Practical Foundations in Cybersecurity
  • 🖌️Practical Foundations in Cybersecurity
  • 1. IT career planning
    • Introduction - IT career planning
    • IT career paths – everything you need to know
    • Job roles in IT and cybersecurity
    • How to break into information security
    • The Security Operations Center (SOC) career path
    • The GRC analyst role
    • How to get CCNA certification
    • Job search strategy
  • 2. Introduction to cybersecurity
    • Introduction - Introduction to cybersecurity
    • Foundational cybersecurity concepts and practices
      • Information security definition
      • Confidentiality, integrity, and availability of information
      • Risk, threat, vulnerability
    • The cybersecurity threat landscape
    • Common cyber attacks
    • Risk mitigation methods
    • Network security risk mitigation best practices
  • 3. Cybersecurity GRC
    • Introduction - Cybersecurity GRC
    • Cybersecurity GRC
  • 4. Networking fundamentals
    • Introduction - Networking fundamentals
    • How data flow through the Internet
    • Network devices and their functions
    • The Open Systems Interconnection (OSI) model
    • Host to host communication in networking
    • How switches facilitate communication
    • How routers facilitate communication
    • Network protocols and their functions
    • OSI model layers and security threats
  • 5. Wireless security and cryptography
    • Introduction - Wireless security and cryptography
    • SSL/TLS cryptography
    • Wireless network security
    • Hashing algorithms and message integrity
    • Cryptographic encryption and confidentiality
    • The SSL/TLS handshake
    • Message signing using asymmetric keys
    • Authentication methods
    • Replay attacks and anti-replay methods
    • Generating and applying an RSA key
    • IEEE 802.11 authentication methods
    • IEEE 802.11 privacy and integrity methods
    • Authentication and encryption in WPA, WPA2, and WPA3
  • 6. Practical foundations in ethical hacking
    • Introduction - Practical foundations in ethical hacking
    • What is professional ethical hacking
    • The perils of unethical hacking
    • Defensive security vs offensive security
    • Defensive cybersecurity technologies
    • Phases of the penetration testing process
    • Types of penetration testing
    • Pentesting methodologies, frameworks, and technologies
    • Common attack targets
  • 7. Conclusion
    • Introduction - Conclusion
    • Final words
Powered by GitBook
On this page
  1. 2. Introduction to cybersecurity
  2. Foundational cybersecurity concepts and practices

Risk, threat, vulnerability

In addition to the CIA triad, there are some other fundamental security concepts to know.

  • A vulnerability is any potential weakness that can compromise the CIA of information assets. A window in a house is a vulnerability burglars can exploit to enter the house.

  • An exploit is something that can potentially be used to exploit the vulnerability. A rock can exploit the weakness of glass windows and may be used to enter a house.

  • A threat is the potential of a vulnerability to be exploited. The threat of house burglary is the likelihood a burglar will exploit the glass window vulnerability using a rock (or other exploits) to gain entry into a house.

  • A mitigation technique is something that can protect against threats. There are various mitigation techniques and they depend on the threat that is being mitigated.

Appropriate mitigation techniques should be implemented everywhere a vulnerability can be exploited, for example, client devices, servers, switches, and routers.

(CCNA security fundamentals - up until Common attacks)

References

Reference

PreviousConfidentiality, integrity, and availability of informationNextThe cybersecurity threat landscape

Last updated 6 days ago