You will explore how cybersecurity threats have appeared and evolved alongside the adoption of computers. You will also understand how past and present cyber attacks have influenced the development of the security field. In addition, you’ll get an overview of the eight security domains.
Learning Objectives
- Identify the most common types of attacks, past and present
- Identify how security attacks impact business operations
- Recognize how past and present attacks on business operations have led to the development of the security field
- Identify the CISSP eight security domains
The history of cybersecurity
Video: Welcome to week 2
- The author is excited to be teaching a security course and believes that this is an exciting time to be learning about security.
- The author was inspired to work in security after learning about international hacks that impacted both private companies and government organizations.
- One reason there are so many jobs in the security field today is because of attacks that happened in the 1980s and 1990s.
- Security professionals are still actively working to protect organizations and people from variations of these early computer attacks.
- This section of the course will discuss viruses and malware, and introduce the concept of social engineering.
- The course will also discuss how the digital age ushered in a new era of threat actors.
- Knowing the evolution of each attack is key to protecting against future attacks.
- The course will provide an overview of eight security domains.
- The next section of the course will explore some of the viruses, data breaches, and malware attacks that have helped shape the industry as we know it today.
Here are some additional points that are mentioned in the passage:
- The security field is dynamic and important.
- There are many jobs in the security field today.
- Security professionals are still actively working to protect organizations and people from cyber attacks.
- Knowing the evolution of cyber attacks is key to protecting against future attacks.
- The security field is constantly evolving, and new threats are emerging all the time.
- Security professionals need to be constantly learning and adapting to new threats.
Welcome back! When it
comes to security, there is so much
to learn, and I’m thrilled to be part of
your career journey. This is such an exciting time to be learning about security! When I learned about
international hacks that impacted both private companies and government organizations, I was inspired to want to
work in security because I realized how dynamic and
important this field is. One reason there are so many jobs in the
security field today, is because of attacks
that happened in the 1980s and 1990s. Decades later,
security professionals are still actively working to protect organizations and people from variations of these
early computer attacks. In this section of the course, we’ll discuss viruses and malware, and introduce the
concept of social engineering. Then, we’ll discuss how the digital age ushered in
a new era of threat actors. Knowing the evolution
of each attack is key to protecting
against future attacks. Lastly, we’ll provide an overview of eight
security domains. Next up, we’ll
travel back in time, to explore some of the viruses, data breaches, and
malware attacks that have helped shape the
industry as we know it today.
Video: Past cybersecurity attacks
- The security industry is constantly evolving, but many present-day attacks are not entirely new. Attackers often alter or enhance previous methods.
- Understanding past attacks can provide direction for how to handle or investigate incidents in your job as a security analyst.
- Two examples of early malware attacks are the Brain virus and the Morris worm.
- The Brain virus was created in 1986 by the Alvi brothers to track illegal copies of medical software. However, the virus spread rapidly and caused significant damage to productivity and business operations.
- The Morris worm was created in 1988 by Robert Morris to assess the size of the internet. However, the worm caused a denial-of-service attack that disrupted thousands of computers.
- These early attacks helped to shape the current security industry by highlighting the need for better security measures.
- CERTs, or Computer Emergency Response Teams, were established to respond to computer security incidents. CERTs still exist today and have expanded their responsibilities to include more than just incident response.
- The digital age has ushered in a new era of cyber attacks, but the lessons learned from early attacks are still relevant today.
Here are some additional points that are mentioned in the passage:
- The security industry is constantly evolving, and new threats are emerging all the time.
- Security professionals need to be constantly learning and adapting to new threats.
- It is important to understand the history of cyber attacks in order to protect against future attacks.
- Early attacks can provide valuable insights into the motivations and methods of attackers.
- The security industry is a collaborative effort, and security professionals need to work together to protect against cyber attacks.
The security industry
is constantly evolving, but many present-day attacks
are not entirely new. Attackers often alter or
enhance previous methods. Understanding past attacks can provide direction
for how to handle or investigate incidents in your job as a security analyst. First, let’s go over
a couple of key terms that will support
your understanding of the attacks we’ll discuss. A computer virus is malicious code written
to interfere with computer operations and cause damage to data and software. The virus attaches itself to programs or documents
on a computer, then spreads and infects one or more computers
in a network. Today, viruses are more commonly
referred to as malware, which is software designed
to harm devices or networks. Two examples of early
malware attacks that we’ll cover are the Brain virus
and the Morris worm. They were created by malware developers to
accomplish specific tasks. However, the developers
underestimated the impact their malware would
have and the amount of infected computers
there would be. Let’s take a closer look
at these attacks and discuss how they helped shape security as we know it today. In 1986, the Alvi brothers
created the Brain virus, although the intention of
the virus was to track illegal copies of
medical software and prevent pirated licenses, what the virus actually
did was unexpected. Once a person used a pirated
copy of the software, the virus-infected that computer. Then, any disk that was inserted into the computer
was also infected. The virus spread
to a new computer every time someone used
one of the infected disks. Undetected, the virus spread globally within
a couple of months. Although the
intention was not to destroy data or hardware, the virus slowed down
productivity and significantly impacted
business operations. The Brain virus fundamentally altered the computing industry, emphasizing the
need for a plan to maintain security
and productivity. As a security analyst, you will follow and maintain strategies put in
place to ensure your organization has a plan to keep their data
and people safe. Another influential computer
attack was the Morris worm. In 1988, Robert Morris developed a program to assess the
size of the internet. The program crawled the web
and installed itself onto other computers to
tally the number of computers that were
connected to the internet. Sounds simple, right? The program, however, failed to keep track of the
computers it had already compromised and
continued to re-install itself until the computers ran
out of memory and crashed. About 6,000 computers
were affected, representing 10% of the
internet at the time. This attack cost millions of
dollars in damages due to business disruptions
and the efforts required to remove the worm. After the Morris worm, Computer Emergency
Response Teams, known as CERTs®, were established to respond to
computer security incidents. CERTs still exist today, but their place in the
security industry has expanded to include
more responsibilities. Later in this program, you’ll learn more about the core functions of
these security teams and gain hands-on practice with detection and
response tools. Early attacks played a key role in shaping the current
security industry. And coming up, we’ll discuss how attacks evolved in
the digital age.
