Security Professionals

     Confidentiality occurs that unauthorized individuals are not able to gain access to sensitive information. Cyber security professionals develop and implement security controls, including firewalls, access control lists, and encryption to prevent unauthorized access to information attackers may seek to understand. Undermine confidentiality controls achieve one of their goals to unauthorized disclosure of sensitive information. Integrity ensures that there are no unauthorized modifications in information or systems, either internationally or unintentionally integrity controls such as hashing. And integrity monitoring solutions to seek to enforce these requirements. Integrity threats may come from attackers seeking the alteration of information without authorization or non malice sources such as power spikes causing the corruption of information. Availability ensures that information and systems are ready to meet the needs of legitimate users at the time those users request them available. Controls such as fault tolerance, clustering and backup seek ensure the legitimate users may gain access needed simply similar. The integrity threats availability threats may come either from attackers seeking the disruption of access of non malicious sources such as fire destroying a data center that contains valuable information or services. Cybersecurity and analysis often first to these three goals known as. The CIA trained Traid when preforming their work. They often characterize risk attacks and security controls as meeting one or more of three CIA trial goals when describing them.

Data Breech Risks

Security incidents occur when an organization and stealing sensitive information as a result of accidental activity, such  employee leaving an encrypted laptop in the back of a ride-share, or as a result of a natural activity such as an earthquake destroying a data center.   

            Security professionals are responsible for understanding these risks and implementing controlled designs to manage those risks. To an acceptable level. To do so, they must first understand the effects that a breach might have on organization and impact it might have on ongoing basis.

So let's switch it up to make it interesting. One of the most important ways to block someone on the network is by using ACL's  Access control lists (ACL) have a lot of uses on Cisco routers. 

. Classifying and organizing traffic for quality of service—You can use an ACL to categorize and prioritize your traffic with Quality of Service
(QoS).
. Filtering routing updates—ACLs can be used with routing protocols to control what networks are advertised. 
 
. Defining interesting traffic for dial-on-demand routing (DDR)—ACLs can be used to configure what traffic will dial a remote router when using Integrated Services Digital Network (ISDN).
. Network Address Translation (NAT—ACLs are used to identify inside local addresses when configuring NAT.   

Watch this Video to get some more further information.   http://s804283110.onlinehome.us/ACLROUTESUM

A global ransomware attack has hit thousands of servers running the VMware ESxi hypervisor, with many more servers expected to be affected, according to national cybersecurity agencies and security experts around the world.

The Computer Emergency Response Team of France (CERT-FR) was the first to notice and send an alert about the attack.

The DAD Triad

Early in this chapter, we introduced the CIA Triad used to describe the three main goals of cyber security, confidentiality, integrity and availability.   This model explains the three key threats to cybersecurity efforts, disclosure, alteration, and denial. Each of these three threats maps directly to one of the main goals of cyber security.

• Disclosure is exposure of sensitive information to unauthorized individuals, otherwise known as data loss. Disclosures of violation of the principle of confidentiality. Attackers would gain access to sensitive information and remove it from organizations that are said to be performing data exploitation. Disclosure may also occur accidentally, such as when administrator misconfigured access controls or an employee loses a device.
• Alteration is unauthorized modification of information, as is the violation of the principle of integrity. Attackers may seek to modify records contained in a system for financial gain, such as adding fraudulent transactions to financial accounts. Alterations may occur as a result of natural activity, such as a power surge causing a “bit flip” occur as a result. Natural activities such as power surge Fitbit may occur. As a result of the natural activities security that modifies the stored data. Accidental. Alterations is also a possibility. If the user unintentionally modifies information stored in a critical system as a result of a typo or other unintended activity.
• Denial is disruptive. Unauthorized. Get out of instructive of an authorized user legitimate access to information. Denial events violate the principles of availability. This availability loss may be intentional, such as when the attacks and launches a distributed denial of service DDoS. Against. Attack against a website denial may also occur as a result of accidental activities such as failure of a critical server, or as a result of natural activity such as natural disaster impacting our communication circuit.

The CIA and DAD triads are very useful tools for cyber security planning and risk analysis whenever you find yourself. Task with the broad goal of assessing the Security Council used to protect an asset or the threat to an organization. You can turn to a CIA or dad triads for diet guidance. X threats to organization website you may apply a DAD triad. In your analysis, does the website contain sensitive information that would damage organization disclosure? To unauthorized individuals. If an attacker was able to modify information contained on the website, would this unauthorized alteration cause financial, reputational, or operational damage to the organization?

• Does a website perform mission critical activities that could damage the business significantly? If an attacker were able to disrupt the site graph.

