Normal Termination (5 ways)

1. Return from main Function

Description: The main function completes its execution and returns control to the operating system.

Purpose: Normal completion of the program’s execution.

2. Calling exit() Function

• Description: Invoking the exit() function initiates program termination after performing cleanup processing, such as closing files and releasing memory.
• Purpose: Allows controlled shutdown of the program with resource cleanup.

3. Calling _exit or _Exit Function

• Description: These functions immediately return control to the kernel without performing any additional cleanup processing.
• Purpose: Useful when cleanup actions are unnecessary or would be redundant.

4. Return of the Last Thread from its Start Routine

• Description: In multi-threaded programs, when the last thread completes its execution, it triggers process termination.
• Purpose: Specific to handling multi-threaded scenarios where threads may have different lifespans.

5. Calling pthread_exit from the Last Thread

• Description: This function is called by the last remaining thread in a multi-threaded program to terminate the process.
• Purpose: Provides an explicit method for terminating a multi-threaded process when only one thread remains.

Abnormal Termination (3 ways)

1. Calling abort() Function

• Description: Causes immediate and abnormal termination of the program without any cleanup processing.
• Purpose: Typically used to indicate a critical error condition.

2. Receipt of a Signal

• Description: Certain signals received by the process can cause termination, such as SIGSEGV (segmentation fault) or SIGTERM (termination signal).
• Purpose: Handles exceptional conditions that require immediate termination.

3. Response of the Last Thread to a Cancellation Request

• Description: In multi-threaded programs, if the last thread responds to a cancellation request (via pthread_cancel), it can lead to process termination.
• Purpose: Specific to managing threads that may need to be terminated prematurely.

Additional Notes

• Differences Between exit, _exit, and _Exit:
• exit(): Performs cleanup processing specified by the C standard before termination.
• _exit(): Returns control to the kernel immediately without cleanup processing, as specified by POSIX.
• _Exit(): Similar to _exit(), but with uppercase, adheres to POSIX and does not perform cleanup processing.
• Multi-threaded Considerations:
• Methods 4, 5, and 8 are specific to multi-threaded programs, highlighting unique ways threads can influence process termination.

Conclusion

Understanding these termination methods is crucial for managing UNIX processes effectively, ensuring proper resource deallocation, and handling unexpected errors. Each method provides flexibility in how processes conclude their execution, catering to different programming needs and scenarios.

The Value of Experience:

A Clear Financial Trajectory Our journey begins with a pivotal factor in salary determination: experience. The data unequivocally shows that experience pays – literally. Entry-level positions, while foundational, offer modest compensation compared to their senior counterparts. Mid-level professionals see a significant leap in earnings, but it’s the senior-level experts who stand at the pinnacle of the salary pyramid. This gradient not only underscores the premium placed on seasoned expertise but also charts a clear financial trajectory for aspiring cybersecurity professionals.

The Employment Type Equation:

Full-Time vs. Contract The cybersecurity industry, diverse in its opportunities, offers various employment types. Full-time roles, the bedrock of organizational security teams, present stable and competitive compensation. However, contract positions, with their inherent flexibility and potential for specialization, also carve out a lucrative niche. The data reveals a nuanced landscape where each employment type has its financial merits, inviting professionals to weigh stability against flexibility.

Job Titles:

The Leaders of the Pack In the echelons of cybersecurity roles, certain positions emerge as particularly rewarding. Our analysis spotlights the top 10 job titles, from Cyber Security Consultants to Vulnerability Management Engineers, leading the pack in terms of average salaries. These roles, pivotal in architecting and maintaining the digital fortresses of organizations, command premiums that reflect their critical importance and the specialized skills they require.

The Company Size Spectrum:

Where Does One Fit Best? Lastly, we explore how the size of a company influences compensation. Large corporations, with their extensive resources and complex infrastructures, often offer higher salaries. Medium-sized companies balance scale with agility, presenting competitive compensation packages. Small firms, while sometimes limited in financial heft, offer unique growth opportunities and close-knit environments. This spectrum presents a choice for cybersecurity professionals: the allure of large-scale operations or the charm of small-scale impact.

In conclusion, "Cybersecurity Compensation Chronicles" sheds light on the multifaceted nature of remuneration in this critical field. For those navigating their career in cybersecurity, this narrative offers a compass – pointing towards factors that influence compensation and shaping decisions in a career marked by constant change and immense responsibility. As the industry evolves, so do the opportunities and rewards, promising a dynamic future for those who keep the digital world secure.

Domain one: Security and risk management

Every organization is required to establish a security posture. Security posture is the capacity of an organization to manage and respond to changes in its defense of critical assets and data. Aspects of the domain of security and risk management that influence the security posture of an organization include:

• Security goals and objectives
• Risk mitigation processes
• Compilance
• Business continuity plans
• Legal regulations
• Professional and organizational ethics

Information security, abbreviated InfoSec, pertains to a collection of procedures implemented with the purpose of safeguarding data. Depending on its requirements and risk perception, an organization may incorporate training and playbooks into its security and risk management program. Numerous InfoSec design processes exist, including:

• Incident Response
• Vulnerability Management
• Application Security
• Cloud Security
• Infrastracture Security

One potential scenario in which a security team might be required to modify the handling of personally identifiable information (PII) is to comply with the General Data Protection Regulation (GDPR) of the European Union.

Domain two: Asset security

Asset security encompasses the oversight of the cybersecurity procedures that pertain to the physical and virtual data storage, maintenance, retention, and eradication that comprise an organization’s assets. Due to the exposed nature of an organization and the increased risk posed by the loss or theft of assets, it is critical to maintain accurate records of both assets and the data they contain. The extent to which a security impact analysis is performed, a recovery strategy is developed, and data exposure is managed is contingent upon the risk level associated with a given asset. It may be necessary for security analysts to create backups of data in order to store, maintain, and retain it so that they can restore the environment in the event that a security incident compromises the organization’s data.

Domain three: Security architecture and engineering

This field is concerned with data security management. Implementing and maintaining efficient tools, systems, and processes is crucial for safeguarding the assets and data of an organization. Engineers and security architects design these procedures.

