Introduction to

Cyber Security
and Ethical
Hacking
Cyber security is the practice of protecting systems, networks,
and programs from digital attacks. Ethical hacking, or
penetration testing, involves using hacking techniques to
identify and address vulnerabilities in an organization's security
measures. These skills are essential for safeguarding digital
assets in our increasingly interconnected world.
by Kiran LB
Understanding Cyber Threats and
Vulnerabilities

1 Malware 2 Social Engineering

Malicious software like viruses, worms, and Manipulating people into revealing sensitive
Trojans that can damage, disrupt, or gain information or performing actions that
unauthorized access to systems. compromise security.

3 Network Vulnerabilities 4 Human Errors

Weaknesses in network protocols, software, or Mistakes made by employees that can
hardware that can be exploited by attackers. inadvertently expose an organization to cyber
threats.
Ethical Hacking Methodologies
Reconnaissance Scanning and Enumeration Exploitation

Gathering information about the Identifying active systems, open Using known vulnerabilities to
target, such as network ports, and running services to gain unauthorized access or
topology, software versions, and detect potential vulnerabilities. control over target systems.
employee data.
Penetration Testing Techniques
1 Black Box
Testing without any prior knowledge of the target system,
simulating a real-world attack scenario.

2 White Box
Testing with full access to the target system's information,
allowing for a more thorough assessment.

3 Grey Box
Testing with partial knowledge of the target system, combining
elements of black box and white box approaches.
Vulnerability Assessment and Mitigation
Vulnerability Scanning
Automated tools that identify and report on known
security vulnerabilities in systems and software.
Patch Management
Deploying software updates and security patches
to address known vulnerabilities and reduce the
attack surface.
Risk Analysis
Evaluating the potential impact and likelihood of
vulnerabilities being exploited, to prioritize
remediation efforts.
Network Segmentation
Dividing networks into smaller, isolated segments
to limit the spread of threats and contain the
impact of breaches.
Incident Response and Forensics

Preparation Identification Containment Recovery

Developing an incident Detecting and Implementing Restoring normal
response plan and analyzing suspicious measures to limit the operations and
ensuring the activity to determine damage and prevent implementing
necessary tools and the nature and scope the further spread of measures to prevent
processes are in place. of the incident. the incident. similar incidents in the
future.
Cybersecurity Frameworks and Standards

NIST Cybersecurity ISO/IEC 27001 COBIT PCI DSS

Framework
An international A framework for the A security standard for
A comprehensive set of standard that specifies governance and organizations that
guidelines and best the requirements for an management of handle branded credit
practices for managing information security enterprise IT, including and debit card
cybersecurity risk. management system. cybersecurity. payments.
Careers and Certifications in Cyber Security
Certified Ethical Hacker (CEH) Demonstrates expertise in penetration testing and
ethical hacking techniques.

Certified Information Systems Security Professional (CISSP)

Covers a broad range of cybersecurity topics and is
considered a gold standard certification.

Certified Information Security Manager (CISM) Focuses on the management and governance of
information security programs.

Certified Cloud Security Professional (CCSP) Validates knowledge in securing cloud computing
environments and architectures.