Cyber Security Fundamentals
Expert-defined terms from the Certified Professional in Cyber Security for Project Managers course at London School of Business and Administration. Free to read, free to share, paired with a professional course.
Cyber Security Fundamentals #
Cyber Security Fundamentals refer to the basic principles and practices that for… #
These fundamentals are essential for protecting an organization's digital assets, sensitive information, and infrastructure from cyber threats.
Cyber Security Fundamentals cover a wide range of concepts and practices, includ… #
Cyber Security Fundamentals cover a wide range of concepts and practices, including:
1. Access Control #
Access control is the process of limiting or controlling who can access certain… #
This can include physical access to buildings or rooms, as well as digital access to files, systems, and networks.
2. Authentication #
Authentication is the process of verifying the identity of a user or system befo… #
This can include passwords, biometric data, security tokens, or multi-factor authentication methods.
3. Confidentiality #
Confidentiality is the principle of ensuring that sensitive information is only… #
This can be achieved through encryption, access controls, and secure communication channels.
4. Data Loss Prevention #
Data Loss Prevention (DLP) is a set of tools and processes designed to prevent s… #
This can include monitoring data flows, blocking unauthorized transfers, and encrypting data at rest.
5. Incident Response #
Incident Response is the process of reacting to and managing cybersecurity incid… #
This can involve identifying the source of an attack, containing the damage, and restoring systems to normal operation.
6. Network Security #
Network Security focuses on securing the communication channels and infrastructu… #
This can include firewalls, intrusion detection systems, and virtual private networks (VPNs).
7. Patch Management #
Patch Management is the process of applying updates and patches to software and… #
Regular patching is essential to keep systems secure and up-to-date.
8. Risk Assessment #
Risk Assessment is the process of identifying, analyzing, and evaluating potenti… #
This can involve assessing threats, vulnerabilities, and the potential impact of a security breach.
9. Security Awareness Training #
Security Awareness Training is a program designed to educate employees about cyb… #
This can help reduce human error and improve overall security posture.
10. Threat Intelligence #
Threat Intelligence is information about potential threats, vulnerabilities, and… #
This can include threat feeds, reports, and analysis from security vendors.
11. Vulnerability Management #
Vulnerability Management is the process of identifying, prioritizing, and remedi… #
This can involve scanning for vulnerabilities, assessing risk, and applying patches or mitigations.
12. Zero Trust Model #
The Zero Trust Model is a security framework that assumes no trust in users, dev… #
This approach requires strict access controls, continuous monitoring, and least privilege access.
By understanding and implementing these Cyber Security Fundamentals, organizatio… #
However, staying up-to-date with emerging threats, technologies, and best practices is essential to maintaining a robust cybersecurity posture in today's rapidly evolving threat landscape.
Cyber Security Fundamentals #
Cyber Security Fundamentals refer to the foundational principles, concepts, and… #
It encompasses a wide range of topics such as network security, data protection, risk management, and incident response. Understanding Cyber Security Fundamentals is crucial for individuals working in the field of cybersecurity to effectively protect organizations from malicious cyber activities.
Cyber Security #
Cyber Security is the practice of protecting digital systems, networks, and data… #
It involves implementing security measures to prevent unauthorized access, maintain data confidentiality, integrity, and availability, as well as detect and respond to security incidents.
Cyber Threat #
A Cyber Threat is a potential danger or risk to information systems and networks… #
Cyber threats can manifest in various forms including malware, phishing attacks, ransomware, and denial-of-service (DoS) attacks. Understanding cyber threats is essential for organizations to proactively defend against potential security breaches.
Cyber Attack #
A Cyber Attack is a deliberate attempt to compromise the confidentiality, integr… #
Cyber attacks can be carried out through various means such as malware, social engineering, or exploiting vulnerabilities in software or hardware. Organizations need to be prepared to defend against cyber attacks to prevent data breaches and financial losses.
Vulnerability #
A Vulnerability is a weakness or flaw in a system, software, or network that can… #
Vulnerabilities can arise due to coding errors, misconfigurations, or outdated software. It is crucial for organizations to identify and patch vulnerabilities to mitigate the risk of cyber attacks.
Threat Actor #
A Threat Actor is an individual, group, or organization that carries out cyber a… #
Threat actors can range from individual hackers to sophisticated cybercriminal groups or state-sponsored attackers. Understanding the motivations and tactics of threat actors is essential for developing effective cyber defense strategies.