That's just one example of using the DAD tried to inform a risk management. You can use the CIA and DAD models in almost any situation to serve as a helpful starting point for a more detailed risk analysis.

  If an attacker were able to modify information contained on the website, would this author’s unauthorized altercation cause financial, reputational, or operational damage to the organization? Does the website perform mission critical activities that could damage the business significantly? When attacked they were able to disrupt the site. That's just one example of using the DAD triad to inform risk assessment. You can use CIA and DAD models in almost any situation to serve as a helpful starting point for a more detailed risk analysis?

• BRIEF IMPACT

The impact of security includes maybe wide-ranging depending upon the nature of the Internet and type of organization affected. We can catalyze the potential impact of the security Internet using the same category categories that businesses generally used to describe any type of risk. Financial, reputational, strategic, operational, and compliance. Let's explore each of these risk categories in greater detail.

• FINANCIAL RISK

Financial risk is the name applied to the risk of monetary damage to an organization as a result of data breach. This may be very direct financial damage, such as the cost of rebuilding the data center after it is physically destroyed, or the course of contracting experts for incident response and forensic analysis services. Financial risk may also be in directing comments. Second order consequences of breach. For example, if an employee loses a laptop containing plans for a new product. The physical the physical laptop. However, the indirect financial damage may be more severe. Competitors may gain hold of those products’ plans and beat the organization to market resulting in potential significant revenue loss.

• REPUTRATIONAL RISK

Reputational risk occur when negative publicity surrounding a security breach causes the loss of goodwill among customers, employees, suppliers and other stakeholders. It is often difficult to quantify reputational damage as these stakeholders may not come out. And directly say that they will reduce or eliminate their volume. Of businesses with organization as a result of security breach. However, this breach may still have an impact on their future decisions about doing business with the organization.

• IDENTY THIEF 

When a security breach strikes an organization, the effects of the breach, often extend beyond the walls of breach organization, affecting customers, employees, and other individual stakeholders. The most common impact on these groups is the risk of identity theft posed by the exposure of personality identifiable information PII. To unscrupulous individuals, organizations should take special care to identify, inventory, and protect the PII elements, specifically dolls that are prone to use in identity theft crimes. These include Social Security numbers and bank accounts. Credit card numbers, driver’s license numbers, passport data, and similar sensitive identifiers.

•   Strategic risks.

Strategic risk Is the risk that an organization will become less affected in meeting its major goals and objectives as a result of a breach? Consider again the example of an employee laptop losing a laptop that contains a new product development plan.  This incident may pose strategic risk to the organization in two different ways. First, if the organization does not have another copy of those plans, they may have maybe not able to bring the new products to market or may suffer significant product development delays. Second, competitors gain hold of those plans. May be able to bring competition no competing products to markets more quickly or even dare the organization to markets gaining first mover advantage. Both effects demonstrate strategic risk to the organization’s ability to carry out its business plan.  

•      Operational Risk

 Operational risk is an organization’s ability to carry out its day-to-day functions. Operational risk may slow down business processes. Delayed delivery of customers’ orders requires the implementation of time-consuming manual work arounds to normal, normally automated practices. Operational risk and strategic risks are closely related, so it might be difficult to distinguish between them. Think about the difference in terms of the nature and degree of the impact of the on the organization if a risk threatens. The very existence of an organization or the ability of the organization to execute its business plan, that is strategic risk. That seriously jeopardizes the organization's ongoing liability. On the other hand, if the risk only causes inefficiency and delay within the organization, it fits better into operational risk category.

•     Compliance Risk

Compliance risk occurs when a security breach causes an organization to run a file. Regarding legal or regulatory requirements, for example, the health insurance portability and Accountability Act. Hip, hip, hip. HIPAA requires the health care provider and other covered. entries product the confidentiality, integrity, and availability of the product. Protected health information PHI. If an organization loses patient medical records, they violate the HIPAA requirements or are subject to sanctions and fines from the US Department of Health and Human Services. That's an example of a compliance risk. Organizations face many different types of compliance risk. In today's regulatory landscape, the nature of those risks depends on the petition with the organization operates the industry with organization functions within the type of data that the organization handles. We discussed these compliance risks more in security policy standards and compliances. This risk often costs categories don't feel like you need to shoehorn every risk into one only one of these categories. In most cases, the risk will cause multiple risk categories. For example, if an organization suffers a data breach that exposes customer PII. Tied to unknown individuals. The organization will likely suffer reputational damage due to negative media coverage. However, the organization may suffer financial damage. Some of the financial damages may come in the form of business due to reputational damage. Other financial damage may come because of compliance risk if regulators impose fines on the organization. Still more financial damage may occur as direct results of breach, such as the course associated with providing customers with identity protection services and notifying them about the breach.

