Compliance is the process of adhering to internal standards and external

regulations and enables organizations to avoid fines and security breaches.

Security frameworks are guidelines used for building plans to help mitigate risks
and threats to data and privacy.

Security controls are safeguards designed to reduce specific security risks. They
are used with security frameworks to establish a strong security posture.

Security posture is an organization’s ability to manage its defense of critical

assets and data and react to change. A strong security posture leads to lower risk
for the organization.

A threat actor, or malicious attacker, is any person or group who presents a

security risk. This risk can relate to computers, applications, networks, and data.

An internal threat can be a current or former employee, an external vendor, or a

trusted partner who poses a security risk. At times, an internal threat is
accidental. For example, an employee who accidentally clicks on a malicious email
link would be considered an accidental threat. Other times, the internal threat
actor intentionally engages in risky activities, such as unauthorized data access.

Network security is the practice of keeping an organization's network

infrastructure secure from unauthorized access. This includes data, services,
systems, and devices that are stored in an organization’s network.

Cloud security is the process of ensuring that assets stored in the cloud are
properly configured, or set up correctly, and access to those assets is limited to
authorized users. The cloud is a network made up of a collection of servers or
computers that store resources and data in remote physical locations known as data
centers that can be accessed via the internet. Cloud security is a growing subfield
of cybersecurity that specifically focuses on the protection of data, applications,
and infrastructure in the cloud.

Programming is a process that can be used to create a specific set of instructions

for a computer to execute tasks.

Security analyst transferable skills:

Communication,collaboration,analysis,Problem solving.

Technical skills
There are many technical skills that will help you be successful in the
cybersecurity field. You’ll learn and practice these skills as you progress through
the certificate program. Some of the tools and concepts you’ll need to use and be
able to understand include:

Programming languages: By understanding how to use programming languages,

cybersecurity analysts can automate tasks that would otherwise be very time
consuming. Examples of tasks that programming can be used for include searching
data to identify potential threats or organizing and analyzing information to
identify patterns related to security issues.

Security information and event management (SIEM) tools: SIEM tools collect and
analyze log data, or records of events such as unusual login behavior, and support
analysts’ ability to monitor critical activities in an organization. This helps
cybersecurity professionals identify and analyze potential security threats, risks,
and vulnerabilities more efficiently.

Intrusion detection systems (IDSs): Cybersecurity analysts use IDSs to monitor

system activity and alerts for possible intrusions. It’s important to become
familiar with IDSs because they’re a key tool that every organization uses to
protect assets and data. For example, you might use an IDS to monitor networks for
signs of malicious activity, like unauthorized access to a network.

Threat landscape knowledge: Being aware of current trends related to threat actors,
malware, or threat methodologies is vital. This knowledge allows security teams to
build stronger defenses against threat actor tactics and techniques. By staying up
to date on attack trends and patterns, security professionals are better able to
recognize when new types of threats emerge such as a new ransomware variant.

Incident response: Cybersecurity analysts need to be able to follow established

policies and procedures to respond to incidents appropriately. For example, a
security analyst might receive an alert about a possible malware attack, then
follow the organization’s outlined procedures to start the incident response
process. This could involve conducting an investigation to identify the root issue
and establishing ways to remediate it.

PII : Personally Identifiable Information

nfer an individual's identity. PII includes someone's full name, date of birth,
physical address, phone number, email address, internet protocol, or IP address and
similar information.

SPII, Sensitive personally identifiable information, known as SPII, is a specific

type of PII that falls under stricter handling guidelines and may include social
security numbers, medical or financial information, and biometric data, such as
facial recognition. If SPII is stolen, this has the potential to be significantly
more damaging to an individual than if PII is stolen.

------------------------------------------------Phishing
Phishing is the use of digital communications to trick people into revealing
sensitive data or deploying malicious software.

Some of the most common types of phishing attacks today include:

Business Email Compromise (BEC): A threat actor sends an email message that seems
to be from a known source to make a seemingly legitimate request for information,
in order to obtain a financial advantage.

Spear phishing: A malicious email attack that targets a specific user or group of
users. The email seems to originate from a trusted source.

Whaling: A form of spear phishing. Threat actors target company executives to gain
access to sensitive data.

