Difference between revisions of "Cybersecurity Fundamentals"
Jump to navigation
Jump to search
m (update more stuff) |
m (added content) |
||
| Line 2: | Line 2: | ||
=== Fundamentals === | === Fundamentals === | ||
| − | + | ==== '''What''' are we trying to protect: It's all about the Data ==== | |
| − | '''What''' are we trying to protect: It's all about the Data | ||
| − | |||
* Confidentiality: Only those who should have access can get access. | * Confidentiality: Only those who should have access can get access. | ||
* Integrity: The data is what it should be. The data has truth. | * Integrity: The data is what it should be. The data has truth. | ||
* Availability: Data is available to those with rights, when they need to access it. | * Availability: Data is available to those with rights, when they need to access it. | ||
| − | + | ==== '''Who''' are we trying to protect the data from? Threat Actors: ==== | |
| − | '''Who''' are we trying to protect the data from? Threat Actors: | ||
| − | |||
* Cybercriminals: motivated by money | * Cybercriminals: motivated by money | ||
* Nationstates: motivated by loyalty to country | * Nationstates: motivated by loyalty to country | ||
| Line 18: | Line 14: | ||
* Insiders: motivated by stupidity (i.e perhaps ignorance would be better), | * Insiders: motivated by stupidity (i.e perhaps ignorance would be better), | ||
| − | '''How''' Tactics, Techniques and procedures | + | ==== '''How''' Tactics, Techniques and procedures ==== |
| − | |||
* Phishing, | * Phishing, | ||
* social engineering, | * social engineering, | ||
| Line 29: | Line 24: | ||
* ransomware | * ransomware | ||
* Break-ins | * Break-ins | ||
| − | |||
| + | ==== Vulnerabilities and Risk ==== | ||
* Risk Identification | * Risk Identification | ||
* Risk Analysis | * Risk Analysis | ||
| Line 38: | Line 33: | ||
* Goto #1 Risk ID | * Goto #1 Risk ID | ||
| − | + | ==== Common Attacks ==== | |
| − | Common Attacks | ||
| − | |||
https://www.cisco.com/c/en/us/products/security/common-cyberattacks.html#~types-of-cyber-attacks | https://www.cisco.com/c/en/us/products/security/common-cyberattacks.html#~types-of-cyber-attacks | ||
| Line 92: | Line 85: | ||
* Credential Reuse | * Credential Reuse | ||
| + | |||
| + | ==== Basic Risk Assessment ==== | ||
| + | |||
| + | |||
| + | https://blog.netwrix.com/2018/01/16/how-to-perform-it-risk-assessment/ | ||
| + | |||
| + | https://www.tylercybersecurity.com/blog/6-steps-to-a-cybersecurity-risk-assessment | ||
| + | |||
| + | # What is a IT Risk Assessment | ||
| + | # Why is it important | ||
| + | # What is at Risk? | ||
| + | # Formulation of Risk | ||
| + | #* Threat | ||
| + | #* Vulnerability | ||
| + | #* Impact | ||
| + | #* Likelihood | ||
| + | #* Risk = Threat * Vulnerability * Assett | ||
| + | # How to perform an IT Risk Assessment | ||
| + | ## ID and prioritize assets (data, servers, contacts...) | ||
| + | ## ID Threats (Natural, H/W S/W failure, Human error, Bad people doing bad things ) | ||
| + | ## | ||
=== References === | === References === | ||
Revision as of 15:30, 14 May 2021
Fundamentals
What are we trying to protect: It's all about the Data
- Confidentiality: Only those who should have access can get access.
- Integrity: The data is what it should be. The data has truth.
- Availability: Data is available to those with rights, when they need to access it.
Who are we trying to protect the data from? Threat Actors:
- Cybercriminals: motivated by money
- Nationstates: motivated by loyalty to country
- Terrorist Organizations: motivated by destruction
- Hacktivists: motivated by a moral cause
- Insiders: motivated by stupidity (i.e perhaps ignorance would be better),
How Tactics, Techniques and procedures
- Phishing,
- social engineering,
- business email compromise (BEC) scams,
- botnets,
- password attacks,
- exploit kits,
- malware,
- ransomware
- Break-ins
Vulnerabilities and Risk
- Risk Identification
- Risk Analysis
- Risk Response
- Risk Mitigation
- Risk ReAssessment
- Goto #1 Risk ID
Common Attacks
https://www.cisco.com/c/en/us/products/security/common-cyberattacks.html#~types-of-cyber-attacks
- Malware
- Phishing
- MiTM
- DoS
- SQL Inject
- Zero Day
- DNS Tunneling
https://blog.netwrix.com/2018/05/15/top-10-most-common-types-of-cyber-attacks/
- Some of the above and
- Drive by
- Password
- XXS
- Eavesdropping
- Birthday (Hash replacement)
- Malware
- Macro Virus
- File Infector
- boot record infection
- polymorphic
- stealth
- trojan
- logic bomb
- dropper
- ransomware
- adware
- spyware
https://cybersecuritykings.com/2020/04/17/the-8-most-common-cyber-attacks/
- Fileless Malware (n RAM)
https://alpinesecurity.com/blog/the-8-most-common-cyber-attacks-and-how-to-stop-them/
- Social Engineering
- Social Media Attach
- Birthday Hash attack
- Think of it this way. If you wanted a 50% chance of that someone in a group would share a birthday with you , you would need 253 people in your group (not the 183 you would expect https://en.wikipedia.org/wiki/Birthday_problem) while you would only need 23 in the group for there to be a chance > 50% of their being a birthday pair.
https://phoenixnap.com/blog/cyber-security-attack-types
- AI Attack
https://www.rapid7.com/fundamentals/types-of-attacks/
- Credential Reuse
Basic Risk Assessment
https://blog.netwrix.com/2018/01/16/how-to-perform-it-risk-assessment/
https://www.tylercybersecurity.com/blog/6-steps-to-a-cybersecurity-risk-assessment
- What is a IT Risk Assessment
- Why is it important
- What is at Risk?
- Formulation of Risk
- Threat
- Vulnerability
- Impact
- Likelihood
- Risk = Threat * Vulnerability * Assett
- How to perform an IT Risk Assessment
- ID and prioritize assets (data, servers, contacts...)
- ID Threats (Natural, H/W S/W failure, Human error, Bad people doing bad things )
References
https://www.cisecurity.org/spotlight/cybersecurity-spotlight-cyber-threat-actors/
inforsec handbook