                                                                               Implementing security controls

 As an organization and our analysis is risk environment, technical and business leaders determined level of protection required to preserve the confidentiality, integrity and availability of their information and systems. They expressed these requirements for writing the control objectives that the organization wishes to achieve. These control objectives are statements of a desired security state, but they do not by themselves actually carry out security activities. Security controls are specific measures that fulfill the security objective of an organization.

                                                                              Security control category categories

Security code controls are categorized, based on their mechanisms of action. The way that they achieve their objectives, there are three different categories of security control.   

• Technical control

 Enforce confidentiality, integrity and availability in digital space. Example of technical security controls includes firewalls. Rules, access control list, intrusion prevention systems and encryptions.

• Operational controls

 Will include the processes that we put in place to manage technical technology. The secure manner. These include user access reviews, log monitoring and vulnerability management.   

• Manageable control

They are procedural mechanism that focus on mechanisms of risk management, process examples and ministration controls. Includes periodic. Risk assessment, security planning exercise and the incorporation of security into the organization. Change management service acquisitions and project management practices. 

Now let's look at some practical examples of threats seen on a network referencing to Cyber Security.

Hi, I have some work I'm working on in packet tracer and I need to find the best type of network threat I can simulate and 'attack' my network with and demonstrate how to prevent it from happening again. what is the best threat I can show on packet trace.

In this question they are talking about a  DOS attack of some kind, been a while since I used PT but I'm sure you can send a 10000 pings consecutively from various PC's/Servers to a given network device and see what's dropped in the simulation tab. Unfortunately I don't think PT can do this. The new CML I pretty sure can, or EVE/GNS. This could not be accomplished in Packet Tracer which does not have the same values as a simulator, still researching. Working on a different topology. To be continued: This will be another topology using security to  configure ACL's.

 Organizations should select a set of security controls. That meets the control objectives based on the criteria and parameters that they either select for the environment or have imposed on them by outside regulators. For example, an organization that handles sensitive information might decide that confidentiality concerns surrounding that information require the highest level of control. At the same time, they conclude that they're availability of their website is not as. As critical importance given these considerations, they would dedicate significant resources to the confidentiality of sensitive information, or perhaps invest in little, if any, time and money protecting this website against a denial of service attack. Many control objectives require combination of technical operations and managerial controls. For example, an organization might have the control objective of preventing an authorized access to a data center. They may they might achieve this goal by implementing biometric access controls. Technical controls performing regular reviews of authorized access operational controls and conducting routine risk assignment managerial controls.

     Note: These controls, categories, and types are unique to comp Tia. If you've already studied the similar categories as part of your preparation for another security exam, be sure to study these carefully when answering exam questions.

Security control types

 CompTIA also divides security into types based on the desired effects. The types of security control include the following.

• Preventive control intend to stop security issues before it occurs. Firewall and encryptions are examples of preventive controls.
• Detection controls identity security events that have already occurred. Intrusion detection systems or detective controls?
• Corrective controls remediate security issues that have already occurred. Restoring backups after ransomware attacks is  an example of a corrective control.
• Deterrent Control seek to prevent an attacker from attempting to violate security policies. Vicious guard dogs and barbed wire fences are examples of deterrent controls.
• Physical controls are security controls that impact the physical world. Examples of physical security controls. Includes fences, perimeter lighting, locks, fire suppression. Systems and burglar alarms.
• Compensating controls are controls designed to mitigate the risks associated with exceptions made to a security policy.

Exploring Compensating control

 The payment card industry data security standard. PCI DSS includes one of the most formal compensating control processes in use today. It set out three criteria that must be met for compensating control to be satisfactory.

• The control must meet the intent and rigor of original requirements.
• The control must provide a similar level of defense. As original requirements such that the compensating control sufficiency offset the risk that the original PCI DSS requirements was designed to defend against.
• The control must be above and beyond other PCI DSS requirements.

   For example, an organization might find it need to run an outdated version of an operating system on a Pacific machine, because software necessary to run the business will only function on that operating system version. Most security policies would prohibit using the outdated operating system because it might be susceptible to security vulnerabilities. The organization could choose to run this system. On a isolated network with either very little or no access to other systems as compensating controls. General idea is that the compensating control finds alternate means to achieve objectives when the organization cannot meet the original control requirements. Although PCI DSS offers a very formal process. For compensating controls.

 The use of compensating controls is a carbon strategy of many different organizations. Even though it's not subject to PCI DSS. Compensating controls. Balance the fact that it simply isn't possible to implement every required security control in every circumstance. For desire to manage risks to the greatest feasible degree.