Introduction
Cybersecurity attacks have been around since the early days of computing. In this tutorial, we will discuss some of the most famous and impactful cybersecurity attacks that have occurred over the years. By understanding these attacks, we can learn from the mistakes of the past and better protect ourselves from future attacks.
The Brain Virus
The Brain virus is considered to be the first computer virus. It was created in 1986 by two brothers in Pakistan. The virus spread through floppy disks and infected the Master Boot Record (MBR) of the infected computer. This prevented the computer from booting up normally. The Brain virus caused significant damage and is estimated to have infected millions of computers worldwide.
The Morris Worm
The Morris worm is considered to be the first internet worm. It was created in 1988 by Robert Morris, a graduate student at Cornell University. The worm spread through the internet and infected computers that were running the Unix operating system. The worm caused a denial-of-service attack that disrupted thousands of computers. The Morris worm is estimated to have caused millions of dollars in damage.
The Melissa Virus
The Melissa virus is a macro virus that was created in 1999. The virus spread through email attachments and infected Microsoft Word documents. The virus would then send itself to the first 50 people in the victim’s address book. The Melissa virus caused significant damage and is estimated to have infected over 100,000 computers worldwide.
The Code Red Worm
The Code Red worm is a computer worm that was created in 2001. The worm spread through the internet and infected computers that were running Microsoft Windows. The worm would then deface the infected computer’s web page with the message “Hacked by Chinese!” The Code Red worm is estimated to have infected over 250,000 computers worldwide.
The SQL Slammer Worm
The SQL Slammer worm is a computer worm that was created in 2003. The worm spread through the internet and infected computers that were running Microsoft SQL Server. The worm would then crash the infected computer’s database server. The SQL Slammer worm is estimated to have infected over 75,000 computers in under 10 minutes.
The Stuxnet Worm
The Stuxnet worm is a computer worm that was created in 2010. The worm was specifically designed to target industrial control systems. Stuxnet is believed to have been created by the United States and Israel to disrupt Iran’s nuclear program. The Stuxnet worm is considered to be one of the most sophisticated cyberattacks ever created.
The WannaCry Ransomware
The WannaCry ransomware is a type of malware that encrypts the victim’s files and demands a ransom payment in order to decrypt them. WannaCry was created in 2017 and spread through a vulnerability in Microsoft Windows. The WannaCry ransomware infected over 200,000 computers worldwide.
The NotPetya Ransomware
The NotPetya ransomware is a type of malware that is similar to WannaCry. NotPetya was created in 2017 and spread through a vulnerability in Microsoft Windows. However, NotPetya was not designed to encrypt the victim’s files. Instead, NotPetya was designed to destroy the victim’s computer. NotPetya infected over 300,000 computers worldwide.
Conclusion
These are just a few of the many cybersecurity attacks that have occurred over the years. By understanding these attacks, we can learn from the mistakes of the past and better protect ourselves from future attacks.
How to Protect Yourself from Cybersecurity Attacks
There are a number of things you can do to protect yourself from cybersecurity attacks. Here are a few tips:
- Keep your software up to date. Software updates often include security patches that can help to protect you from known vulnerabilities.
- Use strong passwords and don’t reuse them across different websites and accounts.
- Be careful about what links you click on and what attachments you open in emails.
- Use a firewall and antivirus software.
- Be aware of the latest cybersecurity threats and best practices.
Video: Attacks in the digital age
- The expansion of reliable high-speed internet led to an increase in the number of computers connected to the internet.
- This allowed threat actors to spread malware through the internet, without the need for physical disks.
- Two notable attacks that relied on the internet are the LoveLetter attack and the Equifax breach.
- The LoveLetter attack was a social engineering attack that exploited people’s tendency to open unsolicited emails.
- The attack infected 45 million computers globally and caused over $10 billion in damages.
- The Equifax breach was a data breach that affected 143 million customers and resulted in the theft of sensitive personal information.
- The breach occurred due to multiple failures on Equifax’s part, including the failure to fix known vulnerabilities.
- These attacks are just two examples of the many cybersecurity threats that exist.
- As a security professional, it is important to be aware of these threats and to take steps to protect your organization.
Here are some additional points that are mentioned in the passage:
- Social engineering is a manipulation technique that exploits human error to gain private information, access, or valuables.
- Phishing is the use of digital communications to trick people into revealing sensitive data or deploying malicious software.
- Data breaches can have a significant impact on individuals and organizations.
- It is important to have strong security measures in place to protect against cyberattacks.
Introduction
The digital age has ushered in a new era of cybersecurity threats. With the increasing reliance on technology, criminals have found new ways to exploit vulnerabilities and steal data.
Types of Attacks
There are many different types of cyberattacks, but some of the most common include:
- Malware: Malware is software that is designed to harm a computer system. It can be spread through email attachments, malicious websites, or USB drives.
- Phishing: Phishing is a type of social engineering attack that involves sending emails or text messages that appear to be from a legitimate source. The emails or text messages often contain a link that, when clicked, will take the victim to a fake website that looks like the real website. Once the victim enters their personal information on the fake website, the attacker can steal it.
