1.

Cybersecurity Foundations
What is Cybersecurity?
Think of cybersecurity like fortifying a castle. Just as a castle prepares for an impending
siege, organizations must equip themselves to withstand cyber threats. They fortify
their defenses, train their defenders, and remain vigilant against potential breaches.

1. Preparation for Security Incidents: Handling a security incident is akin to defending a

castle under siege. Organizations must arm themselves with the tools and strategies to
repel attackers swiftly, minimizing the impact of breaches and protecting their assets.

2. Role of Security Analysts: As a security analyst, you're like the castle's vigilant guard,
keeping watch over the kingdom's borders. You protect your organization's assets from
intruders and respond swiftly to any signs of attack.

3. Defining Security: Security, or cybersecurity, involves safeguarding the castle's

treasures (data) by fortifying its walls (networks) and training its defenders (employees)
to repel invaders (threat actors).

4. Types of Threats: Security teams defend against both external invaders (hackers,
cybercriminals) and internal threats (accidental breaches, insider attacks), ensuring the
castle remains secure from all angles.

5. Responsibilities of Security Teams: Security professionals fortify the castle's

defenses, ensuring compliance with kingdom laws (regulations), maintaining
productivity during attacks, minimizing costs associated with breaches, and
safeguarding the castle's reputation.

6. Security-based Roles: Upon completing this course, you'll be equipped continue to

roles such as Security Analyst, GRC Roles, Penetration Tester, SOC Analyst and more.
Conclusion: Just as fortifying a castle requires preparation, vigilance, and skilled
defenders, mastering cybersecurity involves fortifying organizational defenses,
protecting valuable assets, and defending against cyber threats. Let's embark on this
journey together!

Key Cybersecurity Roles

In today's rapidly evolving technological landscape, cybersecurity professionals play a
crucial role in safeguarding sensitive information against ever-evolving threats. Let's
dive into the key responsibilities of a few of the key cybersecurity roles.

1. Security Analyst

Day-to-Day Activities:

● Monitor network traffic and evaluate alerts for security incidents.

● Conduct security assessments and vulnerability scans.
● Investigate security breaches and compile incident reports.

Ideal Candidate:

● Analytical thinker with strong problem-solving skills.

● Effective communicator with a detail-oriented approach.

2. Governance, Risk, and Compliance (GRC) Role

Day-to-Day Activities:

● Develop and enforce security policies to ensure compliance with regulations.

● Conduct risk assessments and manage audits.
● Liaise with various departments to integrate security practices across the
organization.
Ideal Candidate:

● Methodical with a strong understanding of legal and regulatory frameworks.

● Excellent interpersonal and project management skills.

3. Penetration Tester

Day-to-Day Activities:

● Simulate cyber attacks to identify vulnerabilities in systems.

● Develop and refine testing tools and methods.
● Document findings and provide actionable recommendations for enhancing
security.

Ideal Candidate:

● Inventive thinker with in-depth technical expertise in security systems.

● Persistent and detail-oriented, with strong analytical skills.

4. Security Operations Center (SOC) Analyst

Day-to-Day Activities:

● Monitor alerts from security technologies and investigate anomalies.

● Coordinate responses to security incidents and implement preventive measures.
● Maintain up-to-date knowledge of current threats and security trends.

Ideal Candidate:

● Proactive and vigilant, with excellent analytical abilities.

● Capable of working under pressure and effective in team collaboration.

Why Security Matters

In this digital age, security plays a pivotal role in safeguarding both physical and digital
assets. Let's delve deeper into why security is indispensable:

1. Business Continuity and Ethical Standing: Security ensures the uninterrupted

operation of organizations while upholding ethical standards. Legal implications
and moral considerations underscore the importance of maintaining robust
security measures. Data breaches can tarnish an organization's reputation and
adversely impact the lives of users, clients, and customers. Strong security
measures enhance user trust, fostering financial growth and business referrals.
2. Protection of Personal Information: Organizations must safeguard user,
customer, and vendor data to prevent incidents that expose personally
identifiable information (PII). PII encompasses various data points, including full
names, addresses, contact details, and IP addresses. Additionally, sensitive
personally identifiable information (SPII), such as social security numbers and
financial data, requires stricter handling due to its potential for severe
repercussions if compromised.
3. Identity Theft Prevention: Threat actors target PII and SPII during breaches, with
identity theft posing a significant risk. Identity theft involves the fraudulent use of
personal information for financial gain. Protecting individuals from identity theft
is paramount, highlighting the critical role of security professionals in mitigating
this threat.
4. Growing Demand for Security Professionals: Employers seek skilled security
analysts to protect data, products, and individuals while ensuring the
confidentiality, integrity, and secure access to information. The U.S. Bureau of
Labor Statistics anticipates a significant increase in demand for security
professionals, underscoring the importance of cultivating expertise in this field.