Incident Response #
Incident Response is the process of detecting, analyzing, and responding to secu… #
It involves coordinating a response team, containing the incident, identifying the root cause, and implementing remediation measures to prevent future incidents. Incident response is a critical component of Cyber Security Fundamentals to minimize the impact of security breaches.
Malware #
Malware, short for malicious software, is a type of software designed to disrupt… #
Common types of malware include viruses, worms, Trojans, and ransomware. Organizations need to deploy anti-malware solutions and educate employees on safe computing practices to prevent malware infections.
Phishing #
Phishing is a form of social engineering attack where cybercriminals impersonate… #
Phishing attacks are commonly delivered via email, text messages, or fake websites. Employee training and email filtering are essential measures to combat phishing attacks.
Firewall #
A Firewall is a network security device that monitors and controls incoming and… #
Firewalls act as a barrier between trusted internal networks and untrusted external networks, protecting against unauthorized access and malicious activities. Firewalls are essential components of network security infrastructure.
Encryption #
Encryption is the process of converting plaintext data into ciphertext to secure… #
Encryption uses algorithms and keys to scramble data, making it unreadable without the decryption key. Encryption is used to protect sensitive information during transmission over networks and storage in databases.
Authentication #
Authentication is the process of verifying the identity of users or devices to e… #
Authentication methods include passwords, biometrics, security tokens, and multi-factor authentication. Strong authentication mechanisms are essential to prevent unauthorized access to systems and data.
Access Control #
Access Control is the practice of restricting and managing user access to system… #
Access control mechanisms include user authentication, authorization, and audit trails to enforce security policies and prevent unauthorized access. Implementing robust access controls is essential for protecting sensitive information.
Security Awareness Training #
Security Awareness Training is an educational program designed to educate employ… #
Security awareness training helps employees recognize phishing attempts, avoid social engineering attacks, and follow security protocols to protect sensitive information. Regular training sessions are essential for building a security-conscious culture within organizations.
Security Policy #
A Security Policy is a set of rules, guidelines, and procedures that define the… #
Security policies cover areas such as data protection, access control, incident response, and compliance with regulations. Developing and enforcing security policies is essential for maintaining a secure environment.
Risk Management #
Risk Management is the process of identifying, assessing, and mitigating risks t… #
Risk management involves analyzing threats, vulnerabilities, and potential impacts to determine the likelihood of security incidents and implementing controls to reduce risk. Effective risk management is essential for protecting against cyber threats.
Penetration Testing #
Penetration Testing, also known as pen testing, is a simulated cyber attack cond… #
Penetration testing identifies vulnerabilities that could be exploited by attackers and provides recommendations to strengthen security defenses. Regular penetration testing is a proactive measure to assess and improve security posture.
Security Incident #
A Security Incident is an event that compromises the confidentiality, integrity,… #
Security incidents can include data breaches, malware infections, unauthorized access, or denial-of-service attacks. Responding to security incidents in a timely manner is crucial to minimize the impact on business operations.
Zero #
Day Vulnerability:
A Zero #
Day Vulnerability is a security flaw in software or hardware that is unknown to the vendor and for which no patch or fix is available. Zero-day vulnerabilities are highly sought after by cybercriminals as they can exploit them to launch targeted attacks before a security update is released. Organizations need to be vigilant and implement proactive security measures to mitigate the risk of zero-day exploits.
Denial #
of-Service (DoS) Attack:
A Denial #
of-Service (DoS) Attack is a cyber attack that disrupts the normal operation of a network, system, or website by overwhelming it with a flood of traffic or requests. DoS attacks prevent legitimate users from accessing services, causing downtime and financial losses. Implementing DoS protection mechanisms such as rate limiting and traffic filtering is essential to defend against DoS attacks.
Multi #
Factor Authentication (MFA):
Multi #
Factor Authentication (MFA) is a security mechanism that requires users to provide two or more forms of verification to access a system or application. MFA combines something the user knows (e.g., password), something the user has (e.g., security token), and something the user is (e.g., biometric data) to enhance security. Implementing MFA strengthens authentication and reduces the risk of unauthorized access.
Virtual Private Network (VPN) #
A Virtual Private Network (VPN) is a technology that creates a secure and encryp… #
VPNs are used to protect sensitive data transmitted between remote users and corporate networks, ensuring privacy and confidentiality. VPNs are commonly used for remote access, secure communication, and bypassing geo-restrictions.
Security Operations Center (SOC) #
A Security Operations Center (SOC) is a centralized unit within an organization… #
SOC analysts use security technologies, threat intelligence, and incident response procedures to protect the organization's assets from cyber threats. SOC plays a critical role in maintaining a proactive security posture and ensuring rapid incident response.