- Data breaches: A data breach is an incident in which sensitive data is stolen from a computer system. This data can include personal information, financial information, or intellectual property.
- Denial-of-service (DoS) attacks: A DoS attack is an attempt to make a computer system unavailable to its intended users. This can be done by flooding the system with traffic or by sending it malicious commands.
- Cyberwarfare: Cyberwarfare is an attack that is carried out by a nation-state against another nation-state. These attacks can be used to disrupt critical infrastructure, steal sensitive information, or sow discord among the population.
How to Protect Yourself
There are a number of things you can do to protect yourself from cyberattacks:
- Be careful about what emails and text messages you open. If you’re not sure if an email or text message is from a legitimate source, don’t open it.
- Keep your software up to date. Software updates often include security patches that can help to protect you from known vulnerabilities.
- Use strong passwords and don’t reuse them across different websites and accounts. A strong password is at least 12 characters long and includes a mix of uppercase and lowercase letters, numbers, and symbols.
- Be careful about what information you share online. Don’t share your personal information, financial information, or passwords on social media or other public websites.
- Use a firewall and antivirus software. A firewall can help to protect your computer from unauthorized access, and antivirus software can help to detect and remove malware.
- Be aware of the latest cybersecurity threats. Stay up-to-date on the latest cybersecurity threats so that you can take steps to protect yourself.
Conclusion
The digital age has made our lives easier in many ways, but it has also made us more vulnerable to cyberattacks. By taking the necessary precautions, you can help to protect yourself from these threats.
Here are some additional tips for protecting yourself from cyberattacks:
- Use a VPN when connecting to public Wi-Fi.
- Be careful about what websites you visit.
- Don’t click on links in emails or text messages from people you don’t know.
- Back up your data regularly.
- Be aware of the signs of a cyberattack, such as unusual activity on your computer or strange emails or text messages.
What type of manipulation technique was the LoveLetter attack?
Social engineering
The LoveLetter attack was an example of social engineering. Social engineering is a manipulation technique that exploits human error to gain private information, access, or valuables.
With the expansion of
reliable high-speed internet, the number of computers connected to
the internet increased dramatically. Because malware could spread
through the internet, threat actors no longer needed to use
physical disks to spread viruses. To better understand
attacks in the digital age, we’ll discuss two notable attacks
that relied on the internet: the LoveLetter attack and
the Equifax breach. In the year 2000,
Onel De Guzman created the LoveLetter malware to steal
internet login credentials. This attack spread rapidly and
took advantage of people who had not developed a healthy suspicion for
unsolicited emails. Users received an email with
the subject line, “I Love You.” Each email contained an attachment
labeled, “Love Letter For You.” When the attachment was opened,
the malware scanned a user’s address book. Then, it automatically sent itself
to each person on the list and installed a program to collect
user information and passwords. Recipients would think they were
receiving an email from a friend, but it was actually malware. The LoveLetter ended up infecting
45 million computers globally and is believed to have caused over
$10 billion dollars in damages. The LoveLetter attack is the first
example of social engineering. Social engineering is a manipulation
technique that exploits human error to gain private information,
access, or valuables. After the LoveLetter, attackers understood the power
of social engineering. The number of social engineering
attacks is increasing with every new social media application that allows
public access to people’s data. Many people are now prioritizing
convenience over privacy. The trade-off of this evolving shift
is that these tools may lead to increased vulnerability, if people
do not use them appropriately. As a security professional,
your role is to identify and manage inappropriate use of technology
that may place your organization and all the people associated with it at risk. One way to safeguard your organization is
to conduct regular internal trainings, which you as a future security analyst
may be asked to lead or participate in. Today, it’s common for employees to receive training on how
to identify social engineering attacks. Specifically, phishing through
the emails they receive. Phishing is the use of digital
communications to trick people into revealing sensitive data or
deploying malicious software. Now, let’s discuss the Equifax breach. In 2017, attackers successfully infiltrated
the credit reporting agency, Equifax. This resulted in one of the largest known
data breaches of sensitive information. Over 143 million customer
records were stolen, and the breach affected approximately
40% of all Americans. The records included personally
identifiable information including social security numbers, birth dates,
driver’s license numbers, home addresses, and credit card numbers. From a security standpoint, the breach occurred due to multiple
failures on Equifax’s part. It wasn’t just one vulnerability that
the attackers took advantage of, there were several. The company failed to take the actions
needed to fix multiple known vulnerabilities in the months
leading up to the data breach. In the end,
Equifax settled with the U.S. government and paid over $575 million dollars to resolve customer
complaints and cover required fines. While there have been other data breaches
before and after the Equifax breach, the large settlement with the U.S.
government alerted companies to the financial impact of a breach and the
need to implement preventative measures. These are just a couple of well-known
incidents that have shaped the security industry. Knowing about them will help
you in your security career. Understanding different types of malware
and social engineering attacks will allow you to communicate about security
risks during future job interviews. As a future security professional,
constantly adapting and educating yourself on threat actors’ tactics and
techniques will be a part of your job. By noticing similar trends,
patterns, and methodologies, you may be able to identify a potential
breach and limit future damage. Finally, understanding how
security affects people’s lives is a good reminder of why the work
you will do is so important!
Reading: Common attacks and their effectiveness
Reading
Previously, you learned about past and present attacks that helped shape the cybersecurity industry. These included the LoveLetter attack, also called the ILOVEYOU virus, and the Morris worm. One outcome was the establishment of response teams, which are now commonly referred to as computer security incident response teams (CSIRTs). In this reading, you will learn more about common methods of attack. Becoming familiar with different attack methods, and the evolving tactics and techniques threat actors use, will help you better protect organizations and people.
