foundations of Cybersecurity Notes

- USB baiting
- Physical social engineering

Social engineering principles:

- Authority
- Intimidation
- Consensus
- Scarcity
- Familiarity
- Trust
- Urgency

CISSP Security Domains

CISSP defines 8 domains in total:

- Security and risk management: Defines security goals and objectives, risk mitigation,
compliance, business continuity and the law.
- Asset security: Secures digital and physical assets, it is also related to the storage,
maintenance, retention and destruction of data.
- Security architecture and engineering: Optimises data security by ensuring effective tools,
systems and processes are in place.
- Communication and network security: Manage and secure physical networks and wireless
communications.
- Identity and access management: Keeps data secure, by ensuring users follow established
policies to control and manage physical assets.
- Security assessment and testing: Conducting security control testing, collecting and analysing
data, and conducting security audits to monitor for risks threats and vulnerabilities.
- Security operations: Conducting investigations and implementing preventative measures.
- Software development security: Uses secure coding practices, which are a set of
recommended guidelines that are used to create secure applications and services.

Attack types:

- Password attacks (brute force, rainbow table)

- Social engineering attack (phishing, smishing)
- Physical attack (malicious USB cable, flash drive)
- Adversarial AI
- Supply chain attack
- Cryptographic attack