CYBER SECURITY

INTRODUCTION AND
OVERVIEW
TOPIC 1—
INTRODUCTION TO
CYBERSECURITY
 cybersecurity can be defined as the protection of information
assets by addressing threats to information processed, stored and
transported by internetworked information systems
1. Confidentiality means protection from unauthorized access.
2. Integrity means protection from unauthorized modification
3. availability means protection from disruptions in access.
With respect to technology, many factors can impact security, such
as:
 Level of IT complexity
 Network connectivity (e.g., internal, third-party, public)
 Specialist industry devices/instrumentation
 Platforms, applications and tools used
 On-premise cloud or hybrid systems
 Operational support for security
 User community and capabilities
 New or emerging security tools
When evaluating business plans and the general business
environment, consider drivers, such as:
 Nature of business
 Risk tolerance
 Risk appetite
 Security mission, vision and strategy
 Industry alignment and security trends
 Industry-specific compliance requirements and regulations
 Regional regulatory and compliance requirements
 Mergers, acquisitions and partnerships
 Outsourcing services or providers
TOPIC 2—DIFFERENCE
BETWEEN
INFORMATION SECURITY
AND CYBERSECURITY
 In the core of its cybersecurity framework, the National Institute of
Standards and Technology (NIST) identifies five key functions necessary
for the protection of digital assets. These functions coincide with incident
management methodologies and include the following activities:
 Identify—Use organizational understanding to minimize risk to systems,
PROTECTING assets, data and capabilities.

DIGITAL  Protect—Design safeguards to limit the impact of potential events on

critical services and infrastructure.
ASSETS  Detect—Implement activities to identify the occurrence of a
cybersecurity event.
 Respond—Take appropriate action after learning of a security event.
 Recover—Plan for resilience and the timely repair of compromised
capabilities and services.
TOPIC 3—
CYBERSECURITY
OBJECTIVES
  Nonrepudiation provides a means so that the person who sends or
receives information cannot deny that they sent or received the
NON information. It is implemented through digital signatures and
REPUDIATION transactional logs.
TOPIC 4—
CYBERSECURITY
GOVERNANCE
Governance is the responsibility of the board of directors and senior
management of the organization. A governance program has
several goals:
 Provide strategic direction
 Ensure that objectives are achieved
 Ascertain whether risk is being managed appropriately
 Verify that the organization’s resources are being used responsibly
Risk management is the coordination of activities that direct and
control an enterprise with regard to risk. Risk management requires
the development and implementation of internal controls to manage
and mitigate risk throughout the organization, including financial,
operational, reputational, and investment risk, physical risk and
cyberrisk
Compliance is the act of adhering to, and the ability to demonstrate
adherence to, mandated requirements defined by laws and
regulations. It also includes voluntary requirements resulting from
contractual obligations and internal policies.
TOPIC 5—
CYBERSECURITY
DOMAIN
CYBERSECURITY CONCEPTS
This domain provides discussion of critical concepts such as:
 Basic risk management
 Common attack vectors and threat agents
 Patterns and types of attacks
 Types of security policies and procedures
 Cybersecurity control processes
SECURITY ARCHITECTURE PRINCIPLES
This domain provides information that helps security professionals
identify and apply the principles of security architecture. It discusses
a variety of topics, including:
 Common security architectures and frameworks
 Perimeter security concepts
 System topology and perimeter concepts
 Firewalls and encryption
 Isolation and segmentation
 Methods for monitoring, detection and logging
SECURITY OF NETWORKS, SYSTEMS, APPLICATIONS AND DATA
This domain addresses basic system hardening techniques and
security measures, including:
 Process controls
– Risk assessments
– Vulnerability management
– Penetration testing
 Best practices for securing networks, systems, applications and
data
– System and application security threats and vulnerabilities
– Effective controls for managing vulnerabilities
INCIDENT RESPONSE
This domain articulates the critical distinction between an event and
an incident. More important, it outlines the steps necessary when
responding to a cybersecurity incident. It covers the following topics:
 Incident categories
 Disaster recovery and business continuity plans
 Steps of incident response
 Forensics and preservation of evidence
SECURITY IMPLICATIONS AND ADOPTION OF EVOLVING
TECHNOLOGY
This domain outlines the current threat landscape, including a
discussion of vulnerabilities associated with the following emerging
technologies:
 Mobile devices (bring your own device [BYOD], Internet of Things
[IoT])
 Cloud computing and storage
 Digital collaboration (social media)