Phishing
Phishing is the use of digital communications to trick people into revealing sensitive data or deploying malicious software.
Some of the most common types of phishing attacks today include:
- Business Email Compromise (BEC): A threat actor sends an email message that seems to be from a known source to make a seemingly legitimate request for information, in order to obtain a financial advantage.
- Spear phishing: A malicious email attack that targets a specific user or group of users. The email seems to originate from a trusted source.
- Whaling: A form of spear phishing. Threat actors target company executives to gain access to sensitive data.
- Vishing: The exploitation of electronic voice communication to obtain sensitive information or to impersonate a known source.
- Smishing: The use of text messages to trick users, in order to obtain sensitive information or to impersonate a known source.
Malware
Malware is software designed to harm devices or networks. There are many types of malware. The primary purpose of malware is to obtain money, or in some cases, an intelligence advantage that can be used against a person, an organization, or a territory.
Some of the most common types of malware attacks today include:
- Viruses: Malicious code written to interfere with computer operations and cause damage to data and software. A virus needs to be initiated by a user (i.e., a threat actor), who transmits the virus via a malicious attachment or file download. When someone opens the malicious attachment or download, the virus hides itself in other files in the now infected system. When the infected files are opened, it allows the virus to insert its own code to damage and/or destroy data in the system.
- Worms: Malware that can duplicate and spread itself across systems on its own. In contrast to a virus, a worm does not need to be downloaded by a user. Instead, it self-replicates and spreads from an already infected computer to other devices on the same network.
- Ransomware: A malicious attack where threat actors encrypt an organization’s data and demand payment to restore access.
- Spyware: Malware that’s used to gather and sell information without consent. Spyware can be used to access devices. This allows threat actors to collect personal data, such as private emails, texts, voice and image recordings, and locations.
Social Engineering
Social engineering is a manipulation technique that exploits human error to gain private information, access, or valuables. Human error is usually a result of trusting someone without question. It’s the mission of a threat actor, acting as a social engineer, to create an environment of false trust and lies to exploit as many people as possible.
Some of the most common types of social engineering attacks today include:
- Social media phishing: A threat actor collects detailed information about their target from social media sites. Then, they initiate an attack.
- Watering hole attack: A threat actor attacks a website frequently visited by a specific group of users.
- USB baiting: A threat actor strategically leaves a malware USB stick for an employee to find and install, to unknowingly infect a network.
- Physical social engineering: A threat actor impersonates an employee, customer, or vendor to obtain unauthorized access to a physical location.
Social engineering principles
Social engineering is incredibly effective. This is because people are generally trusting and conditioned to respect authority. The number of social engineering attacks is increasing with every new social media application that allows public access to people’s data. Although sharing personal data—such as your location or photos—can be convenient, it’s also a risk.
Reasons why social engineering attacks are effective include:
- Authority: Threat actors impersonate individuals with power. This is because people, in general, have been conditioned to respect and follow authority figures.
- Intimidation: Threat actors use bullying tactics. This includes persuading and intimidating victims into doing what they’re told.
- Consensus/Social proof: Because people sometimes do things that they believe many others are doing, threat actors use others’ trust to pretend they are legitimate. For example, a threat actor might try to gain access to private data by telling an employee that other people at the company have given them access to that data in the past.
- Scarcity: A tactic used to imply that goods or services are in limited supply.
- Familiarity: Threat actors establish a fake emotional connection with users that can be exploited.
- Trust: Threat actors establish an emotional relationship with users that can be exploited over time. They use this relationship to develop trust and gain personal information.
- Urgency: A threat actor persuades others to respond quickly and without questioning.
Key takeaways
In this reading, you learned about some common attacks and their impacts. You also learned about social engineering and why it’s so successful. While this is only a brief introduction to attack types, you will have many opportunities throughout the program to further develop your understanding of how to identify and defend against cybersecurity attacks.
Video: Sean: Keep your cool during a data breach
- Sean is a Technical Program Manager in Google Workspace with 30 years of experience in security.
- He says that the most important thing to do during your first data breach is to keep your cool.
- Everyone else will be freaking out, but you need to be the calm one in the room.
- The first thing you need to do is contain the breach. This means stopping the flow of data out of the organization.
- If you are still losing data, you may need to take drastic measures, such as shutting down servers or networks.
- Your goal is to stop the data loss as quickly as possible.
- Once the breach has been contained, you can start to investigate what happened.
- This will help you to understand how the breach occurred and how to prevent it from happening again.
- Sean emphasizes the importance of executing your incident management plan. This plan should outline the steps you will take in the event of a data breach.
- By following your plan, you can ensure that you are prepared to handle the situation effectively.
Here are some additional tips from Sean:
- Communicate with stakeholders. Keep everyone who needs to know updated on the situation.
- Be transparent. Don’t try to hide anything.
- Be proactive. Don’t wait for things to happen. Take steps to prevent future breaches.
- Learn from your mistakes. Don’t make the same mistake twice.
Hi, my name is Sean. I’m a Technical Program
Manager in Google workspace. I am a 30 year security veteran within the security space across six different industries. During your first data breach, the most important
thing that you can do is keep your cool. Everyone around is going
to be freaking out. If you are on the security team and you
are managing the incident, you have to legitimately be
the cool guy in the room. Be that person that has the
pause in the conversation. Somebody might be like, do
you know what’s going on? I absolutely do. I think the biggest
breach I’ve ever had was a phone call. An engineer for
another financial, bought a server off eBay. That server fired it
up hadn’t been wiped. Twenty million credit
card records were on it. That triggered a whole review of we had not been controlling for how do third parties because we were now outsourcing
data centers. How do third parties wipe the servers that
we no longer use? The first thing
you’re going to do is to contain the breach. If you are still
hemorrhaging data, you go through your progressions to stop hemorrhaging data. So if that means shutting
down a server, shutting down a data
center, shutting down comms, whatever, stopping the data loss is that is your number
one priority. Your job as an incident manager
or as somebody working a breach is to stop the breach and then
investigate the breach. So executing your incident
management by plan is the most important thing that an entry level person
can keep in mind.