   In many cases, organizations adopt compensating controls to address a temporary exemption to a security requirement. In those cases, the organization should also develop remuneration. Plans designed to bring the organization back into compliance with the letter and intent of the original control.

 Data Protection

Security professionals spend significant amounts of their time focusing. On the protection of sensitive data, we serve as stewards and guardians, protecting the confidentiality. And trickery and availability of the sensitive data created by organizations and entrusted to us by our customers and other stakeholders.

    As we think through the data protection techniques, it's helpful to consider the three states where data might exist.

•    Data at rest is stored data the resides  In the cloud or other storage media, data is prone to perforating by insiders of external taxes, who gain access to systems and are able to browse through their contents.
• Data in motion is data that is transit over network. When data travels on an untrusted network, it is open. To eavesdropping tax by anyone with access to those networks they didn't processes data. That activity is used by computer systems. This includes data stored in memory. While processing takes place in the tactical with control of the system may be able to read the contents of memory and steal sensitive information we can use. Different security controls to safeguard data in all three states, building a robust set of defenses that protects our organization. Vitals interests.

   Data Encryption

    Encryption technology uses mathematical algorithms protect information from prying eyes. Both while it is in. Friends over network and while it besides on systems encrypt data is unintelligible to anyone who does not have access to appropriate decryption key. Making it safe for store transmit encrypted data over otherwise insecure means.

  Data Loss Prevention,

   Data loss prevention (DLP) systems help organizations enforce information handling policies and procedures to prevent data and loss and theft. They search systems restore or sensitive information that might be unsecured and monitor network traffic for potential attempts to remove sensitive information from the organizations. They can act quickly to block the transmission before damage is done and alert admission to the attempt breach.

  DLP systems work in two different environments:

• Host-based space DLP
• Network DLP

Host-based DLP uses software that agent installed on systems that search those systems for the presence of sensitive information. These searchers often turn up Social Security numbers, credit card numbers and other sensitive information and most unlikely places! 

  Detecting the presence store sensitive information allows security. Professionals to take prompt actions to either remove or secure it with encryption. Taking the time to secure remove information may pay handsome rewards down the road if device is lost or compromised.

 Host based DLP can also monitor system configuration and user actions lock it undesirable actions. For example, some organizations use host based DLP to block users from accessing USB based removal media. Devices that may use to carry information. Out of the organizations Secure Environment Network based DLP systems are dedicated devices that sit on a network and monitor output network traffic, watching for any transmission that contains unencrypted sensitive information. They can then block those transmissions for Benton to unsecured loss of sensitive information. Do you play? Systems may simply block traffic that violates the organizations policy, or in some cases they may automatically apply encryption to that content. These automatic encryptions are commonly used for DLP systems that focus on e-mail.

  DP Systems also have two mechanisms of actions.

• Pattern matching when they watch for the tailgate signs of sensitive information. For example, if they see numbers that are formatted like credit cards or Social Security numbers, they can automatically trigger on that similarly. They may contain a database of sensitive terms such as top secret or business confidential and trigger when they are those terms in transmission.
• Watermarking wear systems or administrations apply electronic tax sensitive documents and then the DLP systems can monitor systems and networks for unencrypted contents. Containing those tags, what are
• Watermarking technologies also commonly used in digital rights? Management DRM solutions that enforce copyright and data ownership restrictions.

Data Minimization

Data minimization technology seek to reduce risk by reducing the amount of sensitive information that we maintain on a regular basis. The best way to achieve data minimization is to simply destroy the data when it's no longer necessary to meet our original business purpose.

 If we can't completely remove the data from the data center. You can often transmit it. Into a format where the original census information is de-identified. The de-identification process removes from the ability to link data back to an individual, reducing its sensitivity.

  An alternative to deidentified data is transforming it into a format where the original information can't be received. This process is called data and. Use dictation and we have several tools at our disposal to assist with it:

• Hashing uses hash functions to transform a value in our database to a corresponding hash value. If we apply a strong hash function to data elements, we may replace the data value in our file with the hash value.
• Tokenization replaces onto the values with a unique identifier using a lookup table. For example, we might replace. a widely known value such as a student ID, if we need to determine someone's identity. Of Couse, if you use this approach, you need to keep the lookup table secure!
• Masking partially redacts sensitive information by replacing some of all sensitive fields with blank with a randomly generate 10-digit numbers. We'd then maintained a lookup table that allows us to convert those back. To student ID's if we need to determine someone's identity. Of course, if you use this approach you need to keep the lookup table secure, masking puncher particularly. Tax sensitive information. We're replacing some of all sensitive fields with blank characters. For example, we might replace all but the last four digits of the credit card number with X or S's tourist to render the card numbers unreadable.