Incident Response Plan #
An Incident Response Plan is a documented set of procedures and guidelines for r… #
An incident response plan outlines roles and responsibilities, communication protocols, containment measures, and recovery steps to mitigate the impact of security breaches. Organizations need to regularly test and update their incident response plans to address evolving threats.
Data Loss Prevention (DLP) #
Data Loss Prevention (DLP) is a set of technologies and policies designed to pre… #
DLP solutions monitor, control, and secure data in motion, at rest, and in use to prevent data breaches and comply with regulations. Implementing DLP controls is essential for protecting confidential information from leaks and unauthorized access.
Security Information and Event Management (SIEM) #
Security Information and Event Management (SIEM) is a technology that aggregates… #
SIEM solutions provide real-time visibility into network activities, log data, and security events, enabling organizations to proactively identify threats and anomalies. SIEM is a key tool for monitoring and managing cybersecurity risks.
Internet of Things (IoT) Security #
Internet of Things (IoT) Security refers to the measures and practices implement… #
IoT security focuses on protecting IoT devices from cyber threats, ensuring data privacy, and maintaining the integrity of IoT infrastructure. Securing IoT devices is essential to prevent security breaches and safeguard critical systems.
Bring Your Own Device (BYOD) #
Bring Your Own Device (BYOD) is a policy that allows employees to use their pers… #
BYOD presents security challenges as personal devices may introduce vulnerabilities and data leakage risks. Implementing BYOD security measures such as mobile device management and containerization is essential to protect corporate data.
Cloud Security #
Cloud Security refers to the policies, technologies, and controls implemented to… #
Cloud security measures include data encryption, access controls, identity management, and secure configurations to ensure the confidentiality, integrity, and availability of cloud resources. Securing cloud services is essential for organizations migrating to the cloud to mitigate cyber risks.
Red Team vs. Blue Team #
Red Team vs #
Blue Team is a cybersecurity exercise where security professionals simulate an attack (Red Team) against a defensive team (Blue Team) to test and improve the organization's security posture. Red Team assesses vulnerabilities, exploits weaknesses, and identifies gaps in defenses, while Blue Team defends against attacks, detects intrusions, and responds to incidents. Red Team vs. Blue Team exercises help organizations enhance their security capabilities and readiness.
Compliance #
Security Awareness #
Security Awareness is the knowledge and understanding of cybersecurity risks, be… #
Security awareness programs aim to educate individuals about common threats such as phishing, social engineering, and malware, and promote a culture of security consciousness. Fostering security awareness is crucial for building a resilient cybersecurity posture within organizations.
Endpoint Security #
Endpoint Security is the practice of securing end #
user devices such as desktops, laptops, smartphones, and tablets against cyber threats. Endpoint security solutions protect devices from malware, data breaches, and unauthorized access, and enforce security policies to prevent security incidents. Securing endpoints is essential to protect sensitive data and prevent security breaches in organizations.
Network Security #
Network Security is the practice of protecting networks and networked devices fr… #
Network security measures include firewalls, intrusion detection/prevention systems, VPNs, and access controls to safeguard data transmission and communication. Implementing robust network security controls is crucial for preventing network breaches and ensuring data confidentiality.
Security Architecture #
Security Architecture is the design and structure of security controls, technolo… #
Security architecture encompasses network architecture, access controls, encryption, and security policies to establish a secure framework for information systems. Developing a well-designed security architecture is essential for building a resilient cybersecurity infrastructure.
Cyber Resilience #
Cyber Resilience is the ability of an organization to withstand, respond to, and… #
Cyber resilience involves proactive security measures, incident response planning, and business continuity strategies to minimize the impact of security breaches. Building cyber resilience is essential for organizations to maintain operations and protect critical assets in the face of evolving cyber threats.
Security Controls #
Security Controls are measures, safeguards, or countermeasures implemented to pr… #
Security controls may include technical controls (e.g., firewalls, encryption), administrative controls (e.g., policies, training), and physical controls (e.g., access controls, surveillance) to mitigate threats and vulnerabilities. Deploying effective security controls is essential for reducing security risks and ensuring compliance with security requirements.
Internet Security #
Internet Security refers to the measures and practices implemented to protect us… #
Internet security includes securing web browsers, email services, social media platforms, and online transactions to prevent phishing, malware, and other online threats. Practicing good internet security hygiene is essential for individuals and organizations to stay safe online.