Practice Quiz: Test your knowledge: The history of cybersecurity
Fill in the blank: A computer virus is malicious _ that interferes with computer operations and causes damage.
code
A computer virus is malicious code that interferes with computer operations and causes damage. A virus is a type of malware.
What is one way that the Morris worm helped shape the security industry?
It led to the development of computer response teams.
The Morris worm helped shape the security industry because it led to the development of computer emergency response teams, now commonly referred to as computer security incident response teams (CSIRTs).
What were the key impacts of the Equifax breach? Select two answers.
- The significant financial consequences of a breach became more apparent.
- Millions of customers’ PII was stolen.
The key impacts of the Equifax breach were the fact that millions of customers’ PII was stolen and that the significant financial consequences of a breach became more apparent.
Social engineering, such as phishing, is a manipulation technique that relies on computer error to gain private information, access, or valuables.
False
Social engineering, such as phishing, is a manipulation technique that relies on human error (not computer error) to gain private information, access, or valuables.
The eight CISSP security domains
Video: Introduction to the eight CISSP security domains, Part 1
- Security professionals play an important role in protecting organizations from cyber threats.
- There are eight domains of security, each with its own focus.
- The first four domains are security and risk management, asset security, security architecture and engineering, and communication and network security.
- Security and risk management focuses on defining security goals and objectives, risk mitigation, compliance, business continuity, and the law.
- Asset security focuses on securing digital and physical assets, as well as the storage, maintenance, retention, and destruction of data.
- Security architecture and engineering focuses on optimizing data security by ensuring effective tools, systems, and processes are in place.
- Communication and network security focuses on managing and securing physical networks and wireless communications.
- Maintaining an organization’s security is a team effort, and there are many moving parts.
- As an entry-level analyst, you will continue to develop your skills by learning how to mitigate risks to keep people and data safe.
- You don’t need to be an expert in all domains, but having a basic understanding of them will aid you in your journey as a security professional.
Here are some additional points that are mentioned in the text:
- The eight domains of security are defined by the CISSP (Certified Information Systems Security Professional) certification.
- The CISSP is a widely recognized security certification that is held by security professionals around the world.
- The eight domains of security are constantly evolving as new threats emerge.
- Security professionals need to stay up-to-date on the latest threats and security best practices.
The CISSP (Certified Information Systems Security Professional) is a widely recognized security certification that is held by security professionals around the world. The CISSP certification covers eight domains of security:
- Security and Risk Management
- Asset Security
- Security Architecture and Engineering
- Communication and Network Security
- Identity and Access Management
- Security Assessment and Testing
- Security Operations
- Software Development Security
This tutorial will provide an introduction to each of the eight domains.
Security and Risk Management
The security and risk management domain covers the identification, assessment, and mitigation of risks to an organization’s information assets. This includes understanding the threats and vulnerabilities that an organization faces, as well as developing and implementing security controls to mitigate those risks.
Asset Security
The asset security domain covers the protection of an organization’s information assets, both physical and digital. This includes securing data, hardware, software, and other assets from unauthorized access, use, disclosure, modification, or destruction.
Security Architecture and Engineering
The security architecture and engineering domain covers the design, implementation, and maintenance of an organization’s security infrastructure. This includes designing and implementing security controls, such as firewalls, intrusion detection systems, and access control lists.
Communication and Network Security
The communication and network security domain covers the protection of an organization’s networks and communications systems. This includes securing wired and wireless networks, as well as email, voice, and video communications.
Identity and Access Management
The identity and access management domain covers the management of user identities and access to systems and resources. This includes creating and managing user accounts, as well as assigning permissions to users and groups.
Security Assessment and Testing
The security assessment and testing domain covers the testing of an organization’s security controls to ensure that they are effective. This includes penetration testing, vulnerability scanning, and security audits.
Security Operations
The security operations domain covers the day-to-day operation of an organization’s security infrastructure. This includes monitoring and responding to security incidents, as well as performing routine security tasks such as patch management.
Software Development Security
The software development security domain covers the security of software development processes and products. This includes developing secure software, as well as testing software for security vulnerabilities.
These are just a brief introduction to the eight CISSP security domains. For more information, please refer to the CISSP Common Body of Knowledge (CBK).