 Although it is impossible to retrieve the original value directly from the hash. There's one major flaw to this approach. If someone has a list of possibility values for a field, they can conduct something called a rainbow table attack. In this attack, the attacker computes the hashes of those candidates with values and then check to see if those hashes exist in our data file.

  For example, imagine that we have a file listed all students at our colleges who have failed courses. We have their student ID. If they're taxed that has a list of students, they can compare the hash values of all student's ID's and then check to see which hashes drivers are on the list. For this reason, hashing should. Only be used with caution.

Summary

Cybersecurity professional responsible for ensuring and confidential integrity and availability of information systems maintained by their organizations. Confidentially ensures that unauthorized individuals are not able to gain access to sensitive information. Integrity ensures that there are no unauthorized modifications to information or systems. Either intentionally or unintentionally the information systems are ready to meet the needs of legitimate users at the time those users request them together. These are three goals are known as CIA triad together as

   As cyber security analyst seeks to protect the organization, they. Evaluate risk. The CIA triad.  This includes the design and implementation of appropriate measures of security control drawn from material operations and technical control categories. These controls should also be varied in type, including a mixture of prevention, detecting, correction, deterrent, physical and compensation controls.

 Exam Essentials

 The three objectives of cybersecurity are confidential are, Integrity and availability confidentially. Confidentiality ensures that the unauthorized individuals are not able to gain access to sensitive information. Integrity ensures that there are no unauthorized modifications the informational systems either intentionally or unintentionally available ensures that information and systems are ready to meet the needs of literally the users at the time those users request them.

   Security controls may be categorized based on mechanisms of actions and their intent. Controls are grouped into categories of managerial, operational and technical based on the way they achieve these objectives. They are divided into these the types of preventive detective correction. Current compensation and physical based on their intended purpose.

Data breaches have significant and device impacts on organizations. When and organization suffers a data breach resulting in data loss often results in both direct and indirect damages. The organization suffers immediate financial repercussions due to cost associated with incident response. As well as long term financial consequences because we are This reputational damage. Reputational damage may be difficult to quantify, but it also may have a lasting impact. In some cases, organizations may suffer. Operation damage if they experience availability damages, preventing them from accessing their own information.

   Data must be protected in transit, at rest, and in use. Attackers may tempt to. He's drop. On network transmissions containing sensitive information, this information is highly vulnerable when trans transit unless protected by encrypted encryption technology attackers also. Attack is also my attempt to breach data storage, stealing data at rest. Encryption serves to protect stored data as well as data in transit. Data is also vulnerable while in use on a system, it should be protected during data processing activities.

 Data loss prevention system blocked data exfiltration attempts. DLT technology enforces information handling policies to prevent data loss and theft. DLP systems may function. At the host level, using software agents to search systems for the presence of sensitive information. They may also work at network level, watching for transmission and unencrypted sensitive. Information. DLP Systems Direct system sentence sensitive information and using pattern matching technology and or digital water making.

 Data minimization reduces risk of reducing the amount of sensitive data that we maintain.

In cases where we cannot simply discard unnecessary information, we can protect information through the de-identification, we can protect information through de-identification and data obfuscation. The tools used to achieve these goals include hashing, tokenization and the masking of sensitive fields.

Quiz Review Questions & Answers

1. It is the combination of a threat and a corresponding.

Is this a Risk or Threat The answer is a Risk. Vulnerability. Risk = Threat × Vulnerability

   2.Incorporate even more information into their decision-making process, including contextual information about users, applications, and business p. processes. They are state-of-the-art in network protection. Term -Next-generation firewalls (NGFWs). The answer is TURE.

   3. NAC solutions use dedicated appliances that sit in between devices and the resources that they wish to access. They deny or limit network access to devices that do not pass the NAC authentication process.

Term In-Band vs. Out-of-Band Answer is True

  4.is the cornerstone of any information security program. XXX must take the time to thoroughly understand their own technology environments and the external threats that jeopardize their information security. Term Cyber-security risk analysis. Answer is True.

  5. This occur when individuals doing their routine work mistakenly perform an action that undermines security. For example, a system administrator might accidentally delete a critical disk volume, causing a loss of availability. Term Structural threats. Answer is False (This is an Accidental threats)

  6. This occur when natural or man-made disasters occur that are outside the control of the organization. These might include fires, flooding, severe storms, power failures, or widespread telecommunications disruptions.

Term Accidental threats. Answer is False. (This is an environmental threats).

  7.This in the world of cybersecurity is an outside force that may exploit a vulnerability. Term Threat Answer is True.

