Scribd
Upload
17 views

Cybersec

cybersecurity study notes

Uploaded by

Oliver Thierry Stirling
Copyright
© © All Rights Reserved
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
17 views

Cybersec

cybersecurity study notes

Uploaded by

Oliver Thierry Stirling
Copyright
© © All Rights Reserved
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 2

Cybersecurity Fundamentals

----------------------------

1. What is Cybersecurity?
- Cybersecurity refers to the practice of protecting systems, networks, and
programs from digital attacks.
- These attacks are usually aimed at accessing, changing, or destroying
sensitive information.

2. Types of Cybersecurity
a. Network Security
- Involves protecting the integrity of the network and the data transmitted
through it.
b. Application Security
- Focuses on keeping software and devices free from threats.
c. Information Security
- Protects the integrity and privacy of data, both in storage and transit.
d. Operational Security
- Includes processes and decisions for handling and protecting data assets.
e. Disaster Recovery and Business Continuity
- Plans for how an organization responds to a cybersecurity incident or any
event that causes loss of operations or data.

3. Common Cybersecurity Threats


- Malware: Malicious software such as viruses, trojans, and worms.
- Phishing: Fraudulent attempts to obtain sensitive information by pretending to
be a trustworthy entity.
- Man-in-the-Middle Attacks (MITM): An attacker intercepts communications
between two parties to steal data.
- Denial-of-Service (DoS) Attacks: The attacker floods a network or system with
traffic to overload it.
- SQL Injection: Malicious SQL code is inserted into a query to manipulate the
database.

4. Best Practices for Cybersecurity


a. Use strong, unique passwords
- Always use a combination of uppercase letters, lowercase letters, numbers,
and symbols.
b. Enable Two-Factor Authentication (2FA)
- Requires two forms of identification before granting access to an account.
c. Keep Software Updated
- Regularly update software to patch security vulnerabilities.
d. Backup Data Regularly
- Maintain copies of important data to protect against ransomware and
accidental loss.

5. Cryptography Basics
- Cryptography involves the encoding and decoding of information to protect it.
- Types of Cryptography:
- Symmetric Cryptography: Uses a single key for both encryption and
decryption.
- Asymmetric Cryptography: Uses a pair of keys (public and private) for
encryption and decryption.

6. Ethical Hacking and Penetration Testing


- Ethical Hacking: The practice of deliberately probing a system for
vulnerabilities.
- Penetration Testing: A form of ethical hacking where simulated cyberattacks
are carried out to identify weaknesses in a system.
7. Zero Trust Architecture
- A security framework that assumes no one inside or outside the organization’s
network can be trusted.
- Requires verification for everyone and every device trying to access
resources.

8. Social Engineering
- A non-technical method of intrusion where attackers exploit human interactions
to gain access to sensitive information.
- Examples include pretexting, baiting, and phishing.

9. Security Frameworks and Standards


- ISO/IEC 27001: International standard for managing information security.
- NIST Cybersecurity Framework: Guidelines, standards, and best practices to
manage cybersecurity risk.

10. Incident Response Plan


- Steps to take when responding to a cybersecurity incident:
a. Preparation
b. Identification
c. Containment
d. Eradication
e. Recovery
f. Lessons Learned

11. Cybersecurity in Cloud Computing


- Security issues in cloud environments include data breaches, insecure
interfaces, and insider threats.
- Solutions:
- Encrypt sensitive data stored in the cloud.
- Implement identity and access management (IAM) for cloud resources.

12. Role of Firewalls


- A firewall is a network security device that monitors and filters incoming
and outgoing network traffic.
- Types:
a. Packet-Filtering Firewalls
b. Stateful Firewalls
c. Proxy Firewalls
d. Next-Generation Firewalls (NGFWs)

13. Vulnerability Management


- A continuous process of identifying, classifying, and remediating
vulnerabilities in a system.
- Tools used: vulnerability scanners, patch management software.

14. Security Awareness Training


- Educating employees about cybersecurity threats, safe practices, and how to
recognize malicious activity.

15. Cybersecurity Careers


- Common roles:
a. Security Analyst
b. Security Engineer
c. Penetration Tester (Ethical Hacker)
d. Chief Information Security Officer (CISO)

You might also like