Module 1: Informa on Security Threats and Vulnerabili es 1. Understanding the Threat and Threat Sources A threat is the poten al occurrence of an undesirable event that can damage and disrupt the opera onal and func onal ac vi es of an organiza on. A ackers use cyber threats to infiltrate and steal data such as personal informa on, financial informa on, and login creden als. 2. Understanding the Threat Actors/Agents Threat actors include: Cyber Terrorists: Individuals mo vated by religious or poli cal beliefs to create fear through large-scale disrup on of computer networks. State-Sponsored Hackers: Individuals employed by governments to penetrate and gain topsecret informa on from other governments. Hack vist: Individuals who promote a poli cal agenda by hacking, especially by defacing or disabling websites. 3. A ributes of Threat Actors Internal: Trusted insiders with authorized access. External: Outsiders without authorized access. Level of sophis ca on: Highly sophis cated actors are more successful in a acks. Resources/funding: Determines how a threat actor supports an a ack. Intent/mo va on: Highly mo vated actors are more likely to launch an a ack. 4. Threat Vectors A threat vector is a medium through which an a acker gains access to a system by exploi ng iden fied vulnerabili es. 5. Introduc on to Malware Malware is malicious so ware that damages or disables computer systems and gives control to the malware creator for the or fraud purposes. 6. Common Techniques A ackers Use to Distribute Malware Black hat Search Engine Op miza on (SEO) Social Engineered Click-jacking Spear-phishing Sites Malver sing Compromised Legi mate Websites Drive-by Downloads Spam Emails 7. Types of Malware Trojans, Viruses, Ransomware, Computer Worms, Rootkits, PUAs or Grayware, Spyware, Keylogger, Botnets, Fileless Malware. 8. Vulnerabili es Vulnerability refers to the existence of a weakness in an asset that can be exploited by threat agents. Common reasons include hardware/so ware misconfigura on, insecure design, inherent technology weaknesses, and careless user approach. 9. Impact of Vulnerabili es Informa on disclosure, unauthorized access, financial loss, iden ty the , legal consequences, reputa onal damage, and data modifica on. 10. Risk of Vulnerabili es Risk refers to the poten al loss or damage when a threat to an asset exists in the presence of a vulnerability that can be exploited. Ques ons: 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. What is a threat in the context of informa on security? Differen ate between Cyber Terrorists, State-Sponsored Hackers, and Hack vists. What are the a ributes that determine the success of a threat actor? Define a threat vector and explain its significance. What is malware and what is its primary purpose? List some common techniques a ackers use to distribute malware. Describe the characteris cs and impact of Trojans. What are the common reasons behind the existence of vulnerabili es? How can vulnerabili es impact an organiza on? Define risk in the context of vulnerabili es and explain its components. Answers: 1. A threat is the poten al occurrence of an undesirable event that can damage and disrupt the opera onal and func onal ac vi es of an organiza on. A ackers use cyber threats to infiltrate and steal data such as personal informa on, financial informa on, and login creden als. 2. Cyber Terrorists: Individuals mo vated by religious or poli cal beliefs to create fear through large-scale disrup on of computer networks. State-Sponsored Hackers: Individuals employed by governments to penetrate and gain top-secret informa on from other governments. Hack vist: Individuals who promote a poli cal agenda by hacking, especially by defacing or disabling websites. 3. The a ributes that determine the success of a threat actor include their internal or external nature, level of sophis ca on, resources/funding, and intent/mo va on. 4. A threat vector is a medium through which an a acker gains access to a system by exploi ng iden fied vulnerabili es. It is significant as it represents the path or method used by a ackers to target their vic ms. 5. Malware is malicious so ware that damages or disables computer systems and gives control to the malware creator for the or fraud purposes. 6. Some common techniques include Black hat SEO, Social Engineered Click-jacking, Spear-phishing Sites, Malver sing, Compromised Legi mate Websites, Drive-by Downloads, and Spam Emails. 7. Trojans are programs where malicious or harmful code is contained inside an apparently harmless program or data. They get ac vated when a user performs certain predefined ac ons, crea ng a covert communica on channel between the vic m computer and the a acker. They do not propagate on their own. 8. Common reasons behind the existence of vulnerabili es include hardware/so ware misconfigura on, insecure design, inherent technology weaknesses, and careless user approach. 