As you continue your learning journey, remember that your role as a security analyst
contributes to creating a safer and more secure environment for organizations and
individuals alike. Embrace ongoing learning to stay abreast of evolving security
challenges and contribute meaningfully to the field.
Common Cybersecurity Attacks
Phishing: Phishing is a deceptive tactic that exploits digital communications to trick
individuals into revealing sensitive data or installing malicious software. Common types
include:

● Business Email Compromise (BEC): Deceptive emails impersonating known

sources to request sensitive information for financial gain.
● Spear Phishing: Targeted malicious email attacks aimed at specific users or
groups, often masquerading as trusted sources.
● Whaling: Spear phishing targeting high-profile company executives to gain
access to confidential data.
● Social Media Phishing: Extracting detailed information from social media
platforms to execute targeted attacks.
● Watering Hole Attack: Targeting websites frequented by specific user groups to
infiltrate their systems.
● USB Baiting: Leaving malware-infected USB drives in strategic locations to
compromise network security.
● Physical Social Engineering: Impersonating authorized personnel to gain
unauthorized access to physical locations.

Password Attacks: Password attacks aim to breach password-secured devices,

systems, networks, or data using methods such as brute force or rainbow tables.

Physical Attacks: Physical attacks extend beyond digital environments, impacting

physical spaces as well. Examples include malicious USB cables, flash drives, and card
cloning or skimming.

Cryptographic Attacks: Cryptographic attacks target secure communication channels

between senders and recipients, exploiting vulnerabilities like birthday attacks or
collision attacks.
Adversarial Artificial Intelligence: Adversarial artificial intelligence manipulates AI and
machine learning technology to conduct attacks more efficiently, affecting
communication and network security as well as identity and access management.

Supply-Chain Attacks: Supply-chain attacks target systems, applications, hardware, or

software to deploy malware, potentially affecting multiple organizations throughout the
supply chain process.

While these are just a few examples, various other attack methods exist, each posing
unique risks to cybersecurity. Throughout the program, you'll gain insights into
additional attack types and learn strategies to defend against them effectively. Stay
tuned for more insights and opportunities for growth as you progress in your
cybersecurity education.

Understanding Security Domains

In cybersecurity, knowing core concepts organized into security domains is crucial for
professionals. The Certified Information Systems Security Professional (CISSP) defines
eight such domains.

1. Security and Risk Management: Focuses on defining security goals, risk

mitigation, compliance, and legal aspects.
2. Asset Security: Involves safeguarding digital and physical assets, including data
storage and disposal.
3. Security Architecture and Engineering: Optimizes data security through effective
tools and systems, like configuring firewalls.
4. Communication and Network Security: Manages physical networks and wireless
communications, ensuring secure user behavior.
5. Identity and Access Management: Controls access to assets by validating user
identities and managing roles.
 6. Security Assessment and Testing: Conducts audits and testing to monitor risks
and vulnerabilities.
7. Security Operations: Handles investigations and implements preventative
measures against security incidents.
8. Software Development Security: Integrates secure coding practices into
software development to create secure applications.

Understanding these domains aids in career clarity and prepares professionals for
various roles in cybersecurity. While mastery in all domains isn't necessary, grasping the
basics lays a strong foundation for growth in the field.

Types of Threat Actors

Threat actors encompass various types, each with distinct motivations and methods.
Here's a breakdown:

1. Advanced Persistent Threats (APTs): Highly skilled actors target organizations,

like corporations or governments, aiming to cause significant damage or steal
valuable data over an extended period.
2. Insider Threats: Individuals with authorized access exploit it for personal gain,
engaging in activities like sabotage, corruption, espionage, or unauthorized data
access.
3. Hacktivists: Driven by political agendas, they leverage technology for
demonstrations, propaganda, social change campaigns, or seeking fame.
4. Hacker Types:
○ Authorized Hackers (Ethical Hackers): Follow ethical guidelines,
evaluating organizational risks to protect against malicious threats.
○ Semi-Authorized Hackers (Researchers): Identify vulnerabilities without
exploiting them.
 ○ Unauthorized Hackers (Unethical Hackers): Malicious actors seeking
financial gain by collecting and selling confidential data illegally.
5. New and Unskilled Threat Actors: Motivated by learning, seeking revenge, or
exploiting existing security weaknesses.
6. Other Hacker Types:
○ Some are motivated solely by completing contracted jobs, whether legal or
illegal.
○ Vigilante hackers aim to protect against unethical hackers, considering
themselves defenders of cybersecurity.

Understanding the motivations and intentions of these threat actors enables better
preparation to safeguard organizations and individuals from their malicious activities.

