Cyber Security Professional course for Ethiopians

Intro

SOC

SC

CC

Terms

Attributes of Threat Actors

Understanding the methodology behind common attacks

all the points at which a malicious threat actor could try to exploit

Terms

Terms

techniques to compromise a security system

Key terms

various types of malware a

Common things you can do to prevent malware

Tasks

Terms

one additional layer of defense that can be used to protect data.

Two types of encryption ciphers

The algorithm or cipher

a unique and increasingly popular implementation of cryptography

Common cryptographic attacks

Terms

Hybrid Models

Terms

fixed-length string of bits from an input plaintext

Key Terms

provides an additional level of data security

Terms

the framework that helps to establish trust in the use of public key cryptography

PKI certificates are used to verify an organization’s identity and ownership of a public key.

validate and administer digital certificates.

Tasks

useful terms

The protection of data resources from unauthorized access

consideration & security principles

Detect and manage risks from compromised accounts.

key terms

Authentication verifies that only the account holder is able to use the account

processes or measures used to verify a user's identity

type of authentication requires capturing and storing a unique physical attribute

is the process of giving the user permission to access a specific resource or function.

granting the account configured for the user

Microsoft AD

about users, computers, security groups/roles

a set of configuration settings applied to users or computers.

collection of tools, techniques, and best practices to reduce vulnerability

HA

cards that have an embedded memory chip that contains encrypted authentication information

user in Linux OS

management commands

User security commands

usermod

Linux group commands

connect to remote computers

emote access administration.

a process that verifies the identity of a user, device, or system trying to access a network

a process that verifies a user's identity by comparing their credentials with an LDAP server

Tasks

a large-scale computer network infrastructure that connects users, devices, and applications across multiple locations within a business.

the selection and placement of media, devices, protocols/services, and data assets:

set of tools that can help secure computer networks and prevent cyber attacks.

a section of a network that has specific security requirements and is separated from other zones using a layer 3 device, such as a firewall.

is a category of incident detection and response technology that helps security teams detect, analyze, and defend against advanced threats

a network architecture that uses a single firewall with three network interfaces to protect against cyber attacks:

a network security device that monitors traffic to or from your network.

a method employing encryption to provide secure access to a remote computer over the internet.

a set of rules that dictate how data is transmitted between a device and a virtual private network (VPN) server.

a set of rules, processes, and tools that control access to network-connected resources.

a flaw or error in a device's hardware or software that could be exploited by an attacker to compromise the device or its network.

a software program or service that uses network resources to enable communication, data sharing, and collaboration between devices connected to a network.

switch features that can be implemented to increase network security

common attacks that are perpetrated against switches

general actions to secure routers

Tasks

an attempt to gain unauthorized access to an organization's network, with the objective of stealing data or perform other malicious activity

measures, such as access control, video surveillance, and environmental controls, help protect an organization's physical assets

to keep track of conditions on the network, identify situations that might signal potential problems

the initial phase of a cyber attack that involves covertly gathering information about a system, network, or web application

The first step in defending a network against unauthorized access is knowing that someone is gaining access.

run on a single device with the intent of capturing frames for all other devices on the network or subnet

a number of strategies and techniques that threat actors use to either disrupt or gain access to systems via a network vector.

a type of harmful computer code or web script that is intentionally created to cause unwanted and unexpected events on an information system

a cybercriminal's attempt to gain unauthorized access to a system or network by cracking a user's password

Tasks

the process of continuously identifying, evaluating, treating, and reporting vulnerabilities.

a weakness in a system that can be exploited by an attacker

processes that help organizations identify and understand weaknesses in their IT systems, applications, infrastructure, and support systems

processes that help organizations identify and address security weaknesses in their IT environments

a cybersecurity practice that uses automated tools to identify and report security weaknesses in an organization's systems and software

the capability of a monitoring system to detect and notify the operators about meaningful events

cybersecurity tools that are important for strengthening security operations, but they have different purpose

a set of tools and procedures that help organizations detect and prevent the loss, misuse, or leakage of data.

a security exercise where a cybersecurity expert attempts to find and exploit vulnerabilities in a computer system.

a simulated cyberattack that cybersecurity experts use to identify vulnerabilities in a computer system.

Tasks

a cybersecurity measure that aims to strengthen an operating system against cyberattacks by reducing its exposure to threats.

protect against unauthorized access, data breaches, malware infections

a subset of data security that protects files from unauthorized access, modification, deletion, or other tampering

control what user is permitted to perform which actions on a file

a set of tools that protect devices like servers and workstations from attacks and malware

allows configuring the tables provided by the Linux kernel firewall, as well as the chains and rules it stores

a computer network that uses radio waves to connect devices without the need for physical cables

a malicious action that targets wireless networks or wireless system information

he process of protecting wireless networks and devices from unauthorized access or damage

some wireless authentication and access methods

a communication protocol that uses cryptographic techniques to help two or more entities achieve a security goal

a collection of protocols and algorithms that secure data transmitted over the internet or public networks

a branch of cybersecurity that uses technologies, tools, and practices to protect web browsers from security threats

an attempt by malicious actors to exploit weaknesses in web applications or mobile apps

Software Development Life Cycle

attackers are working relentlessly to access our data

a cybersecurity technique that protects applications from cybercriminal attacks.

Tasks

Key terms

Management of each incident

Isolation, containment, and segmentation

key terms

tools compile and examine multiple data points gathered across a network

a critical resource for investigating security incidents.

Key Terms

examining evidence gathered from computer systems and networks to uncover relevant information

Key Terms

a data analysis technique that groups similar objects or data points into clusters based on their characteristics.

Key Terms

methods and media used to copy data from a primary location to a secondary destination in case of loss.

To do lists

key terms

Installing and running multiple operating systems concurrently on a single physical machine.

Important facts about virtual networks

key terms

key Terms

technology that allows network and security professionals to manage, control, and make changes to a network.

a variety of services that are provided to customers and companies over the internet on demand.

a set of practices and technologies that protect data and other digital assets from security threats, human error, and insider threats.

a piece of portable electronic equipment that can connect to the internet, especially a smartphone or tablet computer.

how mobile devices can communicate with each other and other services

a set of measures that protect sensitive information stored on and transmitted by portable devices.

a security software that helps organizations manage and secure employees' mobile devices

the assortment of management features that lets a system administrator publish, push, configure, secure, monitor, and update mobile apps.

Bring your own device (BYOD)

a combination of computer hardware and software designed for a specific function.

Terms

Email Threats & security

To do lists

Key Terms

a structured approach to securing an organization's digital infrastructure.

a systematic approach to managing all changes made within an IT infrastructure.

key Terms

tools in modern IT operations, helping organizations streamline processes, enhance security, and improve efficiency.

key terms

a process for identifying, assessing, and mitigating vulnerabilities and threats

a process that helps businesses identify, evaluate, and prioritize potential or existing risks that could negatively impact their operations.

a proactive approach to help organizations prepare for and recover from cyber threats

key terms

several important processes integral to effective risk management practices.

Systematically evaluating processes, controls, and compliance with established standards, policies, and regulations.

To do lists

Key Terms

Firm funds could be stolen and loss of income could result from inability to operate

a process that organizes data in an organization's computer system

the ethical and responsible handling of personal information

the process of destroying data stored on tapes, hard disks and other forms of electronic media

a set of official guidelines that dictate how an organization manages its employees.

a set of guidelines, rules, and standards organizations establish to manage and protect their data assets.

an alphabetical list of terms