As the tactics of threat actors evolve, so
do the roles of security professionals. Having a solid understanding of core
security concepts will support your growth in this field. One way to better understand
these core concepts is by organizing them into categories,
called security domains. As of 2022, CISSP has defined eight domains to organize the work of
security professionals. It’s important to understand that these
domains are related and that gaps in one domain can result in negative
consequences to an entire organization. It’s also important to understand
the domains because it may help you better understand your career goals
and your role within an organization. As you learn more about
the elements of each domain, the work involved in one may appeal
to you more than the others. This domain may become a career path for
you to explore further. CISSP defines eight domains in total, and we’ll discuss all eight between
this video and the next. In this video, we’re going to
cover the first four: security and risk management,
asset security, security architecture and engineering,
and communication and network security. Let’s start with the first domain,
security and risk management. Security and risk management focuses on
defining security goals and objectives, risk mitigation, compliance,
business continuity, and the law. For example, security analysts may
need to update company policies related to private health information if a change is made to a federal
compliance regulation such as the Health Insurance Portability and
Accountability Act, also known as HIPAA. The second domain is asset security. This domain focuses on securing
digital and physical assets. It’s also related to the storage,
maintenance, retention, and destruction of data. When working with this domain,
security analysts may be tasked with making sure that old equipment
is properly disposed of and destroyed, including any type
of confidential information. The third domain is security
architecture and engineering. This domain focuses on optimizing data
security by ensuring effective tools, systems, and processes are in place. As a security analyst, you may be
tasked with configuring a firewall. A firewall is a device used to monitor and
filter incoming and outgoing computer network traffic. Setting up a firewall correctly helps
prevent attacks that could affect productivity. The fourth security domain is
communication and network security. This domain focuses on managing and
securing physical networks and wireless communications. As a security analyst, you may be asked to analyze user
behavior within your organization. Imagine discovering that users are
connecting to unsecured wireless hotspots. This could leave the organization and
its employees vulnerable to attacks. To ensure communications are secure,
you would create a network policy to prevent and mitigate exposure. Maintaining an organization’s
security is a team effort, and there are many moving parts. As an entry-level analyst, you will
continue to develop your skills by learning how to mitigate risks
to keep people and data safe. You don’t need to be an expert in all
domains. But, having a basic understanding of them will aid you in your
journey as a security professional. You’re doing great! We have just
introduced the first four security domains, and
in the next video, we’ll discuss four more! See you soon!
Video: Introduction to the eight CISSP security domains, Part 2
- The eight security domains of the CISSP certification are: security and risk management, asset security, security architecture and engineering, communication and network security, identity and access management, security assessment and testing, security operations, and software development security.
- In this video, the remaining four domains are introduced: identity and access management, security assessment and testing, security operations, and software development security.
- Identity and access management (IAM) is the process of controlling who has access to what resources. It includes things like creating and managing user accounts, assigning permissions, and managing passwords.
- Security assessment and testing (SAT) is the process of evaluating the security of an organization’s systems and networks. It includes things like penetration testing, vulnerability scanning, and security audits.
- Security operations (SecOps) is the day-to-day work of monitoring and responding to security incidents. It also includes things like patch management and incident response planning.
- Software development security (SDS) is the practice of incorporating security into the software development process. It includes things like secure coding practices and vulnerability scanning.
The text also emphasizes the importance of understanding the different security domains and how they work together. This knowledge is essential for security professionals who want to be effective in their roles.
Welcome back. In the last video, we introduced you to the
first four security domains. In this video, we’ll introduce you to the next four
security domains: identity and access management, security assessment and testing, security operations, and
software development security. Familiarizing yourself
with these domains will allow you to navigate the
complex world of security. The domains outline and organize how a team of security
professionals work together. Depending on the organization, analyst roles may sit
at the intersection of multiple domains or focus
on one specific domain. Knowing where a particular role fits within the
security landscape will help you prepare
for job interviews and work as part of a
full security team. Let’s move into
the fifth domain: identity and access management. Identity and access management focuses on keeping
data secure, by ensuring users follow
established policies to control and manage
physical assets, like office spaces, and logical assets, such as
networks and applications. Validating the identities of employees and
documenting access roles are essential to maintaining the organization’s physical
and digital security. For example, as a
security analyst, you may be tasked
with setting up employees’ keycard
access to buildings. The sixth domain is security
assessment and testing. This domain focuses on conducting security
control testing, collecting and analyzing
data, and conducting security audits to monitor for risks, threats, and
vulnerabilities. Security analysts may
conduct regular audits of user permissions,
to make sure that users have the correct
level of access. For example, access to payroll information is often limited to certain employees, so analysts may be asked to
regularly audit permissions to ensure that no
unauthorized person can view employee salaries. The seventh domain is
security operations. This domain focuses
on conducting investigations and implementing
preventative measures. Imagine that you, as
a security analyst, receive an alert that an unknown device has been connected to your
internal network. You would need to follow
the organization’s policies and procedures to quickly
stop the potential threat. The final, eighth domain is
software development security. This domain focuses on using
secure coding practices, which are a set of recommended
guidelines that are used to create secure
applications and services. A security analyst may work with software development
teams to ensure security practices
are incorporated into the software
development life-cycle. If, for example, one of your partner teams is
creating a new mobile app, then you may be asked to advise on the
password policies or ensure that any user data is properly secured and managed. That ends our introduction to CISSP’s eight security domains. Challenge yourself to
better understand each of these domains and
how they affect the overall security
of an organization. While they may still be a bit unclear to you this
early in the program, these domains will
be discussed in greater detail in the next
course. See you there!
Reading: Determine the type of attack
Reading
Previously, you learned about the eight Certified Information Systems Security Professional (CISSP) security domains. The domains can help you better understand how a security analyst’s job duties can be organized into categories. Additionally, the domains can help establish an understanding of how to manage risk. In this reading, you will learn about additional methods of attack. You’ll also be able to recognize the types of risk these attacks present.
Attack types
Password attack
A password attack is an attempt to access password-secured devices, systems, networks, or data. Some forms of password attacks that you’ll learn about later in the certificate program are:
- Brute force
- Rainbow table
Password attacks fall under the communication and network security domain.
Social engineering attack
Social engineering is a manipulation technique that exploits human error to gain private information, access, or valuables. Some forms of social engineering attacks that you will continue to learn about throughout the program are:
- Phishing
- Smishing
- Vishing
- Spear phishing
- Whaling
- Social media phishing
- Business Email Compromise (BEC)
- Watering hole attack
- USB (Universal Serial Bus) baiting
- Physical social engineering
Social engineering attacks are related to the security and risk management domain.
Physical attack
A physical attack is a security incident that affects not only digital but also physical environments where the incident is deployed. Some forms of physical attacks are:
- Malicious USB cable
- Malicious flash drive
- Card cloning and skimming
Physical attacks fall under the asset security domain.
