Essentials Flashcards
(7 cards)
CIA Triad
Confidentiality: Ensures that data is only accessible to authorized individuals. Methods include encryption, access controls, and authentication.
Integrity: Ensures data is accurate and unaltered. Achieved through hashing, digital signatures, and checksums.
Availability: Ensures that systems and data are accessible when needed. Methods include redundancy, load balancing, and DDoS protection.
Risk Management Principles: Threats, Vulnerabilities, Risks, Controls
Threats: Potential events that can cause harm (e.g., malware, insider threats, phishing attacks).
Vulnerabilities: Weaknesses in a system that threats can exploit (e.g., outdated software, misconfigured firewalls).
Risks: The likelihood of a threat exploiting a vulnerability and causing harm.
Controls: Measures to reduce risk (e.g., antivirus software, network segmentation, employee training).
Networking Fundamentals, OSI Model & TCP/IP Protocols, Common Network Attacks, Network Security Tools
Common Network Attacks:
DDoS (Distributed Denial of Service): Overloading a target with excessive requests.
MITM (Man-in-the-Middle): Intercepting communication between two parties.
ARP Spoofing: Manipulating ARP tables to redirect network traffic.
Network Security Tools:
Firewalls: Filter incoming/outgoing traffic based on rules.
VPNs: Encrypt network traffic for secure remote access.
IDS/IPS: Intrusion Detection/Prevention Systems monitor and block malicious traffic.
Common Security Tools: SIEM Platforms, Vulnerability Scanning Tools, Endpoint Protection Tools, Packet Analysis Tools
SIEM Platforms:
Examples: Splunk, QRadar, ArcSight
Function: Collect, analyze, and correlate security logs for threat detection.
Vulnerability Scanning Tools:
Examples: Nessus, OpenVAS
Function: Identify security weaknesses in systems and applications.
Endpoint Protection Tools:
Examples: CrowdStrike, Carbon Black
Function: Protect endpoints from malware, ransomware, and advanced threats.
Packet Analysis Tools:
Examples: Wireshark
Function: Capture and analyze network traffic to detect anomalies and malicious activity.
Incident Response and Handling: Incident Response Lifecycle, Log Analysis and Threat Hunting Basics
Incident Response Lifecycle:
Preparation: Develop response plans and train personnel.
Identification: Detect and confirm incidents.
Containment: Isolate affected systems to prevent spread.
Eradication: Remove the threat and patch vulnerabilities.
Recovery: Restore affected systems and validate security.
Lessons Learned: Document findings and improve future response strategies.
Log Analysis and Threat Hunting Basics:
Log Analysis: Reviewing security logs to detect suspicious activity.
Threat Hunting: Proactively searching for threats in a network before alerts are triggered.
Security Frameworks and Standards: Common Frameworks, Compliance Standards
Common Frameworks:
NIST (National Institute of Standards and Technology): Guidelines for managing cybersecurity risks.
ISO 27001: International standard for information security management systems.
CIS Controls: Best practices for securing IT systems against cyber threats.
Compliance Standards:
GDPR (General Data Protection Regulation): Protects personal data of EU citizens.
HIPAA (Health Insurance Portability and Accountability Act): Protects healthcare-related information.
Cloud Security (AWS, Azure, GCP): Security Best Practices, Threats to Cloud Environments
Security Best Practices:
Use multi-factor authentication (MFA).
Implement least privilege access control.
Enable logging and monitoring for cloud assets.
Threats to Cloud Environments:
Misconfigurations: Improper settings exposing sensitive data.
Data Breaches: Unauthorized access to cloud-stored information.
Insider Threats: Employees or contractors misusing access to cloud resources.
