Cybersecurity

Study Guide: Cisco Networking Academy Introduction to Cybersecurity

The McCumber Cube is a model framework created by John McCumber in 1991 to help organizations establish and evaluate information security initiatives by considering all of the related factors that impact them. This security model has three dimensions:

The foundational principles for protecting information systems.
The protection of information in each of its possible states.
The security measures used to protect data.

#

Confidentiality is a set of rules that prevents sensitive information from being disclosed to unauthorized people, resources and processes. Methods to ensure confidentiality include data encryption, identity proofing and two factor authentication.

Integrity ensures that system information or processes are protected from intentional or accidental modification. One way to ensure integrity is to use a hash function or checksum.

Availability means that authorized users are able to access systems and data when and where needed and those that do not meet established conditions, are not. This can be achieved by maintaining equipment, performing hardware repairs, keeping operating systems and software up to date, and creating backups.

#

Processing refers to data that is being used to perform an operation such as updating a database record (data in process).

Storage refers to data stored in memory or on a permanent storage device such as a hard drive, solid-state drive or USB drive (data at rest).

Transmission refers to data traveling between information systems (data in transit).

#

Awareness, training and education are the measures put in place by an organization to ensure that users are knowledgeable about potential security threats and the actions they can take to protect information systems.

Technology refers to the software- and hardware-based solutions designed to protect information systems such as firewalls, which continuously monitor your network in search of possible malicious incidents.

Policy and procedure refers to the administrative controls that provide a foundation for how an organization implements information assurance, such as incident response plans and best practice guidelines.

#

Yes, phishing is very common and often works. For example, in August 2020, elite gaming brand Razer experienced a data breach which exposed the personal information of approximately 100,000 customers.

A security consultant discovered that a cloud cluster (a group of linked servers providing data storage, databases, networking, and software through the Internet), was misconfigured and exposed a segment of Razer’s infrastructure to the public Internet, resulting in a data leak.

It took Razer more than three weeks to secure the cloud instance from public access, during which time cybercriminals had access to customer information that could have been used in social engineering and fraud attacks, like the one you uncovered just now.

Organizations therefore need to take a proactive approach to cloud security to ensure that sensitive data is secured.

https://arstechnica.com/information-technology/2020/09/100000-razer-users-data-leaked-due-to-misconfigured-elastic search/

#

reputational damage
vandalism
theft
loss of revenue
damaged of intellectual property / IP

#

Understanding Cisco Cybersecurity Operations Fundamentals
https://ondemandelearning.cisco.com/cisco/cbrops10/videos
Sign in required.

#

Types of Malware
spyware
adware
backdoor
ransomware
scareware
rootkit
virus
trojan horse
worms

#

https://cve.mitre.org/
https://cve.mitre.org/cve/data_feeds.html
https://www.cvedetails.com/
https://bugs.chromium.org/p/project-zero/issues/list?can=1&redir=1&sort=-reported