Frameworks, Controls and Compliance

Security frameworks, controls, and compliance regulations work together to manage
security effectively and minimize risk. Here's how they're related:

1. Confidentiality, Integrity, and Availability (CIA) Triad: Foundational principles

guiding cybersecurity professionals to establish controls that mitigate threats,
risks, and vulnerabilities.
2. Security Controls: Safeguards designed to reduce specific security risks,
implemented alongside frameworks to ensure correct security processes and
regulatory compliance.
3. Security Frameworks: Guidelines for building plans to mitigate risks and threats,
consisting of four core components: identifying security goals, setting guidelines,
implementing processes, and monitoring results.
4. Compliance: Adhering to internal standards and external regulations, such as:
○ NIST Cybersecurity Framework (CSF) and Risk Management Framework
(RMF): Voluntary compliance frameworks aiding organizations worldwide
in managing risk.
○ Federal Energy Regulatory Commission - North American Electric
Reliability Corporation (FERC-NERC): Regulations for organizations
involved with the U.S. and North American power grid to prepare for and
report security incidents.
○ Federal Risk and Authorization Management Program (FedRAMP®): U.S.
federal program standardizing security assessment and authorization for
cloud services.
○ Center for Internet Security (CIS®): Nonprofit providing actionable
controls and guidance for safeguarding systems and networks.
○ General Data Protection Regulation (GDPR): E.U. regulation protecting
E.U. residents' data and privacy rights.
○ Payment Card Industry Data Security Standard (PCI DSS): International
standard ensuring secure handling of credit card information.
○ Health Insurance Portability and Accountability Act (HIPAA) and Health
Information Trust Alliance (HITRUST®): U.S. law protecting patients'
health information and security framework for HIPAA compliance.
○ International Organization for Standardization (ISO): Establishes
international standards for technology, manufacturing, and management.
○ System and Organizations Controls (SOC Type 1, SOC Type 2): Reports
assessing an organization's financial compliance, risk levels, and data
safety.
○ United States Presidential Executive Order 14028: Directed toward
improving the nation's cybersecurity, targeting federal agencies and third
parties with ties to U.S. critical infrastructure.
Staying updated on these frameworks, controls, and compliance regulations is crucial
for security analysts to ensure organizational and individual safety in an evolving
cybersecurity landscape.

Cybersecurity Ethics
Ethical Guidelines for Security Professionals

● Remain unbiased
● Maintain confidentiality and security of private data

Counterattacks: Legal and Ethical Considerations

● U.S. Law: Counterattacking is illegal. Only defend, don't engage in vigilantism.

● International Perspective: Counterattacks may be acceptable under very specific
conditions that are hard to meet without escalating the situation.
● General Advice: Avoid counterattacks, especially if you're not experienced. They
can worsen the situation.

Ethical Principles and Methodologies

● Confidentiality: Ensure that only authorized users access specific data or assets.
Respect privacy.
● Privacy Protection: Safeguard personal information (PII and SPII) from
unauthorized use. Security professionals have an ethical obligation to protect
private information.
● Legal Compliance: Follow laws and regulations. Work honestly and responsibly,
with respect for the law.

Key Concepts
 ● CIA Triad: Confidentiality, Integrity, and Availability. Frameworks and controls
created to address confidentiality, privacy protections, and laws.
● Laws and Ethics: As a cybersecurity professional, you have an ethical obligation
to protect the organization and individuals. Stay informed and advance your skills
to address security issues ethically.

Example: HIPAA

● The Health Insurance Portability and Accountability Act protects patients' health
information. Security professionals help ensure organizations comply with both
legal and ethical obligations to protect patient data.

Summary

Understanding ethics and laws is crucial for cybersecurity professionals. This

knowledge helps in making informed and correct decisions when facing security threats
or breaches.

Common Cybersecurity Tools

Familiarity with a variety of tools is crucial for future security analysts. Here’s a
simplified overview of essential tools:

● Security Information and Event Management (SIEM) Tools: These applications

collect and analyze log data from an organization's systems, providing alerts for
potential threats. They feature dashboards for easy data analysis and come in
both cloud-hosted and on-premise versions.
● Network Protocol Analyzers (Packet Sniffers): Tools designed to capture and
analyze network traffic, helping identify potential security breaches by examining
data packets within an organization's network.
 ● Playbooks: Manuals detailing procedures for responding to security incidents.
Playbooks guide analysts through steps for specific tasks, such as forensic
investigations or evidence preservation.

Technical Skills and Tools

● Programming: Knowledge of programming languages like Python and SQL is

beneficial for automating tasks and managing databases, which can improve
efficiency and reduce errors.
● Operating Systems: Understanding the basics of Linux®, macOS®, and Windows
is important, as each system offers unique functionalities for managing security.
● Web Vulnerability: Being aware of common web application vulnerabilities, as
highlighted by the OWASP Top 10, is critical for preventing unauthorized access
and data theft.
● Antivirus Software and Intrusion Detection Systems (IDS): Tools for detecting
and mitigating malware and unauthorized access attempts, ensuring the security
of sensitive data.
● Encryption: The process of converting readable data into a secure format to
protect its confidentiality. Understanding encryption is key to safeguarding
private data.
● Penetration Testing: Simulated attacks that identify and address vulnerabilities in
systems, networks, websites, and applications. This practice helps in evaluating
and improving security measures.