Adversarial artificial intelligence
Adversarial artificial intelligence is a technique that manipulates artificial intelligence and machine learning technology to conduct attacks more efficiently. Adversarial artificial intelligence falls under both the communication and network security and the identity and access management domains.
Supply-chain attack
A supply-chain attack targets systems, applications, hardware, and/or software to locate a vulnerability where malware can be deployed. Because every item sold undergoes a process that involves third parties, this means that the security breach can occur at any point in the supply chain. These attacks are costly because they can affect multiple organizations and the individuals who work for them. Supply-chain attacks can fall under several domains, including but not limited to the security and risk management, security architecture and engineering, and security operations domains.
Cryptographic attack
A cryptographic attack affects secure forms of communication between a sender and intended recipient. Some forms of cryptographic attacks are:
- Birthday
- Collision
- Downgrade
Cryptographic attacks fall under the communication and network security domain.
Key takeaways
The eight CISSP security domains can help an organization and its security team fortify against and prepare for a data breach. Data breaches range from simple to complex and fall under one or more domains. Note that the methods of attack discussed are only a few of many. These and other types of attacks will be discussed throughout the certificate program.
Resources for more information
To view detailed information and definitions of terms covered in this reading, visit the National Institute of Standards and Technology (NIST) glossary.
Pro tip: If you cannot find a term in the NIST glossary, enter the appropriate search term (e.g., “cybersecurity birthday attack”) into your preferred search engine to locate the definition in another reliable source such as a .edu or .gov site.
Reading: Understand attackers
Reading
Previously, you were introduced to the concept of threat actors. As a reminder, a threat actor is any person or group who presents a security risk. In this reading, you’ll learn about different types of threat actors. You will also learn about their motivations, intentions, and how they’ve influenced the security industry.
Threat actor types
Advanced persistent threats
Advanced persistent threats (APTs) have significant expertise accessing an organization’s network without authorization. APTs tend to research their targets (e.g., large corporations or government entities) in advance and can remain undetected for an extended period of time. Their intentions and motivations can include:
- Damaging critical infrastructure, such as the power grid and natural resources
- Gaining access to intellectual property, such as trade secrets or patents
Insider threats
Insider threats abuse their authorized access to obtain data that may harm an organization. Their intentions and motivations can include:
- Sabotage
- Corruption
- Espionage
- Unauthorized data access or leaks
Hacktivists
Hacktivists are threat actors that are driven by a political agenda. They abuse digital technology to accomplish their goals, which may include:
- Demonstrations
- Propaganda
- Social change campaigns
- Fame
Hacker types
A hacker is any person who uses computers to gain access to computer systems, networks, or data. They can be beginner or advanced technology professionals who use their skills for a variety of reasons. There are three main categories of hackers:
- Authorized hackers are also called ethical hackers. They follow a code of ethics and adhere to the law to conduct organizational risk evaluations. They are motivated to safeguard people and organizations from malicious threat actors.
- Semi-authorized hackers are considered researchers. They search for vulnerabilities but don’t take advantage of the vulnerabilities they find.
- Unauthorized hackers are also called unethical hackers. They are malicious threat actors who do not follow or respect the law. Their goal is to collect and sell confidential data for financial gain.
Note: There are multiple hacker types that fall into one or more of these three categories.
New and unskilled threat actors have various goals, including:
- To learn and enhance their hacking skills
- To seek revenge
- To exploit security weaknesses by using existing malware, programming scripts, and other tactics
Other types of hackers are not motivated by any particular agenda other than completing the job they were contracted to do. These types of hackers can be considered unethical or ethical hackers. They have been known to work on both illegal and legal tasks for pay.
There are also hackers who consider themselves vigilantes. Their main goal is to protect the world from unethical hackers.
Key takeaways
Threat actors and hackers are technically skilled individuals. Understanding their motivations and intentions will help you be better prepared to protect your organization and the people it serves from malicious attacks carried out by some of these individuals and groups.
Resources for more information
To learn more about how security teams work to keep organizations and people safe, explore the Hacking Google series of videos.
Practice Quiz: Test your knowledge: The eight CISSP security domains
Fill in the blank: Examples of security _ include security and risk management and security architecture and engineering.
domains
Examples of security domains include security and risk management and security architecture and engineering.
A security professional is responsible for ensuring that company servers are configured to securely store, maintain, and retain SPII. These responsibilities belong to what security domain?
Asset security
These responsibilities are part of the asset security domain. This domain focuses on managing and securing digital and physical assets.
Your supervisor asks you to audit the human resources management system at your organization. The objective of your audit is to ensure the system is granting appropriate access permissions to current human resources administrators. Which security domain is this audit related to?
Security assessment and testing
This is related to security assessment and testing, which often involves regular audits of user permissions to make sure employees and teams have the correct level of access.
You receive an alert that an unknown device has been connected to your company’s internal network. You follow company policies and procedures to stop the potential threat. Which security domain is this scenario related to?
Security operations
This is related to the security operations domain, which is focused on conducting investigations and implementing preventative measures. In this scenario, following company policies and procedures to stop the potential threat is an example of taking preventative measures.
Review: The evolution of cybersecurity
Video: Wrap-up
- This article discussed some of the most influential security attacks throughout history, including the Brain virus, the Morris worm, the LoveLetter attack, and the Equifax data breach.
- These attacks have shaped the security industry and shown the widespread impacts and associated costs of security breaches.
- CISSP’s eight security domains (security and risk management, asset security, security architecture and engineering, communication and network security, identity and access management, security assessment and testing, security operations, and incident response and disaster recovery) provide a way to organize the work of security professionals.