9. Vulnerabili es can lead to informa on disclosure, unauthorized access, financial loss, iden ty the , legal consequences, reputa onal damage, and data modifica on. 10. Risk refers to the poten al loss or damage when a threat to an asset exists in the presence of a vulnerability that can be exploited. It is o en represented as the combina on of the asset's value, the threat's poten al, and the vulnerability's existence. Module 2: Informa on Security A acks 1. Understanding the Mo ves, Goals, and Objec ves of Informa on Security A acks A acks are a combina on of Mo ve, Method, and Vulnerability. Mo ves behind a acks include disrup ng business con nuity, stealing informa on, crea ng fear, causing financial loss, and damaging reputa on. 2. Overview of the Classifica on of A acks The document provides a classifica on of various a acks but details are not provided in the summary. 3. Hacking Methodologies and Frameworks Hacking Methodology: Footprin ng and Reconnaissance: Gathering informa on about a target. Scanning: Iden fying hosts, ports, and services in a network. Gaining Access: Obtaining access to the OS or applica ons on the target. Maintaining Access: Retaining control over a compromised system. Clearing Tracks: Hiding malicious ac vi es and iden ty. Cyber Kill Chain Methodology: Helps understand adversary tac cs and techniques. Tac cs, Techniques, and Procedures (TTPs): Pa erns of ac vi es associated with threat actors. MITRE A ack Framework: Knowledge base of adversary tac cs and techniques. Diamond Model of Intrusion Analysis: Framework for iden fying correlated events in an intrusion. 4. Types of A acks Reconnaissance A acks: Discovering informa on about the target network. Network Scanning: Iden fying hosts, ports, and services. Packet Sniffing: Capturing data packets passing through a network. Man-in-the-Middle A ack: Intercep ng messages between systems. DNS Poisoning: Manipula ng IP addresses in the DNS cache. Domain Hijacking: Changing domain ownership without consent. ARP Spoofing: Flooding target's ARP cache with forged entries. DHCP Starva on and Spoofing: Overloading DHCP servers or se ng up rogue DHCP servers. MAC A acks: MAC spoofing, flooding, and IP address spoofing. Denial-of-Service (DoS) and DDoS A acks: Overloading resources to restrict accessibility. Malware A acks: Viruses, trojans, adware, spyware, rootkits, and backdoors. Advanced Persistent Threats (APTs): Unauthorized access remaining undetected for a long me. Physical A acks: Malicious USBs, card cloning, malicious flash drives, skimming. Adversarial AI: Misleading ML models. Applica on-Level A acks: Injec on flaws, XSS, parameter tampering, directory traversal, CSRF, DNS amplifica on, and SSRF. 5. Other Specific A acks The document men ons other specific a acks like DNS footprin ng, switch port stealing, and more, but they are not detailed in this summary. Ques ons: 1. What three components combine to form an a ack? 2. List three mo ves behind informa on security a acks. 3. What is the first phase in the hacking methodology where an a acker gathers informa on about a target? 4. In the context of hacking, what does the Cyber Kill Chain methodology help to understand? 5. What are Tac cs, Techniques, and Procedures (TTPs) in the context of threat actors? 6. What is the purpose of a DNS Poisoning a ack? 7. Describe the ARP Spoofing a ack. 8. What is the difference between a DoS and a DDoS a ack? 9. What type of a ack involves tricking a vic m into performing ac ons on their behalf on a website? 10. In applica on-level a acks, what vulnerability allows untrusted data to be interpreted and executed as part of a command or query? Answers: 1. 2. 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. An a ack is a combina on of Mo ve, Method, and Vulnerability. Three mo ves behind a acks are: Disrup ng business con nuity Stealing informa on and manipula ng data Crea ng fear and chaos by disrup ng cri cal infrastructures The first phase in the hacking methodology where an a acker gathers informa on about a target is "Footprin ng and Reconnaissance." The Cyber Kill Chain methodology helps to understand the adversary's tac cs, techniques, and procedures. Tac cs, Techniques, and Procedures (TTPs) refer to the pa erns of ac vi es and methods associated with specific threat actors or groups of threat actors. The purpose of a DNS Poisoning a ack is the unauthorized manipula on of IP addresses in the DNS cache to redirect user requests to a malicious website. ARP Spoofing involves sending a large