A critical element within this field pertains to the notion of shared responsibility. Shared responsibility entails that every participant actively contributes to the mitigation of risk throughout the security system design process. Additional domain-specific design principles, which will be elaborated upon later in the program, consist of the following:

• Threat modeling
• Least privilege
• Defence in depth
• Fail securely
• Seperation of duties
• Keep it simple
• Zero trust
• Trust but verify

Utilizing a security information and event management (SIEM) tool to monitor for indicators associated with unusual login or user activity that may indicate a threat actor is attempting to access private data is an example of data management.

Domain four: Communication and network security

This field is concerned with the administration and protection of physical networks and wireless communications. This includes cloud, on-site, and remote communications.

Organizations that have hybrid, on-site, and remote work environments must ensure data security; however, it is difficult to manage external connections to ensure that remote workers are accessing the organization’s networks securely. Implementing network security controls, such as restricting network access, can safeguard users and maintain the integrity of an organization’s network in situations involving remote work or employee travel.

Domain five: Identity and access management

The primary concern of the identity and access management (IAM) domain is the protection of data. It accomplishes this by assuring authorization for access to physical and logical assets and verifying and authenticating user identities. This prevents unauthorized access while permitting authorized users to carry out their duties.

IAM operates on the basis of the principle of least privilege, which entails granting access and authorization insofar as is strictly necessary to accomplish a given task. For instance, a cybersecurity analyst could be tasked with ensuring that customer service representatives are only permitted to access the customer’s private information, such as their phone number, during the resolution process. Once the customer’s issue has been resolved, access to the customer’s private data would be revoked.

Domain six: Security assessment and testing

The primary objective of the security assessment and testing domain is the detection and reduction of vulnerabilities, hazards, and risks. Security assessments assist organizations in determining the level of risk or security pertaining to their internal systems. Organizations may utilize penetration testers, commonly known as “pen testers,” to identify potential exploitable vulnerabilities by threat actors.

This domain implies that in addition to collecting and analyzing data, organizations should perform security control testing. Furthermore, it underscores the significance of performing security audits in order to detect and mitigate the likelihood of a data intrusion. In order to facilitate the completion of such endeavors, cybersecurity experts might be entrusted with the responsibility of auditing user permissions to verify that users possess the appropriate degrees of access to internal systems.

Domain seven: Security operations

The security operations domain is concerned with the post-security incident implementation of preventative measures and the investigation of potential data breaches. This involves implementing the following strategies, processes, and tools:

• Training and awarness
• Reporting and documentation
• Intrusion detection and prevention
• SIEM tools
• Log management
• Incident management
• Playbooks
• Post-breach forensics
• Reflecting on lessons learned

The cybersecurity experts engaged in this field collaborate harmoniously to oversee, avert, and examine potential dangers, weaknesses, and threats. These personnel have received specialized training to manage active assaults, which may involve unauthorized access to large volumes of data from the internal network of an organization, beyond regular business hours. After the identification of a threat, the team assiduously strives to safeguard confidential data and information against malicious actors.

Domain eight: Software development security

Developing secure applications through the implementation of secure programming practices and guidelines is the focus of the software development security domain. The delivery of secure and dependable services is facilitated by secure applications, thereby safeguarding organizations and their consumers.

Every phase of the software development life cycle — design, development, testing, and release — must incorporate security measures. Security must be considered at every stage of the software development process in order to be achieved. Ensuring security is not a secondary consideration.

Application security testing can aid in the detection and subsequent mitigation of vulnerabilities. It is essential to implement a testing system for the software’s embedded security measures, programming conventions, and executables. Involving quality assurance and penetration testing experts in the software development process is also critical for ensuring that the code meets security and performance requirements. An instance of this would be a pharmaceutical company employing an entry-level analyst tasked with ensuring that encryption is configured appropriately for a novel medical device designed to store confidential patient information.

Key takeaways

You gained a deeper understanding of the focal points of the eight CISSP security domains through this reading. Furthermore, you gained knowledge regarding InfoSec and the principle of least privilege. A comprehensive understanding of these security domains and associated concepts will facilitate your penetration into the realm of cybersecurity.

The Maximum Subarray problem is a classic challenge in the world of computer science and has become a staple in coding interviews and algorithmic studies. At its core, the problem is deceptively simple: given an array of integers, which can include both positive and negative numbers, the task is to find the contiguous subarray (containing at least one number) which has the largest sum.

This problem is not just an academic exercise; it has practical applications in various fields. For instance, in finance, it can be used to determine the best period to buy and sell stocks for maximum profit. Similarly, in data analysis, it helps in finding trends or periods of significant activity within a dataset.

Understanding the Problem:

he Maximum Subarray problem is a task in which you are given an array of integers. This array can contain both positive and negative numbers. The objective is to find a contiguous subsequence of the array that has the highest possible sum. In simpler terms, you need to identify a portion of the array where the total of its elements is maximized.

To break it down further:

• Contiguous Subsequence: This refers to a sequence of elements that are consecutive in the array. For example, in the array [3, -2, 5, -1], the elements [3, -2, 5] form a contiguous subsequence, as they appear in consecutive positions.
• Highest Possible Sum: This is the largest sum that can be obtained by adding together the elements of a contiguous subsequence. It is important to note that the sum can be a single element if all elements are negative or if the highest value is obtained from a single element.

For instance, consider the array [-2, -3, 4, -1, -2, 1, 5, -3]. The subarray with the maximum sum is [4, -1, -2, 1, 5], with a sum of 7.

The challenge and intrigue of the Maximum Subarray problem lie in efficiently computing this sum. While a naive approach might involve checking all possible contiguous subsequences (which becomes impractical for large arrays), more refined algorithms can find the solution more quickly, showcasing the importance of efficient algorithm design.

The Maximum Subarray problem is not just a theoretical challenge; it holds significant relevance in both coding interviews and various real-world applications, making it a critical concept for any programmer or data scientist.

In Coding Interviews:

• Assesses Problem-Solving Skills: This problem is a favorite in coding interviews because it effectively assesses a candidate’s problem-solving and algorithmic thinking skills. It challenges interviewees to think beyond the naive approach and to optimize for efficiency.
• Tests Knowledge of Algorithms and Data Structures: Solving the Maximum Subarray problem often requires a good understanding of algorithms and data structures, particularly when it comes to handling arrays and implementing dynamic programming concepts.
• Demonstrates Coding Proficiency: Efficient solutions to this problem require clean and concise coding, demonstrating a candidate’s coding proficiency and their ability to write optimized code.