 8. This occurs when equipment, software, or environmental controls fail due to the exhaustion of resources (such as running out of gas), exceeding their operational capability (such as operating in extreme heat), or simply failing.
due to age. Answer is environmental threat.

9. They are specialized firewalls designed to protect against XXX application attacks, such as SQL
injection and cross-site scripting. Answer is Web application firewalls (WAFs)

 10. may use agents running on devices
To obtain configuration information from the device. Devices that fail to meet minimum security standards, such as having incorrectly configured host firewalls, outdated virus definitions, or missing patches, may be either completely denied network access or placed on a special quarantine network where they are granted only the limited access required to update the system's security. Answer is System Health (NAC Control)

  11.

The technical work of the penetration test begins during the XXXX phase when attackers conduct reconnaissance and gather as much information as possible about the targeted network, systems, users, and applications. This may include conducting reviews of publicly available material, performing port scans of systems, using network vulnerability scanners and web application testers to probe for vulnerabilities, and performing other information gathering. Answer is Pentesting Discovery Phase 2

  12 NAC Solution that requires that the device requesting access to the network run special software designed to communicate with the NAC service. XXXX approaches to NAC conduct authentication in the web browser and do not require special software. Answer is Agent-Based vs. Agentless

  13.Limiting network access to authorized individuals and ensuring that systems accessing the organization's network meet basic security requirements. Example 802.1X. Answer is Network Access Control (NAC) Objectives.

  14. This feed false information to malicious software that works its way onto the enterprise network. When a compromised system attempts to obtain information from an XXX server about its command-and-control server, the XXX server detects the suspicious request and, instead of responding with the correct answer, responds with the IP address of an XXX system designed to detect and remediate the botnet-infected system. Answer is DNS sinkholes

 15. Users may be assigned to particular network segments based on their XXX in the organization. For example, a college might assign faculty and staff to an administrative network that may access administrative systems while assigning students to an academic network that does not allow such access. Answer is Role (NAC Control).

  16.Users may be granted or denied access to network resources based on their physical XXX. For example, access to the datacenter network may be limited to systems physically present in the datacenter. Answer is Location (NAC Control).

  17. Go beyond XXX and maintain information about the state of each connection passing through the firewall.

 Answer is Stateful inspection firewalls.

  18. Are systems, devices, software, and settings that work to enforce confidentiality, integrity, and/or availability requirements. Answer is technical controls.

  19. Users may be authorized to access the network only during specific time periods, such as during business hours.

Answer is Time of Day (NAC Control.

  20.Risk acceptance, risk avoidance, risk mitigation, and risk transference, to reduce the likelihood and impact of risks identified during risk assessments. Answer

Lert's now review the Summary Section in the Book - Today's Security Professional

1.        What are Cybersecurity professionals responsible for? Cyber security is responsible for ensuring confidentiality, integrity and availability of information systems in their organization.

2.      What does Confidentiality ensure? Confidentiality ensures that unauthorized are not able to gain access to sensitive information.

3.      Tell me what does Integrity ensure? Integrity ensures that there are no unauthorized modifications to information or systems.

4.      What are the three goals called in Cyber Security. Name them not just the initials?

The three goals are known as CIA traid. Confidentiality, integrity and availability, also known as the CIA triad, is a model designed to guide policies for information security within an organization. The model is also sometimes referred to as the AIC triad (availability, integrity and confidentiality) to avoid confusion with the Central Intelligence Agency.

5.      Tell me more about the CIA traid. The CIA traid will also include the design and implementation of appropriate measures of security control drawn from material operations and technical control categories. These controls should also be varied in type, including a mixture of prevention, detecting, correction, deterrent, physical and compensation controls.

6.      As cyber security analysts seek to protect their organization; they must evaluate risk to the CIA trade. This includes the design and implementation of an appropriate mixture of security controls drawn from the managerial, operational, and technical control categories. These controls should. also be varied in type included in mixture of prevention detection correction deterred physical and coming controls. And compensation with controls.

Exam Essentials Review:

   What are the three objectives of cyber security. Confidentiality, integrity and availability. Confidentiality ensures that unauthorized individuals are not able to gain access to insensitive information. Integrity ensures that there are no unauthorized modifications to information or systems, either intentionally or unintentionally. Availability ensures that the information and systems are ready to meet the needs of legitimate users at the time those users' request.

   What are the security controls may be categorized based on the mechanisms of actions and their intent controls or group. Into categories of managerial, operational and technical based. On the way they achieve their objectives, they are divided into types of preventives, detective, correction, deterrent, compensation and physical based on their intended purpose.