number of forged entries to the target machine's ARP cache to manipulate the IP-to-MAC address mapping. A Denial-of-Service (DoS) a ack is an a ack on a computer or network that restricts its accessibility by overloading its resources. In contrast, a Distributed Denial-of-Service (DDoS) involves mul ple compromised systems a acking a single target. The type of a ack that involves tricking a vic m into performing ac ons on their behalf on a website is called "Cross-Site Request Forgery (CSRF)." In applica on-level a acks, the vulnerability that allows untrusted data to be interpreted and executed as part of a command or query is known as "Injec on Flaws." Module 3: Network Security Fundamentals 1. Understanding the Fundamentals of Informa on Security Informa on Security: A state where the possibility of the , tampering, and disrup on of informa on and services is low or tolerable. Need for Security: Due to the evolu on of technology, increased network environments, direct impact of security breaches on assets and goodwill, and the increasing complexity of computer infrastructure. 2. Elements of Informa on Security Confiden ality: Informa on is accessible only to those authorized. Integrity: Trustworthiness of data, preven ng unauthorized changes. Availability: Systems are accessible when required by authorized users. Authen city: Ensures the genuineness of data or communica on. Non-Repudia on: Ensures senders/recipients cannot deny sending/receiving a message. 3. NIST Cybersecurity Framework (CSF) NIST designed the CSF to address security risks and support con nuous business opera ons. 4. Security Challenges Compliance to laws and regula ons, lack of skilled cybersecurity professionals, difficulty in centralizing security, fragmented privacy regula ons, BYOD policies, and improper reloca on of sensi ve data to the cloud. 5. Impact of Informa on Security A acks Financial losses, loss of confiden ality and integrity, damaged customer rela onships, loss of business reputa on, legal issues, and opera onal impacts. 6. Essen als of Network Security Elements include Network Security Controls, Protocols, and Devices. 7. Goal of Network Defense Protect informa on, systems, and network infrastructure from unauthorized access, misuse, modifica on, denial, or disrup ons. Informa on Assurance (IA) principles are used to a ain defense-indepth security. 8. Informa on Assurance (IA) Principles Confiden ality: Ensures informa on isn't disclosed to unauthorized par es. Availability: Ensures informa on is available without disrup on. Integrity: Ensures informa on isn't modified by unauthorized par es. Non-repudia on: Ensures par es cannot deny communica on. Authen ca on: Verifies the iden ty of an individual. 9. Network Defense Benefits Protect informa on assets, comply with regula ons, ensure secure communica on, reduce risk of a acks, and gain a compe ve edge. 10. Network Defense Challenges Distributed compu ng environments, emerging threats, and lack of network security skills. 11. Types of Network Defense Approaches Preven ve: Avoid threats or a acks. Retrospec ve: Examine causes for a acks and recover from damage. Reac ve: Detect a acks. Proac ve: Make informed decisions on poten al future a acks. 12. Con nual/Adap ve Security Strategy Protect, detect, respond, and predict poten al a acks. 13. Network Defense Elements Technology: Selec on of appropriate technology is crucial. Opera ons: Technological implementa ons should be supported by well-defined opera ons. People: Crucial element of network security, including Network Defense Team, Incident Handling and Response Team, and Computer Forensics Inves ga on Team. Ques ons: 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. How is "Informa on Security" defined in the context of the module? List the five main elements of Informa on Security. What is the purpose of the NIST Cybersecurity Framework (CSF)? Name three challenges faced in the realm of security as men oned in the module. What are the poten al impacts of Informa on Security A acks on an organiza on? What are the three main essen als of Network Security? Describe the goal of Network Defense. What are the four Informa on Assurance (IA) Principles discussed in the module? Highlight the benefits of Network Defense. What are the four types of Network Defense Approaches? Answers: 1. Informa on Security is a state where the possibility of the , tampering, and disrup on of informa on and services is low or tolerable. 2. The five main elements of Informa on Security are Confiden ality, Integrity, Availability, Authen city, and Non-Repudia on. 3. The NIST Cybersecurity Framework (CSF) was designed to address security risks and support con nuous business opera ons. 4. Three challenges are compliance to laws and regula ons, lack of skilled cybersecurity professionals, and difficulty in centralizing security. 