In Real-World Applications:

• Financial Analysis: In finance, especially in stock market analysis, the Maximum Subarray problem can be used to determine the most profitable period to invest in stocks. This is analogous to finding a period where the net change of stock prices is maximized.
• Data Analysis: It’s also applicable in data analysis for detecting significant periods in datasets, like finding a time frame with the highest activity or concentration of events in sensor data or network traffic.
• Image Processing: In computer vision and image processing, variations of this problem help in detecting areas of images with maximum intensity or specific features, which is crucial in tasks like object detection and recognition.

Understanding and solving the Maximum Subarray problem is therefore not only crucial for acing coding interviews but also for solving complex, real-world problems efficiently. This dual relevance underscores the importance of mastering different approaches to this problem, as we will explore next.

The Brute Force Approach (O(n³) Time Complexity):

The first approach to solving the Maximum Subarray problem is what’s commonly known as the Brute Force method. This method is straightforward but is the least efficient in terms of computational complexity. It operates on the principle of checking every possible subarray within the given array and calculating its sum to find the maximum.

int best = 0;
for(int i = 0; i < size; i++) {
    for(int j = i; j < size; j++) {
        int sum = 0;
        for(int k = i; k <= j; k++) {
            sum += arr[k];
        }
        best = max(best, sum);
    }
}
printf("%d ", best);

How It Works:

• Iterating Over All Subarrays: The approach involves three nested loops. The first loop (let’s call it the i loop) starts from the beginning of the array. The second loop (the j loop) iterates over the array starting from the ith element to the end of the array. For each pair of i and j, the third loop (the k loop) sums up all elements from the ith to the jth element.
• Calculating the Sum: As the third loop iterates, it calculates the sum of the current subarray. After the sum is computed for a particular subarray, it is compared with the current maximum sum found so far. If it’s larger, it becomes the new maximum.
• Time Complexity: This approach has a time complexity of O(n³) because of the three nested loops, each of which can iterate n times in the worst case (where n is the size of the array).

In this code, size is the length of the array, and arr is the array itself. The variable best keeps track of the maximum sum found so far.

While this method is easy to understand and implement, its high time complexity makes it impractical for large arrays. It is a good starting point for understanding the problem, but in the following sections, we will explore more efficient solutions.

A Better Approach (O(n²) Time Complexity)

Moving from the brute force method, we come to a more efficient approach to solving the Maximum Subarray problem. This method significantly reduces the time complexity to O(n²) by eliminating one of the nested loops used in the brute force approach.

int best = 0;
for(int a = 0; a < size; a++) {
    int sum = 0;
    for(int b = a; b < size; b++) {
        sum += arr[b];
        best = max(best, sum);
    }
}
printf("%d ", best);

How It Works:

• Reducing the Number of Iterations: Unlike the brute force method, this approach only uses two nested loops. The outer loop (let’s call it the a loop) iterates through each element of the array, considering it as the starting point of a potential maximum subarray. The inner loop (the b loop) then iterates from the ath element to the end of the array, cumulatively adding each element to a sum.
• Cumulative Sum: As the inner loop progresses, it keeps a running total of the sum of elements from the ath element onwards. After each addition, it checks if this running total is greater than the current best (maximum) sum found so far and updates the best sum if necessary.
• Time Complexity: This method has a time complexity of O(n²) due to the two nested loops. Each loop can iterate n times in the worst case, but the elimination of the third loop significantly reduces the number of total operations compared to the brute force method.

In this snippet, size represents the length of the array arr. The variable sum stores the running total of the subarray starting at index a, and best is used to track the maximum sum found so far.

This approach, while more efficient than the brute force method, still faces limitations when dealing with very large arrays. However, it represents a significant step towards optimizing the solution to the Maximum Subarray problem. Next, we’ll explore the most efficient approach, which brings the time complexity down to O(n).

The Optimal Solution (O(n) Time Complexity)

The most efficient approach to solving the Maximum Subarray problem is a method that reduces the time complexity to O(n). This is achieved through a clever algorithm known as Kadane’s Algorithm. It stands out for its simplicity and efficiency, especially when dealing with large arrays.

How Kadane’s Algorithm Works:

int best = 0, sum = 0;
for(int k = 0; k < size; k++) {
    sum = max(arr[k], sum + arr[k]);
    best = max(best, sum);
}
printf("%d ", best);

In this code, size is the length of the array arr. The variable sum keeps track of the current subarray sum, while best is used to store the maximum sum found so far. The use of the max function ensures that the subarray sum is reset when it becomes negative and that the best sum is always updated with the highest value found.

• Single Pass Through the Array: Unlike the previous methods, Kadane’s Algorithm requires only a single loop that goes through the array once. This loop keeps track of the current subarray sum and the overall maximum sum found so far.
• Maximizing the Subarray Sum: As the loop iterates through the array, it adds each element to the current subarray sum. If the current subarray sum becomes negative, it resets it to zero, effectively starting a new subarray. This step ensures that only subarrays with positive contributions to the total sum are considered.
• Updating the Maximum Sum: After each addition to the subarray sum, the algorithm checks if this new sum is greater than the current maximum sum and updates it if necessary.
• Time Complexity: The time complexity of Kadane’s Algorithm is O(n), as it involves only a single loop through the array, making it significantly more efficient than the previous two methods.

Kadane’s Algorithm is not only efficient but also elegant. Its ability to solve the Maximum Subarray problem in linear time makes it the preferred choice in both practical applications and coding interviews. Its simplicity and effectiveness underscore the beauty of optimal algorithm design.

Comparative Analysis:

To fully appreciate the progression from the brute force method to Kadane’s Algorithm, it’s beneficial to compare these approaches in terms of their time complexity and practicality. This comparison will illustrate why certain methods are preferred over others, especially in specific scenarios like coding interviews or real-world applications.

Summary of Comparison:

• As the size of the array increases, the time taken by the brute force and the improved O(n²) approach increases dramatically compared to Kadane’s Algorithm.
• In practical scenarios, especially with larger datasets, Kadane’s Algorithm is significantly superior due to its ability to handle large arrays efficiently.
• In coding interviews, understanding and explaining Kadane’s Algorithm showcases a candidate’s grasp of efficient algorithm design and problem-solving skills.

