Scribd
Upload
10 views4 pages

Cybersecurity Class Notes

Uploaded by

salihsami79
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
10 views4 pages

Cybersecurity Class Notes

Uploaded by

salihsami79
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

Cybersecurity Class Notes

What is Cybersecurity?

Cybersecurity is the practice of protecting computer systems and


networks from theft, damage, or unauthorized 1 access to the data they
hold. It encompasses a wide range of technologies, processes, and
policies designed to safeguard digital information and infrastructure. It's
a constantly evolving field due to the ever-changing nature of cyber
threats.

Key Concepts:

 Threat: A potential danger that can exploit a vulnerability to


breach security.
 Vulnerability: A weakness in a system or application that can be
exploited by a threat.
 Risk: The potential for loss or damage if a threat exploits a
vulnerability.
 Attack: An attempt to exploit a vulnerability.
 Data Breach: A security incident where sensitive data is accessed
or stolen.

Types of Cyber Threats:

 Malware: Malicious software designed to damage or disable


computer systems. Examples: Viruses, worms, ransomware,
spyware.
 Phishing: Deceptive attempts to obtain sensitive information (e.g.,
usernames, passwords) by masquerading as a trustworthy entity.
 Denial-of-Service (DoS) Attacks: Overwhelming a system with
traffic to make it unavailable to legitimate users.
 Man-in-the-Middle (MitM) Attacks: An attacker intercepts
communication between two parties, potentially eavesdropping or
manipulating data.
 SQL Injection: An attack that exploits vulnerabilities in web
applications to inject malicious SQL code, potentially gaining
access to databases.
 Cross-Site Scripting (XSS): An attack that injects malicious
scripts into websites, which can then be used to steal user data or
hijack user sessions.
 Ransomware: Malware that encrypts a victim's files and demands
a ransom for their decryption.
 Social Engineering: Manipulating individuals into divulging
confidential information or performing actions that compromise
security.

Key Principles of Cybersecurity:

 Confidentiality: Ensuring that sensitive information is only


accessible to authorized individuals.
 Integrity: Maintaining the accuracy and completeness of data.
 Availability: Ensuring that systems and data are accessible to
authorized users when needed.

Key Cybersecurity Practices:

 Strong Passwords: Using complex and unique passwords for each


account.
 Multi-Factor Authentication (MFA): Adding an extra layer of
security beyond passwords.
 Regular Software Updates: Patching vulnerabilities in software.
 Firewalls: Controlling network traffic and blocking unauthorized
access.
 Antivirus and Anti-malware Software: Detecting and removing
malicious software.
 Data Backup and Recovery: Regularly backing up data to ensure
it can be recovered in the event of a data loss.
 Security Awareness Training: Educating users about
cybersecurity threats and best practices.
 Vulnerability Scanning and Penetration Testing: Proactively
identifying vulnerabilities in systems.
 Incident Response Planning: Developing a plan for responding to
security incidents.

Cybersecurity Frameworks:

 NIST Cybersecurity Framework: A set of standards, guidelines,


and best practices for managing cybersecurity risk.
 ISO 27001: An international standard for information security
management systems.

Cybersecurity Roles:

 Security Analyst: Monitors security systems, investigates security


incidents, and implements security controls.
 Security Engineer: Designs, implements, and maintains security
systems and infrastructure.
 Security Architect: Develops security architectures and strategies
for organizations.
 Chief Information Security Officer (CISO): Oversees the
organization's cybersecurity program.
 Penetration Tester (Ethical Hacker): Attempts to find
vulnerabilities in systems to improve security.
Emerging Cybersecurity Threats:

 Internet of Things (IoT) Security: Securing the growing number


of connected devices.
 Cloud Security: Protecting data and applications in cloud
environments.
 Artificial Intelligence (AI) and Machine Learning (ML) in
Cybersecurity: Using AI and ML to detect and respond to cyber
threats.
 Mobile Security: Securing mobile devices and applications.

Further Study:

Cybersecurity is a constantly evolving field. Further study should


include exploring specific areas of interest, such as network security,
application security, data security, or cloud security. Pursuing
certifications like CompTIA Security+, Certified Ethical Hacker (CEH),
or Certified Information Systems Security Professional (CISSP) can
enhance career prospects. Staying up-to-date with the latest threats and
vulnerabilities is crucial in this field. Hands-on experience through labs
and projects is invaluable.

You might also like