Practical Foundations in Cybersecurity
  • 🖌️Practical Foundations in Cybersecurity
  • 1. IT career planning
    • IT career paths – everything you need to know
    • Job roles in IT and cybersecurity
    • How to break into information security
    • The Security Operations Center (SOC) career path
    • The GRC analyst role
    • How to get started in cryptography
    • How to get CCNA certification
  • 2. Introduction to cybersecurity
    • Confidentiality, integrity, and availability of information
    • Information security definition
    • Risk, threat, vulnerability
      • Threat landscape
    • Common cyber attacks (CCNA security fundamentals)
    • How to respond to a security incident
    • How to secure your data
    • Risk mitigation
  • 3. Cybersecurity GRC
    • Introduction
    • Cybersecurity GRC
  • 4. Networking fundamentals
    • Introduction
    • How data flow through the Internet
  • 5. Network Security Basics
    • Introduction
    • Network security basics
  • 6. Foundations in ethical hacking
    • Introduction
    • Ethical assessment of teaching ethical hacking
    • The ethical teaching of ethical hacking
    • Professional ethical hacking body of knowledge
      • The ethics of ethical hackers
      • The penetration testing process
      • What do ethical hackers do?
    • Who are ethical hackers?
  • 7. Special topics
    • Ethics and philosophy
    • Organizational communication (Karl Weick)
    • Working with recruiters
    • Prepare for an infosec interview
Powered by GitBook
On this page
  1. 2. Introduction to cybersecurity

Risk, threat, vulnerability

In addition to the CIA triad, there are some other fundamental security concepts we need to know. The CCNA exam topics (200-301 v1.1), e.g., explicitly mentions threats, vulnerabilities, exploits, and mitigation techniques.

  • A vulnerability is any potential weakness that can compromise the CIA of a system or information assets. A window in a house is a vulnerability burglars can exploit to enter the house.

  • An exploit is something that can potentially be used to exploit the vulnerability. A rock can exploit the weakness of a glass window and may be used to enter a house.

  • A threat is the potential of a vulnerability to be exploited. A threat is a robber who can use a rock to break a glass window and enter your house. A hacker exploiting a vulnerability in your computer network is a threat.

  • A mitigation technique is something that can protect against threats. There are various mitigation techniques and they depend on the threat that is being mitigated.

Appropriate mitigation techniques should be implemented everywhere a vulnerability can be exploited, for example client devices, servers, switches, routers, and firewalls. Mitigation techniques also include preventing unauthorized people from getting physical access to the devices, for example, by keeping them in a secure rack behind a secure door.

Systems can be more secure or less secure, but there are no guarantees in security. You can implement malware detection on your network firewall and have the best antivirus software on client PCs, but the chance of the PCs getting infected with malware is never 0.

(CCNA security fundamentals - up until Common attacks)

A vulnerability is “a software or hardware bug or misconfiguration that a malicious individual can gain unauthorized access to exploit” (Snedaker & McCrie, 2011, p. 4).

Most vulnerabilities exploited by penetration testing/hackers fall into the following categories: Misconfigurations (particularly, insecure default settings), Kernel Flaws, Buffer Overflows, Insufficient Input Validation, Symbolic Links, File Descriptor Attacks, Race Conditions, and Incorrect File and Directory Permissions (NIST SP 800-115, 2008, pp. 5-4-5-5).

The first counter-threat sword against vulnerabilities is to update used software with regular security updates to patch known vulnerabilities. Secondly, is to avoid misconfiguration mistakes.

(Network security risk mitigation best practices/Network security basics)

PreviousInformation security definitionNextThreat landscape

Last updated 9 months ago