- Every security professional is essential and their unique point of view, professional background, and knowledge are valuable.
Here are some additional points that are mentioned in the text:
- Understanding previous attacks is critical for security professionals who are working to protect organizations and people from possible future variants.
- Social engineering is a common tactic used by threat actors to trick people into giving up their personal information or clicking on malicious links.
- The security industry is constantly evolving, so it is important for security professionals to stay up-to-date on the latest threats and trends.
- The diversity of the security workforce is one of its strengths. By bringing different perspectives and experiences to the table, security professionals can better protect organizations and people from harm.
This concludes our brief introduction
to some of the most influential security attacks throughout history and
CISSP’s eight security domains. Let’s review what we’ve discussed. First, we covered viruses, including
the Brain virus and the Morris worm, and discussed how these early forms of
malware shaped the security industry. We also discussed how many attacks today
are variants of these early examples. Understanding previous attacks is
critical for security professionals who are working to protect organizations and
people from possible future variants. We also discussed social engineering and
threat actor motives by learning about the LoveLetter
attack and the Equifax data breach. These incidents showed
the widespread impacts and associated costs of more recent
security breaches in the digital age. Finally, we introduced CISSP’s eight
security domains and how they can be used to categorize different areas of
focus within the security profession. I hope you’re feeling confident about
your foundational security knowledge! Learning the history of security can allow
you to better understand the current industry. CISSP’s eight security domains
provide a way to organize the work of security professionals. Remember, every security
professional is essential. Your unique point of view, professional
background, and knowledge are valuable. So, the diversity you bring
to the field will further improve the security industry as you work
to keep organizations and people safe.
Reading: Glossary terms from week 2
Reading
Terms and definitions from Course 1, Week 2
Adversarial artificial intelligence (AI): A technique that manipulates artificial intelligence (AI) and machine learning (ML) technology to conduct attacks more efficiently
Business Email Compromise (BEC): A type of phishing attack where a threat actor impersonates a known source to obtain financial advantage
Computer virus: Malicious code written to interfere with computer operations and cause damage to data and software
Cryptographic attack: An attack that affects secure forms of communication between a sender and intended recipient
Hacker: Any person who uses computers to gain access to computer systems, networks, or data
Malware: Software designed to harm devices or networks
Password attack: An attempt to access password secured devices, systems, networks, or data
Phishing: The use of digital communications to trick people into revealing sensitive data or deploying malicious software
Physical attack: A security incident that affects not only digital but also physical environments where the incident is deployed
Physical social engineering: An attack in which a threat actor impersonates an employee, customer, or vendor to obtain unauthorized access to a physical location
Social engineering: A manipulation technique that exploits human error to gain private information, access, or valuables
Social media phishing: A type of attack where a threat actor collects detailed information about their target on social media sites before initiating the attack
Spear phishing: A malicious email attack targeting a specific user or group of users, appearing to originate from a trusted source
Supply-chain attack: An attack that targets systems, applications, hardware, and/or software to locate a vulnerability where malware can be deployed
USB baiting: An attack in which a threat actor strategically leaves a malware USB stick for an employee to find and install to unknowingly infect a network
Virus: refer to “computer virus”
Vishing: The exploitation of electronic voice communication to obtain sensitive information or to impersonate a known source
Watering hole attack: A type of attack when a threat actor compromises a website frequently visited by a specific group of users
Quiz: Weekly challenge 2
What is the term for software that is designed to harm devices or networks?
Malware
What historical event occurred as a result of trying to track illegal copies of medical software and prevent pirated licenses?
Brain virus
Fill in the blank: Exploiting human error to gain access to private information is an example of _ engineering.
social
A security professional conducts internal training to teach their coworkers how to identify a social engineering attack. What types of security issues are they trying to avoid? Select all that apply.
- Phishing attacks
- Malicious software being deployed
- Employees inadvertently revealing sensitive data
Which of the following tasks are part of the security and risk management domain? Select all that apply.
- Compliance
- Defining security goals and objectives
- Business continuity
Which domain involves optimizing data security by ensuring that effective tools, systems, and processes are in place?
Security architecture and engineering
Which domain involves securing digital and physical assets, as well as managing the storage, maintenance, retention, and destruction of data?
Asset security
A security professional is auditing user permissions at their organization in order to ensure employees have the correct access levels. Which domain does this scenario describe?
Security assessment and testing
Which of the following tasks may be part of the identity and access management domain? Select all that apply.
- Setting up an employee’s access keycard
- Ensuring users follow established policies
- Controlling physical assets
Which domain involves conducting investigations and implementing preventive measures?
Security operations
Which of the following threats are examples of malware? Select two answers.
Worms, Viruses
What historical event used a malware attachment to steal user information and passwords?
LoveLetter attack
Fill in the blank: Social engineering is a manipulation technique that exploits _ error to gain access to private information.
human
Which of the following threats are most likely to occur in the event of a phishing attack? Select all that apply.
- Employees inadvertently revealing sensitive data
- Malicious software being deployed
Which domain involves defining security goals and objectives, risk mitigation, compliance, business continuity, and the law?
Security and risk management
Which domain involves optimizing data security by ensuring that effective tools, systems, and processes are in place?
Security architecture and engineering
Which of the following tasks may be part of the asset security domain? Select all that apply.
- Securing digital and physical assets
- Data storage and maintenance
- Proper disposal of digital assets
Which of the following tasks may be part of the security assessment and testing domain? Select all that apply.
- Collecting and analyzing data
- Conducting security audits
- Auditing user permissions
Which of the following tasks may be part of the security operations domain? Select all that apply.
- Implementing preventive measures
- Conducting investigations
- Investigating an unknown device that has connected to an internal network