Vishing: The exploitation of electronic voice communication to obtain sensitive

information or to impersonate a known source.

Smishing: The use of text messages to trick users, in order to obtain sensitive
information or to impersonate a known source.

Malware
Malware is software designed to harm devices or networks. There are many types of
malware. The primary purpose of malware is to obtain money, or in some cases, an
intelligence advantage that can be used against a person, an organization, or a
territory.

Some of the most common types of malware attacks today include:

Viruses: Malicious code written to interfere with computer operations and cause
damage to data and software. A virus needs to be initiated by a user (i.e., a
threat actor), who transmits the virus via a malicious attachment or file download.
When someone opens the malicious attachment or download, the virus hides itself in
other files in the now infected system. When the infected files are opened, it
allows the virus to insert its own code to damage and/or destroy data in the
system.

Worms: Malware that can duplicate and spread itself across systems on its own. In
contrast to a virus, a worm does not need to be downloaded by a user. Instead, it
self-replicates and spreads from an already infected computer to other devices on
the same network.

Ransomware: A malicious attack where threat actors encrypt an organization's data

and demand payment to restore access.

Spyware: Malware that’s used to gather and sell information without consent.
Spyware can be used to access devices. This allows threat actors to collect
personal data, such as private emails, texts, voice and image recordings, and
locations.

Social Engineering
Social engineering is a manipulation technique that exploits human error to gain
private information, access, or valuables. Human error is usually a result of
trusting someone without question. It’s the mission of a threat actor, acting as a
social engineer, to create an environment of false trust and lies to exploit as
many people as possible.

Some of the most common types of social engineering attacks today include:

Social media phishing: A threat actor collects detailed information about their
target from social media sites. Then, they initiate an attack.

Watering hole attack: A threat actor attacks a website frequently visited by a

specific group of users.

USB baiting: A threat actor strategically leaves a malware USB stick for an
employee to find and install, to unknowingly infect a network.

Physical social engineering: A threat actor impersonates an employee, customer, or

vendor to obtain unauthorized access to a physical location.

Social engineering principles

Social engineering is incredibly effective. This is because people are generally
trusting and conditioned to respect authority. The number of social engineering
attacks is increasing with every new social media application that allows public
access to people's data. Although sharing personal data—such as your location or
photos—can be convenient, it’s also a risk.

Reasons why social engineering attacks are effective include:

Authority: Threat actors impersonate individuals with power. This is because

people, in general, have been conditioned to respect and follow authority figures.
Intimidation: Threat actors use bullying tactics. This includes persuading and
intimidating victims into doing what they’re told.

Consensus/Social proof: Because people sometimes do things that they believe many
others are doing, threat actors use others’ trust to pretend they are legitimate.
For example, a threat actor might try to gain access to private data by telling an
employee that other people at the company have given them access to that data in
the past.

Scarcity: A tactic used to imply that goods or services are in limited supply.

Familiarity: Threat actors establish a fake emotional connection with users that
can be exploited.

Trust: Threat actors establish an emotional relationship with users that can be
exploited over time. They use this relationship to develop trust and gain personal
information.

Urgency: A threat actor persuades others to respond quickly and without

questioning.

------------------------------------------------
The confidentiality, integrity, and availability (CIA) triad is a model that helps
inform how organizations consider risk when setting up systems and security
policies.

security controls are safeguards designed to reduce specific security risks. So

they are used alongside frameworks to ensure that security goals and processes are
implemented correctly and that organizations meet regulatory compliance
requirements.

Security frameworks are guidelines used for building plans to help mitigate risks
and threats to data and privacy. They have four core components:

Identifying and documenting security goals

Setting guidelines to achieve security goals

Implementing strong security processes

Monitoring and communicating results

Compliance is the process of adhering to internal standards and external

regulations.

Specific controls, frameworks, and compliance

The National Institute of Standards and Technology (NIST) is a U.S.-based agency
that develops multiple voluntary compliance frameworks that organizations worldwide
can use to help manage risk. The more aligned an organization is with compliance,
the lower the risk.

Examples of frameworks include the NIST Cybersecurity Framework (CSF) and the NIST
Risk Management Framework (RMF).