Practical Applications:

The Maximum Subarray problem is not just a theoretical puzzle; it has significant practical applications in various real-world scenarios. Understanding how to efficiently solve this problem can be crucial in sectors like financial analysis, data science, and even in areas like computer vision.

1. Financial Analysis:

• Stock Market Analysis: Perhaps the most direct application of the Maximum Subarray problem is in the financial sector, particularly in stock market analysis. The problem is analogous to finding the best time to buy and sell stocks to maximize profit. Given a series of daily stock prices, the task is to determine the period during which purchasing and then selling the stock would lead to the highest possible profit.
• Risk Assessment: It can also be used in assessing the risk of investment portfolios over time by identifying periods of maximum drawdown or greatest loss, which is crucial for risk management and strategic planning.

2. Data Analysis:

• Trend Detection in Time Series Data: In data science, particularly in analyzing time series data, the Maximum Subarray problem helps in identifying periods of significant trends or activities. For instance, finding the time frame with the highest average temperature, the most sales, or the greatest number of website visits.
• Signal Processing: In signal processing, this problem assists in detecting the segment of a signal that has the highest amplitude or energy, which is important in areas like audio processing and communication systems.

3. Computer Vision:

• Image Analysis: In computer vision, variations of this problem are used to identify areas of an image with maximum intensity or specific features, which is critical in tasks like object detection, pattern recognition, and feature extraction.

4. Genomics:

• Bioinformatics: In genomics and bioinformatics, the Maximum Subarray problem can be employed to find segments of DNA or protein sequences that have specific characteristics, like the highest concentration of a certain nucleotide or amino acid.

Conclusion:

Grasping multiple methods to solve a problem equips you with a broader perspective, enabling you to choose the most suitable solution based on the context, such as the size of the dataset. Understanding different approaches is critical in developing versatile problem-solving skills, a trait highly valued in many fields, especially in technology and research.

I encourage you to practice implementing these solutions. Start with the brute force method and work your way up to Kadane’s Algorithm. This practice will not only solidify your understanding but also improve your coding skills. Try applying these methods to real-world datasets. Observe the differences in performance and accuracy, and reflect on how choosing the right algorithm can make a significant difference.

Options for creating your portfolio :

There are many ways to present a portfolio, including self-hosted and online options such as:

• Documents folder
• Google Drive or Dropbox™
• Google Sites
• Git repository

Option 1: Documents folder

A documents folder is a folder created and saved to your computer’s hard drive. You manage the folder, subfolders, documents, and images within it.

Document folders allow you to have direct access to your documentation. Ensuring that your professional documents, images, and other information are well organized can save you a lot of time when you’re ready to apply for jobs. For example, you may want to create a main folder titled something like “Professional documents.” Then, within your main folder, you could create subfolders with titles such as:

• Resume
• Education
• Portfolio documents
• Cybersecurity tools
• Programming

Option 2: Google Drive or Dropbox

Google Drive and Dropbox offer similar features that allow you to store your professional documentation on a cloud platform. Both options also have file-sharing features, so you can easily share your portfolio documents with potential employers. Any additions or changes you make to a document within that folder will be updated automatically for anyone with access to your portfolio.

Similar to a documents folder, keeping your Google Drive or Dropbox-based portfolio well organized will be helpful as you begin or progress through your career.

Option 3: Google Sites

Google Sites and similar website hosting options have a variety of easy-to-use features to help you present your portfolio items, including customizable layouts, responsive webpages, embedded content capabilities, and web publishing.

Responsive webpages automatically adjust their content to fit a variety of devices and screen sizes. This is helpful because potential employers can review your content using any device and your media will display just as you intend. When you’re ready, you can publish your website and receive a unique URL. You can add this link to your resume so hiring managers can easily access your work.

Option 4: Git repository

A Git repository is a folder within a project. In this instance, the project is your portfolio, and you can use your repository to store the documents, labs, and screenshots you complete during each course of the certificate program. There are several Git repository sites you can use, including:

• GitLab
• Bitbucket™
• GitHub

Each Git repository allows you to showcase your skills and knowledge in a customizable space. To create an online project portfolio on any of the repositories listed, you need to use a version of Markdown.

Portfolio projects :

• Drafting a professional statement
• Conducting a security audit
• Analyzing network structure and security
• Using Linux commands to manage file permissions
• Applying filters to SQL queries
• Identifying vulnerabilities for a small business
• Documenting incidents with an incident handler’s journal
• Importing and parsing a text file in a security-related scenario
• Creating or revising a resume

Note: Do not include any private, copyrighted, or proprietary documents in your portfolio. Also, if you use one of the sites described in this reading, keep your site set to “private” until it is finalized.

Security frameworks provide a systematic approach to addressing security concerns by outlining essential components of a comprehensive security strategy. They offer a framework for defining security goals, establishing policies and standards, and implementing effective security processes. By adhering to these frameworks, organizations can streamline their security efforts and align them with industry best practices.

One of the key advantages of security frameworks is their adaptability to various organizational needs and regulatory requirements. Whether an organization operates in the healthcare, finance, or retail sector, there are specialized frameworks available to address specific industry challenges and compliance mandates. These frameworks provide a roadmap for implementing appropriate security measures tailored to the organization’s unique risk profile.

Within the framework framework, security controls play a crucial role in mitigating specific risks and vulnerabilities. These controls serve as safeguards against unauthorized access, data breaches, and other security incidents. By implementing a combination of administrative, technical, and physical controls, organizations can create layers of defense to protect their assets from potential threats.

Furthermore, security controls facilitate ongoing monitoring and assessment of security posture, allowing organizations to identify emerging threats and vulnerabilities proactively. Through continuous monitoring and evaluation, security analysts can fine-tune security controls to adapt to evolving threat landscapes and regulatory requirements.

a security lifecycle is a constantly evolving set of policies and standards.

How controls, frameworks, and compliance are related:

The confidentiality, integrity, and availability (CIA) triad is a model that helps inform how organizations consider risk when setting up systems and security policies.

