Cyber Security Fundamentals
Cyber Security Fundamentals focuses on the introduction to the cybersecurity field and promotes the vision of the future of Cybersecurity. There's an overview of main concepts which provide the foundation for more in depth study over the course. Concepts, such as, Event Analysis, Network Defense in traditional and cloud environments, Application of Security Policies, Threat Tactics and Techniques, Continuous Monitoring and Response. Below is an example of a few key concepts: Network Visibility and Threat Identification.
Network Visibility
The visibility into any network is crucial for maintaining control over an expanding perimeter. It helps identify and eliminate blind spots and performance issues. It provides a comprehensive understanding of what is happening on the network, enabling maintenance of its security and efficiency. By keeping the topology current, an organization can identify all connected devices, running services, and potential attack paths for exploiting vulnerabilities and creating risk exposure. Continuous Monitoring and Vulnerability Assessments, and Privilege Management Policy will strengthen organizational security posture. The paper below analyzes the topology of computer devices connected to a small network as an example of maintaining network visibility.
The visibility into any network is crucial for maintaining control over an expanding perimeter. It helps identify and eliminate blind spots and performance issues. It provides a comprehensive understanding of what is happening on the network, enabling maintenance of its security and efficiency. By keeping the topology current, an organization can identify all connected devices, running services, and potential attack paths for exploiting vulnerabilities and creating risk exposure. Continuous Monitoring and Vulnerability Assessments, and Privilege Management Policy will strengthen organizational security posture. The paper below analyzes the topology of computer devices connected to a small network as an example of maintaining network visibility.
topology_map_.pdf |
Threat Identification
As an organization, it is important to understand the significance of confidentiality, integrity, and availability of data when it comes to cybersecurity. These key concepts are the foundation of the CIA triad. Knowing the potential threats to any of these concepts can help us evaluate the magnitude of a cybersecurity event or breach. Threat intelligence can be utilized to safeguard against various attacks and provide context such as who is attacking us, their motivation, capabilities, and the weaknesses they are looking for in our systems. This information empowers our decision-making process on how best to secure our systems and prioritize resources to protect critical infrastructure. The Threat Intelligence table below can help organizations understand their risk exposure and potential implications if the risks are successfully exploited.
threat_statement_table_.pdf |
Reflection
In this course, we delved into the history and development of cybersecurity engineering, while also exploring future trends. We established an initial understanding how leaders can enhance, support, and promote cybersecurity within the organization.
As part of my job, I help network teams develop a comprehensive vulnerability management program. This includes identifying and addressing potential security risks, both known and unknown. By establishing a secure network and having a plan in place for addressing vulnerabilities, teams can better protect their systems and data. Vulnerability Management team's responsibilities include conducting security assessments and leading discussions with stakeholders and senior executives to address security concerns. This course has been instrumental in improving my views and practices, enhancing our customers' experience, and envisioning a better future for vulnerability management. I was particularly interested in learning more about NIST guidance, SANS hands-on practices, and the Top 20 controls necessary to secure the business and ensure its ongoing operations.
Becoming a Cyber Security professional assumes high levels of professional and ethical responsibilities for both the organization you work for and the community at large. The Cyber Security Fundamentals course provides a foundation to build upon.
References:
Fisher, E. (2016, August 12) Cybersecurity Issues and Challenges: In Brief. Retrieved from://https://fas.org/sgp/crs/misc/R43831.pdf
Homeland Security (May, 2006) Control Systems Cyber Security: Defense in Depths Strategies. Retrieved from: https://www.energy.gov/sites/prod/files/oeprod/DocumentsandMedia/Defense_in_Depth_Strategies.pdf
SANS (n.d.) SANS Top 20 Controls. retrieved from https://www.cm-alliance.com/consultancy/compliance-gap-analysis/sans-top-20-controls/#:~:text=The%20SANS%2020%20Critical%20Security,as%20well%20as%20NSA%20priorities.