Note: Specifications and guidelines can change depending on the type of

organization you work for.

The Federal Energy Regulatory Commission - North American Electric Reliability

Corporation (FERC-NERC)
FERC-NERC is a regulation that applies to organizations that work with electricity
or that are involved with the U.S. and North American power grid. These types of
organizations have an obligation to prepare for, mitigate, and report any potential
security incident that can negatively affect the power grid. They are also legally
required to adhere to the Critical Infrastructure Protection (CIP) Reliability
Standards defined by the FERC.

The Federal Risk and Authorization Management Program (FedRAMP®)

FedRAMP is a U.S. federal government program that standardizes security assessment,
authorization, monitoring, and handling of cloud services and product offerings.
Its purpose is to provide consistency across the government sector and third-party
cloud providers.

Center for Internet Security (CIS®)

CIS is a nonprofit with multiple areas of emphasis. It provides a set of controls
that can be used to safeguard systems and networks against attacks. Its purpose is
to help organizations establish a better plan of defense. CIS also provides
actionable controls that security professionals may follow if a security incident
occurs.

General Data Protection Regulation (GDPR)

GDPR is a European Union (E.U.) general data regulation that protects the
processing of E.U. residents’ data and their right to privacy in and out of E.U.
territory. For example, if an organization is not being transparent about the data
they are holding about an E.U. citizen and why they are holding that data, this is
an infringement that can result in a fine to the organization. Additionally, if a
breach occurs and an E.U. citizen’s data is compromised, they must be informed. The
affected organization has 72 hours to notify the E.U. citizen about the breach.

Payment Card Industry Data Security Standard (PCI DSS)

PCI DSS is an international security standard meant to ensure that organizations
storing, accepting, processing, and transmitting credit card information do so in a
secure environment. The objective of this compliance standard is to reduce credit
card fraud.

The Health Insurance Portability and Accountability Act (HIPAA)

HIPAA is a U.S. federal law established in 1996 to protect patients' health
information. This law prohibits patient information from being shared without their
consent. It is governed by three rules:

Privacy

Security

Breach notification

Organizations that store patient data have a legal obligation to inform patients of
a breach because if patients' Protected Health Information (PHI) is exposed, it can
lead to identity theft and insurance fraud. PHI relates to the past, present, or
future physical or mental health or condition of an individual, whether it’s a plan
of care or payments for care. Along with understanding HIPAA as a law, security
professionals also need to be familiar with the Health Information Trust Alliance
(HITRUST®), which is a security framework and assurance program that helps
institutions meet HIPAA compliance.

International Organization for Standardization (ISO)

ISO was created to establish international standards related to technology,
manufacturing, and management across borders. It helps organizations improve their
processes and procedures for staff retention, planning, waste, and services.
System and Organizations Controls (SOC type 1, SOC type 2)
The American Institute of Certified Public Accountants® (AICPA) auditing standards
board developed this standard. The SOC1 and SOC2 are a series of reports that focus
on an organization's user access policies at different organizational levels such
as:

Associate

Supervisor

Manager

Executive

Vendor

Others

They are used to assess an organization’s financial compliance and levels of risk.
They also cover confidentiality, privacy, integrity, availability, security, and
overall data safety. Control failures in these areas can lead to fraud.

Pro tip: There are a number of regulations that are frequently revised. You are
encouraged to keep up-to-date with changes and explore more frameworks, controls,
and compliance. Two suggestions to research: the Gramm-Leach-Bliley Act and the
Sarbanes-Oxley Act.

Asset: An item perceived as having value to an organization

Availability: The idea that data is accessible to those who are authorized to
access it

Compliance: The process of adhering to internal standards and external regulations

Confidentiality: The idea that only authorized users can access specific assets or
data

Confidentiality, integrity, availability (CIA) triad: A model that helps inform how
organizations consider risk when setting up systems and security policies

Hacktivist: A person who uses hacking to achieve a political goal

Health Insurance Portability and Accountability Act (HIPAA): A U.S. federal law
established to protect patients' health information

Integrity: The idea that the data is correct, authentic, and reliable

National Institute of Standards and Technology (NIST) Cyber Security Framework

(CSF): A voluntary framework that consists of standards, guidelines, and best
practices to manage cybersecurity risk

