Cybersecurity 101

---

Security Controls: Compare and contrast technical, preventive, managerial, deterrent, operational, detective, physical, corrective, compensating, and directive controls.

Core Principles: Understand confidentiality, integrity, and availability (CIA); non-repudiation; AAA (authentication, authorization, and accounting); zero trust; and deception/disruption technologies.

Change Management: Explain change processes, technical impact, documentation requirements, and version control.

Cryptography Fundamentals: Apply PKI, encryption, obfuscation, hashing, digital signatures, and blockchain technologies.

 Governance: Define policies, standards, procedures, and roles; account for external frameworks and compliance requirements.
 

Risk Management: Identify, assess, analyze, and report on risks; understand tolerance, appetite, and mitigation strategies, including business impact analysis (BIA).
 

Third-Party Risk: Evaluate vendors, manage contracts, perform monitoring, and enforce engagement rules.
 

Security Compliance: Address reporting requirements, monitor compliance, and understand the consequences of non-compliance.
 

Audits & Assessments: Conduct internal/external audits, attestations, and penetration tests.
 

Security Awareness: Train users on phishing recognition, anomaly detection, proper reporting, and responsible behavior.

  Threat Actors & Motivations: Distinguish between nation-states, script kiddies, hacktivists, insiders, organized crime, shadow IT, and motivations such as espionage, data theft, and financial gain.
 

Attack Vectors & Surfaces: Identify vectors like phishing, unsecure networks, social engineering, malicious files, voice phishing, supply chain risks, and software vulnerabilities.
 

Vulnerabilities: Understand weaknesses in applications, hardware, mobile devices, virtual environments, OSs, cloud systems, web platforms, and supply chains.
 

Malicious Activities: Analyze various attack types: malware, password cracking, application exploits, physical intrusions, network threats, and cryptographic attacks.
 

Mitigation Strategies: Use segmentation, access controls, configuration baselines, system hardening, isolation, and patch management to reduce risk.
 

 Architecture Types: Compare on-premises, cloud, virtual environments, IoT, ICS, and infrastructure as code (IaC) models.
 

Enterprise Infrastructure: Apply security best practices to systems, access control, and secure communications.
 

Data Protection: Differentiate data types and apply appropriate protection methods and classifications.
 

Resiliency & Recovery: Understand high availability, disaster recovery, power systems, platform diversity, backups, and continuity planning.

 Computing Environments: Secure endpoints using baselines, mobile security, system hardening, wireless protocols, sandboxing, and application protection.
 

Asset Management: Track acquisition, disposal, assignment, and lifecycle of hardware, software, and data assets.
 

Vulnerability Management: Conduct vulnerability identification, analysis, remediation, validation, and reporting.
 

Monitoring & Alerting: Use monitoring tools to observe systems and detect anomalies.
 

Enterprise Security Tools: Implement and manage firewalls, IDS/IPS, DNS filtering, DLP, NAC, and endpoint detection tools (EDR/XDR).
 

Identity & Access Management (IAM): Deploy provisioning, MFA, SSO, and privilege access tools.
 

Automation & Orchestration: Understand use cases, benefits of scripting, and automation in security operations.
 

Incident Response: Apply incident handling procedures, conduct training and testing, analyze root causes, perform threat hunting, and carry out forensic investigations.
 

Data Sources for Investigations: Leverage logs and other data sources to support incident response.