CIA are the three foundational principles used by cybersecurity professionals to establish appropriate controls that mitigate threats, risks, and vulnerabilities.

Security frameworks are guidelines used for building plans to help mitigate risks and threats to data and privacy. They have four core components:

1. Identifying and documenting security goals
2. Setting guidelines to achieve security goals
3. Implementing strong security processes
4. Monitoring and communicating results

Compliance is the process of adhering to internal standards and external regulations.

Specific controls, frameworks, and compliance

The National Institute of Standards and Technology (NIST) is a U.S.-based agency that develops multiple voluntary compliance frameworks that organizations worldwide can use to help manage risk. The more aligned an organization is with compliance, the lower the risk.

Examples of frameworks include the NIST Cybersecurity Framework (CSF) and the NIST Risk Management Framework (RMF).

Note: Specifications and guidelines can change depending on the type of organization you work for.

The Federal Energy Regulatory Commission — North American Electric Reliability Corporation (FERC-NERC)

FERC-NERC is a regulation that applies to organizations that work with electricity or that are involved with the U.S. and North American power grid. These types of organizations have an obligation to prepare for, mitigate, and report any potential security incident that can negatively affect the power grid. They are also legally required to adhere to the Critical Infrastructure Protection (CIP) Reliability Standards defined by the FERC.

The Federal Risk and Authorization Management Program (FedRAMP®)

FedRAMP is a U.S. federal government program that standardizes security assessment, authorization, monitoring, and handling of cloud services and product offerings. Its purpose is to provide consistency across the government sector and third-party cloud providers.

Center for Internet Security (CIS®)

CIS is a nonprofit with multiple areas of emphasis. It provides a set of controls that can be used to safeguard systems and networks against attacks. Its purpose is to help organizations establish a better plan of defense. CIS also provides actionable controls that security professionals may follow if a security incident occurs.

General Data Protection Regulation (GDPR)

GDPR is a European Union (E.U.) general data regulation that protects the processing of E.U. residents’ data and their right to privacy in and out of E.U. territory. For example, if an organization is not being transparent about the data they are holding about an E.U. citizen and why they are holding that data, this is an infringement that can result in a fine to the organization. Additionally, if a breach occurs and an E.U. citizen’s data is compromised, they must be informed. The affected organization has 72 hours to notify the E.U. citizen about the breach.

Payment Card Industry Data Security Standard (PCI DSS)

PCI DSS is an international security standard meant to ensure that organizations storing, accepting, processing, and transmitting credit card information do so in a secure environment. The objective of this compliance standard is to reduce credit card fraud.

The Health Insurance Portability and Accountability Act (HIPAA)

HIPAA is a U.S. federal law established in 1996 to protect patients’ health information. This law prohibits patient information from being shared without their consent. It is governed by three rules:

1. Privacy
2. Security
3. Breach notification

Organizations that store patient data have a legal obligation to inform patients of a breach because if patients’ Protected Health Information (PHI) is exposed, it can lead to identity theft and insurance fraud. PHI relates to the past, present, or future physical or mental health or condition of an individual, whether it’s a plan of care or payments for care. Along with understanding HIPAA as a law, security professionals also need to be familiar with the Health Information Trust Alliance (HITRUST®), which is a security framework and assurance program that helps institutions meet HIPAA compliance.

International Organization for Standardization (ISO)

ISO was created to establish international standards related to technology, manufacturing, and management across borders. It helps organizations improve their processes and procedures for staff retention, planning, waste, and services.

System and Organizations Controls (SOC type 1, SOC type 2)

The American Institute of Certified Public Accountants® (AICPA) auditing standards board developed this standard. The SOC1 and SOC2 are a series of reports that focus on an organization’s user access policies at different organizational levels such as:

• Associate
• Supervisor
• Manager
• Executive
• Vendor
• Others

They are used to assess an organization’s financial compliance and levels of risk. They also cover confidentiality, privacy, integrity, availability, security, and overall data safety. Control failures in these areas can lead to fraud.

That’s roughly the same order of magnitude as one disk drive for every person in the world.

The New York Stock Exchange generates approximately one terabyte of trade data per day, Facebook hosts a petabyte of photo data, Ancestry.com stores 2.5 petabytes of data, the Internet Archive grows at a rate of 20 terabytes per month, and the Large Hadron Collider produces 15 petabytes annually. These are just a few of the sources of this enormous amount of data. The emergence of “Big Data” is not limited to big organisations or businesses. One example is the rate at which data is being created by personal digital photography compared to earlier generations. Initiatives such as Microsoft Research’s MyLifeBits demonstrate how people’s digital footprints are growing, recording interactions and producing large amounts of data. The increasing volume of data is largely being driven by machine-generated data, such as logs, RFID readings, sensor networks, GPS traces, and retail transactions. An increasing amount of data is available to the public thanks to programmes like Amazon Web Services’ Public Data Sets and others that make it easier to share data for research and develop new applications like the Astrometry.net project. More data can sometimes be more useful than more complex algorithms in certain fields, particularly recommendation systems. Although the availability of “Big Data” is a good thing, efficiently storing and analysing such a large volume of data presents certain difficulties.

Data Storage and Analysis :

Over time, hard drive storage capacities have grown dramatically, but access speeds — the speed at which data can be read — have not kept up. A 1990 drive with 1370 MB of capacity, for example, could read the entire drive’s contents in around five minutes thanks to its 4.4 MB/s transfer rate. A full read on a modern one terabyte drive, on the other hand, requires more than 2.5 hours at a transfer speed of 100 MB/s.

Utilising many drives in parallel is a workable way to shorten the time it takes to retrieve data. For instance, the read time might be significantly lowered to less than two minutes by spreading the data among 100 discs.

The chance of failure increases with the increased utilisation of many hardware components. Data replication solutions, such as RAID systems and the Hadoop Distributed Filesystem (HDFS), which maintain redundant data copies, are used to prevent data loss.

Combining data from several sources is necessary for data analysis, and this is a difficult process in distributed systems. This is addressed by the MapReduce programming model, which splits the process into “map” and “reduce” stages and abstracts data analysis into a calculation over sets of keys and values. Additionally, this model has built-in dependability.

These problems are addressed by Hadoop, which at its heart consists of two robust storage systems (HDFS and MapReduce) for analysis purposes.