5. Impacts include financial losses, loss of confiden ality and integrity, damaged customer rela onships, loss of business reputa on, legal issues, and opera onal impacts. 6. The three main essen als of Network Security are Network Security Controls, Protocols, and Devices. 7. The goal of Network Defense is to protect an organiza on’s informa on, systems, and network infrastructure from unauthorized access, misuse, modifica on, denial, or disrup ons. 8. The four Informa on Assurance (IA) Principles are Confiden ality, Availability, Integrity, and Nonrepudia on. 9. Benefits of Network Defense include protec ng informa on assets, complying with regula ons, ensuring secure communica on, reducing the risk of a acks, and gaining a compe ve edge. 10. The four types of Network Defense Approaches are Preven ve, Retrospec ve, Reac ve, and Proac ve. Module 4: Iden fica on, Authen ca on, and Authoriza on 1. Understanding the Terminology, Principles, and Types of Access Control Access Control: Restricts or grants access to an asset or system/network resource. It uses user iden fica on, authen ca on, and authoriza on. Terminologies: o Subject: A user or process wan ng to access a resource. o Object: The specific resource the user wants to access. o Reference Monitor: Checks the access control rule for restric ons. o Opera on: An ac on taken by a subject on an object. 2. Overview of Iden ty and Access Management (IAM) IAM: Provides the right individual with the right access at the right me. 3. Understanding User Access Management User Access Management (AM): Iden fies, monitors, and regulates authorized users’ access to IT systems, applica ons, or resources. It includes policies, processes, methodologies, and tools. 4. Understanding the Different Types of Authen ca on Password Authen ca on: Uses a username and password combina on. Two-factor Authen ca on: Uses two different authen ca on factors (e.g., password and smart card/token, password and biometrics). Biometric Authen ca on: Uses unique physical or behavioral a ributes (e.g., fingerprint scanning, re nal scanning, iris scanning, face recogni on, voice recogni on). Smart Card Authen ca on: Uses a small computer chip device holding user’s personal informa on. Single Sign-on (SSO) Authen ca on: Allows a user to authen cate to mul ple servers with a single password. 5. Understanding the Different Types of Authoriza on Authoriza on: Controls the access of informa on for an individual (e.g., a user can read but not write or delete a file). 6. Understanding User Accoun ng Accoun ng: Keeps track of user ac ons on the network, iden fying both authorized and unauthorized ac ons. It can be used for trend analysis, data breach detec on, and forensic inves ga ons. Account Types: User accounts and shared/generic accounts. Ques ons: 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. What is the primary purpose of "Access Control" in the context of informa on security? Define the term "Subject" as used in access control terminologies. What is the main goal of Iden ty and Access Management (IAM)? Describe the difference between "Password Authen ca on" and "Two-factor Authen ca on." Name three types of biometric authen ca on techniques men oned in the module. How does "Smart Card Authen ca on" work? What is the advantage of using "Single Sign-on (SSO) Authen ca on"? What is the primary func on of "Authoriza on" in user access management? What is the role of "Accoun ng" in user access management? Differen ate between "User accounts" and "Shared/Generic accounts." Answers: 1. Access Control restricts or grants access to an asset or system/network resource using user iden fica on, authen ca on, and authoriza on. 2. In access control terminologies, a "Subject" refers to a user or process that wants to access a resource. 3. The main goal of Iden ty and Access Management (IAM) is to provide the right individual with the right access at the right me. 4. "Password Authen ca on" uses a combina on of a username and password to authen cate users, while "Two-factor Authen ca on" involves using two different authen ca on factors to verify the iden ty of an individual. 5. Three types of biometric authen ca on techniques are fingerprint scanning, re nal scanning, and iris scanning. 6. "Smart Card Authen ca on" uses a small computer chip device that holds a user’s personal informa on. Users insert their smart cards into card reader machines and enter their personal iden fica on number (PIN) to authen cate themselves. 