Essential Security Principles

Security Overview

Cyber Attackers

Computer Threats

Computer Threats (Again)

Mitigation Strategies

100

Computers, data, buildings, devices, etc. belonging to a security perimeter or organization.

Assets

100

Attacks for fun, known for inexperience

Script Kiddie

100

Malware that rapidly self-replicates

Worm

100

Malware that disguises itself as a legitimate piece of software.

Trojan

100

The CIA Triad stands for these.

Confidentiality, Integrity, Availability

200

A method of risk assessment that uses costs of assets to determine severity.

Quantitative

200

Attacks primarily for financial gain.

Cyber Criminal

200

Obtaining personal data via a scam website.

Pharming

200

Obtaining personal data via SMS

Smishing

200

A common security principle that only allows certain users the level of access that is necessary to perform their duties.

Principle of Least Privilege

300

A method of risk assessment that primarily uses the scope of threat to determine severity.

Qualitative

300

Funded by nation states for the purposes of cyber warfare.

State Actor

300

In a ransomware attack, a person's hard drive might have this done to it in exchange for a payout.

Encrypted

300

In some cases, this kind of attack can be the most dangerous if left unsecured. No matter what we do digitally, all of our security measures are worthless if we don't prepare against this.

Physical attacks

300

A kind of encryption that utilizes mathematically linked public and private keys. The public key is sent to the transmitter, but the receiver keeps the private key to themselves for decryption.

Asymmetric Encryption

400

The likelihood that a vulnerability will be acted upon by a threat or exploit.

Risk

400

The threat APT stands for this.

Advanced Persistent Threat

400

This type of attack involves stalling or stopping service from a victim by flooding its available bandwidth from multiple machines.

DDoS

400

This kind of malware isn't true malware, but allows for the gathering of user information without their knowledge.

Spyware

400

In security spaces, AAA stands for this.

Authentication, Authority, Accounting

500

An attack vector is made of these four things.

Vulnerabilities, Exploits, Threats, Risks

500

One of the most dangerous attackers are insider threats due to this nature.

Inside Access, Elevated Credentials

500

These two cybersecurity threats involve human interaction, either directly or with existing, freely available information.

Social Engineering, OSINT

500

A new vulnerability created from an age of decentralized networking that can involve the simpler devices on our network being unprotected.

Internet of Things (IoT)

500

The combination of applying firewalls, passwords, locked doors, vestibules, guards, and network monitoring to a system.

Countermeasures/Hardening