Comparisons with Other Systems

RDBMS:

• Normalization enhances data integrity and reduces redundancy in relational databases. However, it complicates operations in MapReduce by making record retrieval a non-local operation, conflicting with MapReduce’s assumption of efficient streaming reads/writes.
• Non-normalized data, like web server logs where client hostnames are repeated, is well-suited for MapReduce analysis due to the simplicity of processing such records.
• The MapReduce programming model is linearly scalable, relying on two functions (map and reduce) to transform key-value pairs. These functions are agnostic to data size or cluster capacity, offering consistent performance scaling.
• Doubling the input data size slows down job execution proportionally. Conversely, doubling the cluster size can maintain original job execution speed, showcasing linear scalability not typically seen with SQL queries.
• Over time, the distinction between relational databases and MapReduce systems is diminishing. Relational databases are integrating MapReduce features (e.g., Aster Data, Greenplum), while MapReduce benefits from higher-level query languages (e.g., Pig, Hive) making it more accessible to database professionals.

Grid Computing :

• High Performance Computing (HPC) and Grid Computing use APIs like MPI (Message Passing Interface) to distribute work across a cluster accessing a shared filesystem. This approach is efficient for compute-intensive jobs but struggles with large data volumes due to network bandwidth limitations.
• MapReduce enhances performance by colocating data with compute nodes, minimizing data access time and preserving network bandwidth. This principle of data locality is central to its efficiency, especially in handling large data volumes where it outperforms traditional HPC/Grid Computing methods.
• Recognizing network bandwidth as a critical constraint, MapReduce models network topology to optimize data flow and reduce unnecessary data transfer, preserving bandwidth.
• Unlike MPI, which requires explicit management of data flow and low-level programming, MapReduce abstracts the data flow, allowing programmers to focus on key-value pair functions, simplifying the development process.
• MapReduce automatically handles partial failures and task rescheduling, unlike MPI where programmers need to manage checkpointing and recovery. This shared-nothing architecture ensures high resilience and fault tolerance.
• The architecture ensures that tasks do not depend on each other, simplifying the rerunning of failed tasks. This is crucial for maintaining efficiency and reliability in large-scale computations.
• Despite seeming restrictive, MapReduce supports a wide range of applications beyond its original use case at Google for building search indexes. It has been successfully applied to image analysis, graph-based problems, and machine learning, showcasing its versatility as a general data-processing tool.

Volunteer Computing:

• SETI@home utilizes volunteer computing, harnessing CPU time from idle computers worldwide for projects like analyzing radio telescope data. In contrast, Hadoop/MapReduce runs on dedicated hardware in data centers.
• Projects like SETI@home divide tasks into work units distributed to volunteers globally, which are then processed independently and returned upon completion. This method includes precautions against cheating by requiring multiple matching analyses for acceptance.
• SETI@home tasks are CPU-intensive and suited for distribution across many computers due to the minimal data transfer involved relative to computation time. MapReduce, however, prioritizes data locality, running computations near data storage to minimize data transfer times and maximize efficiency.
• MapReduce operates within a single data center environment, characterized by high bandwidth and trusted, reliable hardware. Conversely, SETI@home relies on a heterogeneous, global network of untrusted, volunteer computers with variable connection speeds.
• MapReduce is optimized for jobs lasting minutes to hours, leveraging the high-bandwidth connections within data centers. SETI@home supports continuous computations over an extensive network of home computers, making it suitable for long-term, distributed projects.
• Volunteers for SETI@home and similar projects donate CPU cycles rather than bandwidth, focusing on computational contributions. MapReduce’s efficiency, in contrast, relies on optimizing bandwidth usage within the constraints of a data center’s network topology.

One pivotal moment was the LoveLetter virus attack in 2000, which exploited social engineering tactics to trick users into spreading malware through email. This incident not only caused extensive damage, estimated at over $10 billion, but also underscored the effectiveness of manipulating human psychology to breach digital security. The LoveLetter virus was a stark reminder of the need for heightened awareness and skepticism towards unsolicited digital communications, marking the beginning of widespread recognition of social engineering as a significant cybersecurity threat.

Equally transformative was the Equifax breach of 2017, one of the largest data breaches in history, which exposed sensitive information of over 143 million individuals. This breach was not the result of a singular vulnerability but rather a series of overlooked security lapses. The aftermath, leading to a settlement exceeding $575 million, highlighted the financial and reputational devastation that can follow inadequate cybersecurity practices. It served as a wake-up call to organizations worldwide about the dire consequences of neglecting cybersecurity maintenance and the imperative of proactive vulnerability management.

These incidents illustrate not just the evolving nature of cyber threats but also the critical importance of adopting a multifaceted approach to cybersecurity. This includes not only technological defenses but also education and training to mitigate human error and social engineering exploits. Additionally, they underscore the need for rigorous security protocols and regular updates to safeguard against both known and emerging vulnerabilities.

Common attacks and their effectiveness

Phishing

Phishing is the use of digital communications to trick people into revealing sensitive data or deploying malicious software.

Some of the most common types of phishing attacks today include:

• Business Email Compromise (BEC): A threat actor sends an email message that seems to be from a known source to make a seemingly legitimate request for information, in order to obtain a financial advantage.
• Spear phishing: A malicious email attack that targets a specific user or group of users. The email seems to originate from a trusted source.
• Whaling: A form of spear phishing. Threat actors target company executives to gain access to sensitive data.
• Vishing: The exploitation of electronic voice communication to obtain sensitive information or to impersonate a known source.
• Smishing: The use of text messages to trick users, in order to obtain sensitive information or to impersonate a known source.

Malware

Malware is software designed to harm devices or networks. There are many types of malware. The primary purpose of malware is to obtain money, or in some cases, an intelligence advantage that can be used against a person, an organization, or a territory.

Some of the most common types of malware attacks today include:

• Viruses: Malicious code written to interfere with computer operations and cause damage to data and software. A virus needs to be initiated by a user (i.e., a threat actor), who transmits the virus via a malicious attachment or file download. When someone opens the malicious attachment or download, the virus hides itself in other files in the now infected system. When the infected files are opened, it allows the virus to insert its own code to damage and/or destroy data in the system.
• Worms: Malware that can duplicate and spread itself across systems on its own. In contrast to a virus, a worm does not need to be downloaded by a user. Instead, it self-replicates and spreads from an already infected computer to other devices on the same network.
• Ransomware: A malicious attack where threat actors encrypt an organization’s data and demand payment to restore access.
• Spyware: Malware that’s used to gather and sell information without consent. Spyware can be used to access devices. This allows threat actors to collect personal data, such as private emails, texts, voice and image recordings, and locations.