7. The advantage of using "Single Sign-on (SSO) Authen ca on" is that it allows a user to authen cate to mul ple servers with a single password without re-entering it every me. 8. The primary func on of "Authoriza on" is to control the access of informa on for an individual. 9. The role of "Accoun ng" in user access management is to keep track of user ac ons on the network, iden fying both authorized and unauthorized ac ons. 10. "User accounts" are individual accounts assigned to specific users, while "Shared/Generic accounts" are accounts that can be accessed by mul ple users. Module 5: Network Security Controls – Administra ve Controls 1. Understanding Various Regulatory Frameworks, Laws, and Acts Regulatory frameworks are collabora ve efforts between governments and private bodies to encourage voluntary/mandatory improvements to cybersecurity. IT security regulatory frameworks contain guidelines and best prac ces. 2. Why Organiza ons Need Compliance Compliance improves overall security by mee ng regulatory requirements. It minimizes losses from security breaches and maintains customer trust. 3. Iden fying Which Regulatory Framework to Comply With Organiza ons need to assess themselves to determine the most applicable regulatory framework. 4. Deciding on How to Comply to Regulatory Framework Organiza ons need to interpret regulatory requirements and establish policies, procedures, and security controls to manage and maintain compliance. 5. Overview of Regulatory Frameworks, Laws, and Acts PCI-DSS: Standard for organiza ons handling cardholder informa on for major debit, credit, prepaid, e-purse, ATM, and POS cards. HIPAA: Provides federal protec ons for personal health informa on. Sarbanes Oxley Act (SOX): Designed to protect investors by increasing the accuracy and reliability of corporate disclosures. Gramm-Leach-Bliley Act (GLBA): Eases the transfer of financial informa on between ins tu ons and banks. GDPR: A stringent privacy and security law with heavy fines for viola ons. Digital Millennium Copyright Act (DMCA): Defines legal prohibi ons against the circumven on of technological protec on measures employed by copyright owners. 6. Define, Implement, Manage, and Maintain an Informa on Security Governance Program Security professionals must understand the organiza on's objec ves, business processes, and threats before developing an informa on security governance program. 7. Overview of Informa on Security Drivers Alignment with the business, compliance, and privacy are among the most important drivers for informa on security governance. 8. What is Security Policy? A well-documented set of plans, processes, procedures, standards, and guidelines required to establish an ideal informa on security status of an organiza on. 9. Types of Informa on Security Policies Acceptable Use Policy: Defines the proper use of an organiza on’s informa on, electronic compu ng devices, system accounts, user accounts, and network resources. Password Policy: Provides guidelines for using strong passwords. Physical Security Policy: Ensures adequate physical security measures are in place. BYOD Policy: Guidelines for using an employee’s personal device on an organiza on’s network. Data Backup Policy: Helps recover and safeguard informa on in the event of a security incident or network failure. Internet Usage Policy: Governs the way the organiza on’s Internet connec on is used. Ques ons: 1. 2. 3. 4. 5. 6. 7. What is the primary purpose of regulatory frameworks in cybersecurity? Why is compliance important for organiza ons? Describe the PCI-DSS standard and its relevance. What are the key provisions of the Sarbanes Oxley Act (SOX)? How does the GDPR regula on impact organiza ons globally? What is the main objec ve of an informa on security governance program? Why is alignment with the business considered an important driver for informa on security governance? 8. Define a security policy in the context of informa on security. 9. What is the purpose of an Acceptable Use Policy? 10. Why is a Data Backup Policy crucial for organiza ons? Answers: 1. Regulatory frameworks are collabora ve efforts between governments and private bodies to encourage voluntary/mandatory improvements to cybersecurity, providing guidelines and best prac ces. 2. Compliance improves the overall security of an organiza on by mee ng regulatory requirements, minimizes losses from security breaches, and helps maintain customer trust. 3. The PCI-DSS is a standard for organiza ons that handle cardholder informa on for major debit, credit, prepaid, e-purse, ATM, and POS cards. It ensures the secure processing and storage of cardholder data. 4. The Sarbanes Oxley Act (SOX) is designed to protect investors by increasing the accuracy and reliability of corporate disclosures. It has provisions related to auditor independence, corporate responsibility, and enhanced financial disclosures, among others. 