Mobile Security #
Mobile Security is the practice of securing smartphones, tablets, and other mobi… #
Mobile security measures include device encryption, app permissions, remote wipe capabilities, and mobile device management to protect sensitive data and ensure privacy. Securing mobile devices is essential for preventing mobile-related security incidents.
Security Framework #
A Security Framework is a structured set of guidelines, standards, and best prac… #
Security frameworks such as NIST Cybersecurity Framework, ISO/IEC 27001, and CIS Controls provide a blueprint for building a comprehensive cybersecurity program. Adhering to security frameworks helps organizations establish a strong security posture and achieve compliance with industry regulations.
Cybersecurity Risk Assessment #
Cybersecurity Risk Assessment is the process of identifying, analyzing, and eval… #
Risk assessments help organizations understand their cybersecurity vulnerabilities, prioritize security controls, and make informed decisions to mitigate risks. Conducting regular cybersecurity risk assessments is essential for identifying gaps in security defenses and implementing effective risk management strategies.
Dark Web #
The Dark Web is a part of the internet that is not indexed by traditional search… #
The Dark Web is known for hosting illicit activities, black markets, and cybercrime forums where cybercriminals buy and sell stolen data, malware, and hacking services. Organizations need to be aware of the risks associated with the Dark Web and monitor for potential threats.
Cyber Insurance #
Cyber Insurance is a type of insurance coverage that protects organizations agai… #
Cyber insurance policies may cover costs such as legal fees, data recovery, notification expenses, and extortion payments. Investing in cyber insurance can help organizations mitigate the financial impact of security breaches and improve cyber risk management.
Blockchain Security #
Blockchain Security refers to the measures and techniques used to protect blockc… #
Blockchain security involves encryption, consensus mechanisms, and cryptographic algorithms to ensure data integrity and prevent unauthorized modifications. Securing blockchain networks is essential for maintaining trust, transparency, and immutability in decentralized systems.
Supply Chain Security #
Supply Chain Security is the practice of securing the end #
to-end supply chain processes, systems, and partners to prevent cyber threats and data breaches. Supply chain security involves assessing third-party risks, implementing vendor security controls, and monitoring supply chain activities to protect against supply chain attacks. Strengthening supply chain security is crucial for safeguarding critical operations and maintaining business continuity.
Artificial Intelligence (AI) Security #
Artificial Intelligence (AI) Security focuses on securing AI systems, algorithms… #
AI security measures include ensuring data privacy, preventing adversarial attacks, and implementing ethical AI practices to mitigate risks. Securing AI technologies is essential for organizations leveraging AI for decision-making, automation, and predictive analytics.
Ransomware #
Ransomware is a type of malware that encrypts files or locks computer systems, d… #
Ransomware attacks can cause data loss, operational disruptions, and financial losses for organizations. Preventing ransomware infections requires regular backups, security patches, and employee training to recognize and avoid ransomware threats.
Cloud Security Alliance (CSA) #
The Cloud Security Alliance (CSA) is a non #
profit organization dedicated to promoting best practices and research in cloud security. The CSA provides guidance, tools, and resources to help organizations secure cloud environments, comply with regulations, and address cloud security challenges. Collaborating with the CSA can help organizations enhance their cloud security posture and adopt industry-recognized standards.
Cybersecurity Maturity Model Certification (CMMC) #
Cybersecurity Maturity Model Certification (CMMC) is a cybersecurity framework d… #
S. Department of Defense (DoD) to standardize and enhance cybersecurity practices among defense contractors. CMMC requires contractors to meet specific cybersecurity maturity levels and practices to safeguard sensitive defense information. Achieving CMMC compliance is essential for contractors seeking DoD contracts and subcontractor opportunities.
Advanced Persistent Threat (APT) #
An Advanced Persistent Threat (APT) is a sophisticated, targeted cyber attack co… #
APT attacks are stealthy, persistent, and aimed at stealing sensitive information, disrupting operations, or conducting espionage. Defending against APT threats requires advanced security measures, threat intelligence, and continuous monitoring to detect and respond to APT activities.
Internet Security Threat Report (ISTR) #
The Internet Security Threat Report (ISTR) is an annual publication by cybersecu… #
The ISTR provides insights into emerging cyber threats, attack statistics, and best practices for cybersecurity professionals. Referencing the ISTR can help organizations stay informed about the evolving threat landscape and adopt proactive security measures.
Security Incident and Event Management (SIEM) #
Security Incident and Event Management (SIEM) is a comprehensive approach to sec… #
SIEM solutions collect, correlate, and analyze security data from various sources to detect and respond to security incidents in real time. SIEM tools help organizations monitor network activities, identify threats, and