Social Engineering

Social engineering is a manipulation technique that exploits human error to gain private information, access, or valuables. Human error is usually a result of trusting someone without question. It’s the mission of a threat actor, acting as a social engineer, to create an environment of false trust and lies to exploit as many people as possible.

Some of the most common types of social engineering attacks today include:

• Social media phishing: A threat actor collects detailed information about their target from social media sites. Then, they initiate an attack.
• Watering hole attack: A threat actor attacks a website frequently visited by a specific group of users.
• USB baiting: A threat actor strategically leaves a malware USB stick for an employee to find and install, to unknowingly infect a network.
• Physical social engineering: A threat actor impersonates an employee, customer, or vendor to obtain unauthorized access to a physical location.

Social engineering principles

Social engineering is incredibly effective. This is because people are generally trusting and conditioned to respect authority. The number of social engineering attacks is increasing with every new social media application that allows public access to people’s data. Although sharing personal data — such as your location or photos — can be convenient, it’s also a risk.

Reasons why social engineering attacks are effective include:

• Authority: Threat actors impersonate individuals with power. This is because people, in general, have been conditioned to respect and follow authority figures.
• Intimidation: Threat actors use bullying tactics. This includes persuading and intimidating victims into doing what they’re told.
• Consensus/Social proof: Because people sometimes do things that they believe many others are doing, threat actors use others’ trust to pretend they are legitimate. For example, a threat actor might try to gain access to private data by telling an employee that other people at the company have given them access to that data in the past.
• Scarcity: A tactic used to imply that goods or services are in limited supply.
• Familiarity: Threat actors establish a fake emotional connection with users that can be exploited.
• Trust: Threat actors establish an emotional relationship with users that can be exploited over time. They use this relationship to develop trust and gain personal information.
• Urgency: A threat actor persuades others to respond quickly and without questioning.

Exploring the CISSP Security Domains:

The CISSP framework categorizes core security principles into eight domains, each focusing on a specific area of security.

1. Security and Risk Management serves as the cornerstone, emphasizing the establishment of security goals, risk mitigation strategies, compliance with regulations, and business continuity planning. This domain ensures that organizations are not only compliant with laws like HIPAA but also prepared for any eventualities that may disrupt business operations.
2. Asset Security focuses on the protection of both digital and physical assets. It encompasses the lifecycle management of data, including its storage, maintenance, retention, and secure disposal. This domain is crucial for preventing unauthorized access to sensitive information and ensuring that outdated equipment does not become a security liability.
3. Security Architecture and Engineering delves into the technical aspects of cybersecurity, advocating for the design and implementation of robust security systems, tools, and processes. From configuring firewalls to safeguard network traffic, this domain is about creating a secure infrastructure that can withstand and repel cyber threats.
4. Communication and Network Security addresses the safeguarding of network infrastructure and the secure management of data in transit. It involves the analysis of network usage to prevent vulnerabilities, such as unsecured wireless connections, which could expose the organization to cyber-attacks.
5. Identity and Access Management emphasizes the critical role of controlling access to both physical and digital assets within an organization. By meticulously managing and verifying user identities and their access roles, organizations can significantly mitigate unauthorized access risks.
6. Security Assessment and Testing outlines the processes involved in evaluating the effectiveness of security measures. Regular audits and testing of security controls are essential to identify and rectify potential vulnerabilities before they can be exploited.
7. Security Operations focuses on the proactive and reactive measures necessary to protect organizational assets. This includes conducting investigations into security incidents and implementing strategies to prevent future threats.
8. Software Development Security highlights the importance of integrating security principles into the software development lifecycle. Ensuring that applications are built with security in mind from the outset can prevent many of the vulnerabilities that attackers exploit.

Identify the nature of the assault:

Attack types

Password attack

A password attack is an attempt to access password-secured devices, systems, networks, or data. Some forms of password attacks that you’ll learn about later in the certificate program are:

• Brute force
• Rainbow table

Password attacks fall under the communication and network security domain.

Social engineering attack

Social engineering is a manipulation technique that exploits human error to gain private information, access, or valuables. Some forms of social engineering attacks that you will continue to learn about throughout the program are:

• Phishing
• Smishing
• Vishing
• Spear phishing
• Whaling
• Social media phishing
• Business Email Compromise (BEC)
• Watering hole attack
• USB (Universal Serial Bus) baiting
• Physical social engineering

Social engineering attacks are related to the security and risk management domain.

Physical attack

A physical attack is a security incident that affects not only digital but also physical environments where the incident is deployed. Some forms of physical attacks are:

• Malicious USB cable
• Malicious flash drive
• Card cloning and skimming

Physical attacks fall under the asset security domain.

Adversarial artificial intelligence

Adversarial artificial intelligence is a technique that manipulates artificial intelligence and machine learning technology to conduct attacks more efficiently. Adversarial artificial intelligence falls under both the communication and network security and the identity and access management domains.

Supply-chain attack

A supply-chain attack targets systems, applications, hardware, and/or software to locate a vulnerability where malware can be deployed. Because every item sold undergoes a process that involves third parties, this means that the security breach can occur at any point in the supply chain. These attacks are costly because they can affect multiple organizations and the individuals who work for them. Supply-chain attacks can fall under several domains, including but not limited to the security and risk management, security architecture and engineering, and security operations domains.

Cryptographic attack

A cryptographic attack affects secure forms of communication between a sender and intended recipient. Some forms of cryptographic attacks are:

• Birthday
• Collision
• Downgrade

Cryptographic attacks fall under the communication and network security domain.