5. The GDPR regula on is one of the most stringent privacy and security laws globally. It levies harsh fines against those who violate its privacy and security standards, impac ng organiza ons that handle the data of EU ci zens. 6. The main objec ve of an informa on security governance program is to align security prac ces with business objec ves, ensuring the protec on of informa on assets and compliance with regulatory requirements. 7. Alignment with the business ensures that security prac ces support the organiza on's objec ves, processes, and threats, facilita ng a harmonious rela onship between business opera ons and security measures. 8. A security policy is a well-documented set of plans, processes, procedures, standards, and guidelines required to establish the ideal informa on security status of an organiza on. 9. An Acceptable Use Policy defines the proper use of an organiza on’s informa on, electronic compu ng devices, system accounts, user accounts, and network resources, guiding employees on safe and secure prac ces. 10. A Data Backup Policy is crucial as it helps organiza ons recover and safeguard informa on in the event of a security incident or network failure, ensuring business con nuity. T or F Module 1: Informa on Security Threats and Vulnerabili es 1. A threat in the context of informa on security is a type of malware. - False 2. Hack vists promote a poli cal agenda by hacking, especially by defacing or disabling websites. - True 3. A threat vector is a type of malware. - False Module 2: Informa on Security A acks 4. The first phase in the hacking methodology is "Scanning." - False 5. Packet Sniffing involves intercep ng messages between systems. - True Module 3: Network Security Fundamentals 6. The element of Informa on Security that ensures the genuineness of data or communica on is called "Confiden ality."- False 7. The main goal of Iden ty and Access Management (IAM) is to monitor network traffic. - False Module 4: Iden fica on, Authen ca on, and Authoriza on 8. Two-factor Authen ca on uses a combina on of a username and password to authen cate users. False 9. The Acceptable Use Policy defines the use of strong passwords. - False Module 5: Network Security Controls – Administra ve Controls 10. The PCI-DSS is designed to protect investors by increasing the accuracy and reliability of corporate disclosures. - False 11. The primary purpose of a security policy is to ensure data backup. - False Mul ple Choice Module 1: Informa on Security Threats and Vulnerabili es 1. What is a threat in the context of informa on security? A) A type of malware. B) A poten al occurrence of an undesirable event. C) A type of vulnerability. D) A security policy. 2. Which of the following is NOT a type of threat actor? A) Cyber Terrorist B) State-Sponsored Hacker C) Malware Distributor D) Hack vist 3. What is a threat vector? A) A type of malware. B) A security policy. C) A medium through which an a acker gains access. D) A type of threat actor. Module 2: Informa on Security A acks 4. What is the first phase in the hacking methodology? A) Scanning B) Gaining Access C) Footprin ng and Reconnaissance D) Maintaining Access 5. Which a ack involves intercep ng messages between systems? A) Reconnaissance A ack B) Packet Sniffing C) Man-in-the-Middle A ack D) DNS Poisoning Module 3: Network Security Fundamentals 6. Which element of Informa on Security ensures the genuineness of data or communica on? A) Confiden ality B) Integrity C) Availability D) Authen city 7. What is the main goal of Iden ty and Access Management (IAM)? A) To provide the right individual with the right access at the right me. B) To ensure data integrity. C) To prevent unauthorized access. D) To monitor network traffic. Module 4: Iden fica on, Authen ca on, and Authoriza on 8. Which authen ca on method uses two different factors to verify iden ty? A) Password Authen ca on B) Biometric Authen ca on C) Two-factor Authen ca on D) Smart Card Authen ca on 9. What does the Acceptable Use Policy define? A) The use of strong passwords. B) The proper use of an organiza on’s informa on and resources. C) The use of biometric systems. D) The use of smart cards. Module 5: Network Security Controls – Administra ve Controls 10. Which regulatory framework is designed to protect investors by increasing the accuracy and reliability of corporate disclosures? A) PCI-DSS B) HIPAA C) Sarbanes Oxley Act (SOX) D) GDPR 11. What is the primary purpose of a security policy? A) To establish the ideal informa on security status of an organiza on. B) To define the use of biometric systems. C) To regulate the use of smart cards. D) To ensure data backup.