Important Concepts

● Chain of Custody and Evidence Preservation: In forensic cases, maintaining a

documented trail of evidence possession and ensuring proper handling of digital
evidence are critical procedures outlined in playbooks.
Security Concepts
Availability: Protecting the availability of information is crucial. It involves ensuring that
data and systems are accessible to authorized users when needed, safeguarding
against events like denial-of-service attacks, power outages, hardware failures, and
service outages. Strategies include using firewalls, redundant power sources, and
building systems with redundancy to handle failures.

Authentication and Authorization: Critical for ensuring that only authorized individuals
access information. This process includes:

● Identification: Claiming an identity.

● Authentication: Proving the identity claimed.
● Authorization: Granting access based on verified identity. Tools used range from
passwords (something you know) to biometrics (something you are) and security
tokens (something you have). Modern systems may use multifactor
authentication, combining different types of evidence to verify identity.

Multifactor Authentication: Enhances security by requiring multiple forms of verification

before granting access. This could be a combination of something the user knows
(password), something they have (security token), and something they are (biometric
verification). It significantly reduces the risk of unauthorized access.

Non-repudiation: Ensures actions or transactions cannot be denied after the fact.

Digital signatures and biometrics provide electronic non-repudiation, similar to how
physical signatures work on documents. This is essential for verifying transactions and
actions in cybersecurity.

Privacy: With the vast amount of personal data collected, protecting privacy is more
important than ever. Personal information can include personally identifiable
information (PII) and protected health information (PHI). Organizations must manage
this data responsibly, respecting legal frameworks like the Health Insurance Portability
and Accountability Act (HIPAA) and the principle of reasonable expectation of privacy.
Key Takeaways:

● Understanding and implementing availability controls are essential to keep

systems running smoothly.
● The access control process, involving identification, authentication, and
authorization, is fundamental to cybersecurity.
● Multifactor authentication provides an additional layer of security.
● Non-repudiation prevents individuals from denying their actions, enhancing
accountability.
● Privacy protection is a critical aspect of managing personal and sensitive
information, requiring adherence to legal standards and ethical practices.

Project 1: Personal Cybersecurity Audit

Objective: Perform a comprehensive cybersecurity audit of your personal digital

devices and online accounts to identify potential security vulnerabilities. Then, develop
and implement a plan to improve your personal cybersecurity posture.

Tools and Resources Needed:

 ● A list of personal digital devices (e.g., laptop, smartphone)
● Access to personal online accounts (e.g., email, social media)
● Basic cybersecurity resources or guidelines (which can be found online, such as
from the National Cybersecurity Alliance or similar organizations)

Project Steps:

1. Inventory of Digital Assets:

○ List all your digital devices and online accounts. This includes laptops,
smartphones, tablets, and any other internet-connected devices, as well as
email accounts, social media, banking, and shopping accounts.
2. Password Audit:
○ Check the strength of passwords for all listed accounts using guidelines
for strong passwords (e.g., length, complexity). Identify any accounts with
reused or weak passwords.
○ Use a reputable online password strength checker if necessary.
3. Update and Patch:
○ Verify that all your digital devices are running the latest operating system
and application versions. List any devices or applications that are outdated
and need updates.
4. Implement Improvements:
○ For weak or reused passwords, create and apply new, strong, unique
passwords for each account. Consider using a password manager to help
manage these passwords securely.
 ○ Update and patch outdated devices and applications to their latest
versions to ensure they have the most current security fixes.
5. Enable Two-Factor Authentication (2FA):
○ Identify which of your accounts support two-factor authentication (2FA)
and enable it wherever possible. This adds an additional layer of security
beyond just the password.
6. Educate Yourself on Phishing:
○ Research and summarize key indicators of phishing attempts. Learn how
to identify suspicious emails, links, and phone calls.
7. Device Security Check:
○ Ensure that all devices have a form of lock (PIN, password, biometric)
enabled.
○ Check that your devices have firewall and antivirus/anti-malware software
installed and activated.
8. Privacy Settings Review:
○ Review and adjust the privacy settings on your social media and other
online accounts to enhance your privacy and limit data sharing.
9. Reporting:
○ Draft a report documenting your findings from each step, the
improvements you implemented, and any additional steps you plan to take
in the future to maintain your cybersecurity posture.

Deliverables:
● A detailed report of your personal cybersecurity audit, including your initial
findings, the improvements you made, and your plan for ongoing personal
cybersecurity practices.
●
● Resources
● Project 1 Template