Tell me something about Data breaches. They have significant and diverse impacts on organizations. When an organization suffers a data breach, the resulting data loss often results in both direct and indirect damages. The organization suffers immediate financial repercussions due to the cost associated with the incident response as well. As long-term financial consequences due to reputational damages. Reputational damages may be difficult to quantify, but if there it may have a lasting impact. In some cases, organization may suffer operational damages of day. Have a lasting impact? OK. In some cases, organizations may suffer operational damage that they experience available free damages preventing them from accessing their own information.

 They must be protected in transit and rest and in use. Eavesdrop on network transmissions containing sensitive information. This information is highly vulnerable when IT transit unless protected by encryption technologies. Attackers also might attempt to breach data stored, stealing data at rest encryption servers to protect stored data. The world's data in transit data is also vulnerable while in use on a system and should be protected during data processing activities, data loss prevention system blocks, and infiltration attempts. DLP Technologies enforces information handling policies to prevent data loss and DLP systems. May function at the host level using software agents to search systems for the presence of sensitive information. They may also work at network levels, watching the transmission of. Encrypted sensitive information DLP systems detect sensitive information using pattern matching technology and or digital water. Making data minimization reduces risk of reducing the amount of sensitive information that we would think maintain in cases where we cannot simply discard unnecessary information. To protect information through a D identification and data application, the tools used to achieve these goals include hashing, token tokenization, and masking of sensitive data.

Now the Cisco Learning Center has a course that I am registered in: See link attached:

https://skillsforall.com/launch?id=7662b32f-0a49-4d7a-b881-498eb3be42cc

Review:

Traditional data is typically generated and maintained by all organizations, big and small. It includes the following:

• Transactional data such as details relating to buying and selling, production activities and basic organizational operations such as any information used to make employment decisions.
• Intellectual property such as patents, trademarks and new product plans, which allows an organization to gain economic advantage over its competitors. This information is often considered a trade secret and losing it could prove disastrous for the future of a company.
• Financial data such as income statements, balance sheets and cash flow statements, which provide insight into the health of a company.

  Internet of Things (IoT) and Big Data

IoT is a large network of physical objects, such as sensors, software and other equipment. All of these ‘things’ are connected to the Internet, with the ability to collect and share data. And given that storage options are expanding through the cloud and virtualization, it’s no surprise that the emergence of IoT has led to an exponential growth in data, creating a new area of interest in technology and business called 'Big Data.'

The Cube The McCumber Cube is a model framework created by John McCumber in 1991 to help organizations establish and evaluate information security initiatives by considering all of the related factors that impact them. This security model has three dimensions:

1. The foundational principles for protecting information systems.
2. The protection of information in each of its possible states.
3. The security measures used to protect data.

Scroll down to find out more about the different elements of each dimension.

• Confidentiality is a set of rules that prevents sensitive information from being disclosed to unauthorized people, resources and processes. Methods to ensure confidentiality include data encryption, identity proofing and two factor authentication.
• 
  Integrity ensures that system information or processes are protected from intentional or accidental modification. One way to ensure integrity is to use a hash function or checksum.
• 
  Availability means that authorized users are able to access systems and data when and where needed and those that do not meet established conditions, are not. This can be achieved by maintaining equipment, performing hardware repairs, keeping operating systems and software up to date, and creating backups.

• Processing refers to data that is being used to perform an operation such as updating a database record (data in process).
• 
  Storage refers to data stored in memory or on a permanent storage device such as a hard drive, solid-state drive or USB drive (data at rest).
• 
  Transmission refers to data traveling between information systems (data in transit).

• Awareness, training and education are the measures put in place by an organization to ensure that users are knowledgeable about potential security threats and the actions they can take to protect information systems.
• 
  Technology refers to the software- and hardware-based solutions designed to protect information systems such as firewalls, which continuously monitor your network in search of possible malicious incidents.
• 
  Policy and procedure refer to the administrative controls that provide a foundation for how an organization implements information assurance, such as incident response plans and best practice guidelines.

  It’s obvious that cybercriminals are becoming more sophisticated in their pursuit of valuable personal data. But they also pose a huge threat to organizational data.

Select Next to find out more.

The security measures used to protect data."

• Awareness, training and education are the measures put in place by an organization to ensure that users are knowledgeable about potential security threats and the actions they can take to protect information systems.
• 
  Technology refers to the software- and hardware-based solutions designed to protect information systems such as firewalls, which continuously monitor your network in search of possible malicious incidents.
• 
  Policy and procedure refer to the administrative controls that provide a foundation for how an organization implements information assurance, such as incident response plans and best practice guidelines.

What Do You Think?