Privacy protection: The act of safeguarding personal information from unauthorized

use

Protected health information (PHI): Information that relates to the past, present,
or future physical or mental health or condition of an individual
Security architecture: A type of security design composed of multiple components,
such as tools and processes, that are used to protect an organization from risks
and external threats

Security controls: Safeguards designed to reduce specific security risks

Security ethics: Guidelines for making appropriate decisions as a security

professional

Security frameworks: Guidelines used for building plans to help mitigate risk and
threats to data and privacy

Security governance: Practices that help support, define, and direct security
efforts of an organization

Sensitive personally identifiable information (SPII): A specific type of PII that

falls under stricter handling guideline

------------------------------------------------
Programming is a process that can be used to create a specific set of instructions
for a computer to execute tasks. Security analysts use programming languages, such
as Python, to execute automation. Automation is the use of technology to reduce
human and manual effort in performing common and repetitive tasks. Automation also
helps reduce the risk of human error.

Another programming language used by analysts is called Structured Query Language

(SQL). SQL is used to create, interact with, and request information from a
database. A database is an organized collection of information or data. There can
be millions of data points in a database. A data point is a specific piece of
information.

A web vulnerability is a unique flaw in a web application that a threat actor could
exploit by using malicious code or behavior, to allow unauthorized access, data
theft, and malware deployment.

Antivirus software is a software program used to prevent, detect, and eliminate

malware and viruses. It is also called anti-malware. Depending on the type of
antivirus software, it can scan the memory of a device to find patterns that
indicate the presence of malware.

Intrusion detection system

An intrusion detection system (IDS) is an application that monitors system activity
and alerts on possible intrusions. The system scans and analyzes network packets,
which carry small amounts of data through a network. The small amount of data makes
the detection process easier for an IDS to identify potential threats to sensitive
data. Other occurrences an IDS might detect can include theft and unauthorized
access.

Encryption
Encryption makes data unreadable and difficult to decode for an unauthorized user;
its main goal is to ensure confidentiality of private data. Encryption is the
process of converting data from a readable format to a cryptographically encoded
format. Cryptographic encoding means converting plaintext into secure ciphertext.
Plaintext is unencrypted information and secure ciphertext is the result of
encryption.

Note: Encoding and encryption serve different purposes. Encoding uses a public
conversion algorithm to enable systems that use different data representations to
share information.

Penetration testing
Penetration testing, also called pen testing, is the act of participating in a
simulated attack that helps identify vulnerabilities in systems, networks,
websites, applications, and processes. It is a thorough risk assessment that can
evaluate and identify external and internal threats as well as weaknesses.

------------------------------------------------
Cybersecurity professionals use portfolios to demonstrate their security education,
skills, and knowledge. Professionals typically use portfolios when they apply for
jobs to show potential employers that they are passionate about their work and can
do the job they are applying for. Portfolios are more in depth than a resume, which
is typically a one-to-two page summary of relevant education, work experience, and
accomplishments. You will have the opportunity to develop a resume, and finalize
your portfolio, in the last course of this program.

Options for creating your portfolio

There are many ways to present a portfolio, including self-hosted and online
options such as:

Documents folder

Google Drive or Dropbox™

Google Sites

Git repository

------------------------------------------------
Antivirus software: A software program used to prevent, detect, and eliminate
malware and viruses

Database: An organized collection of information or data

Data point: A specific piece of information

Intrusion detection system (IDS): An application that monitors system activity and
alerts on possible intrusions

Linux: An open-source operating system

Log: A record of events that occur within an organization’s systems

Network protocol analyzer (packet sniffer): A tool designed to capture and analyze
data traffic within a network

Order of volatility: A sequence outlining the order of data that must be preserved
from first to last

Programming: A process that can be used to create a specific set of instructions

for a computer to execute tasks

Protecting and preserving evidence: The process of properly working with fragile
and volatile digital evidence

Security information and event management (SIEM): An application that collects and
analyzes log data to monitor critical activities in an organization
SQL (Structured Query Language): A programming language used to create, interact
with, and request information from a database