 A concerned customer has forwarded on what they believe to be a fraudulent email. It looks as if it has been sent by @Apollo but something appears a little 'phish-y.'

   Dear Mrs. Appolo, as precautionary measures we restricted access to your account until you validate has been changed event further irregular activity. You'll be unable to access your account until this issue has been resolved. To fix security info, click below to reactivate your account. http://123contactform.com/contact-form-@polo.234.45674.html

 Take a look at the email. Which of the following indicates that it is in fact a phishing email? Don’t forget, you have a chance to earn valuable defender points if you answer this correctly.

Select four correct answers, then Submit.

Customer name

The language, spelling and grammar

Graphics

Link URL

Email address

The one's in red is the correct answer.

This for Real?

Yes, phishing is very common and often works. For example, in August 2020, elite gaming brand Razer experienced a data breach which exposed the personal information of approximately 100,000 customers.

A security consultant discovered that a cloud cluster (a group of linked servers providing data storage, databases, networking, and software through the Internet), was misconfigured and exposed a segment of Razer’s infrastructure to the public Internet, resulting in a data leak. 

It took Razer more than three weeks to secure the cloud instance from public access, during which time cybercriminals had access to customer information that could have been used in social engineering and fraud attacks, like the one you uncovered just now. Organizations therefore need to take a proactive approach to cloud security to ensure that sensitive data is secured.

Data Security Breaches

The implications of a data security breach are severe, but they are becoming all too common.

The Persirai botnet

In 2017, an Internet of Things (IoT) botnet, Persirai, targeted over 1,000 different models of Internet Protocol (IP) cameras, accessing open ports to inject a command that forced the cameras to connect to a site which installed malware on them. Once the malware was downloaded and executed, it deleted itself and was therefore able to run in memory to avoid detection.

Over 122,000 of these cameras from several different manufacturers were hijacked and used to carry out distributed denial-of-service (DDoS) attacks, without the knowledge of their owners. A DDoS attack occurs when multiple devices infected with malware flood the resources of a targeted system.

The IoT is connecting more and more devices, creating more opportunities for cybercriminals to attack.

Equifax Inc.

In September 2017, Equifax, a consumer credit reporting agency in the United States, publicly announced a data breach event: Attackers had been able to exploit a vulnerability in its web application software to gain access to the sensitive personal data of millions of customers.

In response to this breach, Equifax established a dedicated website that allowed Equifax customers to determine if their information was compromised. However, instead of using a subdomain of equifax.com, the company set up a new domain name, which allowed cybercriminals to create unauthorized websites with similar names. These websites were used to try and trick customers into providing personal information.

Attackers could use this information to assume a customer’s identity. In such cases, it would be very difficult for the customer to prove otherwise, given that the hacker is also privy to their personal information.

If you are ever faced with a similar situation, quickly verify if your information was compromised, so that you can minimize the impact. Keep in mind that, in a time of crisis, you may be tricked into using unauthorized websites.

Always be vigilant when providing personally identifiable information over the Internet. Check your credit reports regularly and immediately report any false information, such as applications for credit that you did not initiate or purchases on your credit cards that you did not make.

                                                                             Consequences of a Security Breach

Reputational Damages:

A security breach can have a negative long-term impact on an organization’s reputation that has taken years to build. Customers, particularly those who have been adversely affected by the breach, will need to be notified and may seek compensation and/or turn to a reliable and secure competitor. Employees may also choose to leave in light of a scandal.

Depending on the severity of a breach, it can take a long time to repair an organization’s reputation.

Vandalism

A hacker or hacking group may vandalize an organization’s website by posting untrue information. They might even just make a few minor edits to your organization’s phone number or address, which can be trickier to detect.

In either case, online vandalism can portray unprofessionalism and have a negative impact on your organization’s reputation and credibility.

Thief

A data breach often involves an incident where sensitive personal data has been stolen. Cybercriminals can make this information public or exploit it to steal an individual’s money and/or identity.

Loss of revenue

The financial impact of a security breach can be devastating. For example, hackers can take down an organization’s website, preventing it from doing business online. A loss of customer information may impede company growth and expansion. It may demand further investment in an organization’s security infrastructure. And let’s not forget that organizations may face large fines or penalties if they do not protect online data.

Damaged intellectual properties

A security breach could also have a devastating impact on the competitiveness of an organization, particularly if hackers are able to get their hands on confidential documents, trade secrets and intellectual property.

Despite the best of intentions and all the safeguards you can put in place, protecting organizations from every cyberattack is not feasible.

Cybercriminals are constantly finding new ways to attack and, eventually, they will succeed.

When they do, it will be up to cybersecurity professionals, like you, to respond quickly to minimize its impact.