Understand attackers

Threat actor types

Advanced persistent threats

Advanced persistent threats (APTs) have significant expertise accessing an organization’s network without authorization. APTs tend to research their targets (e.g., large corporations or government entities) in advance and can remain undetected for an extended period of time. Their intentions and motivations can include:

• Damaging critical infrastructure, such as the power grid and natural resources
• Gaining access to intellectual property, such as trade secrets or patents

Insider threats

Insider threats abuse their authorized access to obtain data that may harm an organization. Their intentions and motivations can include:

• Sabotage
• Corruption
• Espionage
• Unauthorized data access or leaks

Hacktivists

Hacktivists are threat actors that are driven by a political agenda. They abuse digital technology to accomplish their goals, which may include:

• Demonstrations
• Propaganda
• Social change campaigns
• Fame

Hacker types

A hacker is any person who uses computers to gain access to computer systems, networks, or data. They can be beginner or advanced technology professionals who use their skills for a variety of reasons. There are three main categories of hackers:

• Authorized hackers are also called ethical hackers. They follow a code of ethics and adhere to the law to conduct organizational risk evaluations. They are motivated to safeguard people and organizations from malicious threat actors.
• Semi-authorized hackers are considered researchers. They search for vulnerabilities but don’t take advantage of the vulnerabilities they find.
• Unauthorized hackers are also called unethical hackers. They are malicious threat actors who do not follow or respect the law. Their goal is to collect and sell confidential data for financial gain.

Note: There are multiple hacker types that fall into one or more of these three categories.

New and unskilled threat actors have various goals, including:

• To learn and enhance their hacking skills
• To seek revenge
• To exploit security weaknesses by using existing malware, programming scripts, and other tactics

Other types of hackers are not motivated by any particular agenda other than completing the job they were contracted to do. These types of hackers can be considered unethical or ethical hackers. They have been known to work on both illegal and legal tasks for pay.

There are also hackers who consider themselves vigilantes. Their main goal is to protect the world from unethical hackers.

Glossary terms

Adversarial artificial intelligence (AI): A technique that manipulates artificial intelligence (AI) and machine learning (ML) technology to conduct attacks more efficiently

Business Email Compromise (BEC): A type of phishing attack where a threat actor impersonates a known source to obtain financial advantage

CISSP: Certified Information Systems Security Professional is a globally recognized and highly sought-after information security certification, awarded by the International Information Systems Security Certification Consortium

Computer virus: Malicious code written to interfere with computer operations and cause damage to data and software

Cryptographic attack: An attack that affects secure forms of communication between a sender and intended recipient

Hacker: Any person who uses computers to gain access to computer systems, networks, or data

Malware: Software designed to harm devices or networks

Password attack: An attempt to access password secured devices, systems, networks, or data

Phishing: The use of digital communications to trick people into revealing sensitive data or deploying malicious software

Physical attack: A security incident that affects not only digital but also physical environments where the incident is deployed

Physical social engineering: An attack in which a threat actor impersonates an employee, customer, or vendor to obtain unauthorized access to a physical location

Social engineering: A manipulation technique that exploits human error to gain private information, access, or valuables

Social media phishing: A type of attack where a threat actor collects detailed information about their target on social media sites before initiating the attack

Spear phishing: A malicious email attack targeting a specific user or group of users, appearing to originate from a trusted source

Supply-chain attack: An attack that targets systems, applications, hardware, and/or software to locate a vulnerability where malware can be deployed

USB baiting: An attack in which a threat actor strategically leaves a malware USB stick for an employee to find and install to unknowingly infect a network

Virus: refer to “computer virus”

Vishing: The exploitation of electronic voice communication to obtain sensitive information or to impersonate a known source

Watering hole attack: A type of attack when a threat actor compromises a website frequently visited by a specific group of users

The Essence of Cybersecurity (or Security):

The practice of ensuring confidentiality, integrity, and availability of information by protecting networks, devices, people, and data from unauthroised access or criminal exploitation.

One example of maintaining security is using complex passwords, they make sure having confidentiality to access sites and services, very difficult to threat actor compromising them.

Threat Actor: Any person or group who presents as a security risk.

Benfits of Security:

• Protects against external and internal threats.

external threats: some one or group from outside of the organization trying to access network, devices, or information.

internal threats: Threats from current, previous employees or external vendors, or trusted partnes. Most of the internal threats are accidental like clicking the harmful link accidentlly.

• Meets regulatory compilance

Understanding pertinent laws, carrying out risk assessments, putting protective controls in place, educating staff, carrying out routine audits and continuous monitoring, having an incident response plan, and keeping thorough records and reporting are all necessary to comply with cybersecurity regulations.

• Maintain and Improve Business Productivity

By defending against data breaches and (cyber)attacks and guaranteeing the availability and integrity of vital data and systems, (cyber)security increases corporate productivity. It maintains operational efficiency by reducing downtime brought on by security events. In addition to increasing consumer trust and loyalty, effective (cyber)security practices are essential for long-term business success.

• Reduce expenses

By averting pricey data breaches and attacks, which can cause large financial losses, legal bills, and reputational harm,(cyber)security helps cut costs. Businesses can avoid the expensive recovery and downtime expenses by taking precautions against these risks.

• Maintaining brand trust

Because it makes sure consumer data is safe from breaches and secure, (cyber)security is essential to preserving brand confidence. Customers become more confident in the company as a result of knowing that their private information is secure. In the digital age, customers place a growing amount of importance on a company’s dedication to security and privacy, which is demonstrated by effective (cyber)security measures. A brand may preserve its reputation and client loyalty by preventing data leaks and (cyber)attacks.

Common Job titles:

• Security analyst or specialist
• Cybersecurity analyst or specialist
• Security Operations Center(SOC) analyst
• Information Security analyst

Responsibilities of Entry-level security analyst:

In the evolving landscape of digital security, entry-level security analysts play a pivotal role.

Key responsibilities:

1. Monitoring and Protecting Systems: Analysts are the first responders to threats within an organization’s network, actively monitoring and responding to potential security breaches.
2. Proactive Threat Prevention: They work closely with IT teams to install prevention software, aiding in risk identification and vulnerability mitigation.
3. Supporting Software and Hardware Development: Security analysts collaborate with development teams to ensure product security, setting up systems and processes for data protection.
4. Conducting Security Audits: Regular audits are essential, reviewing security practices and ensuring that sensitive information like passwords is securely managed.

Key Cybersecurity terms and concepts:

Proficiency in numerous terminologies and concepts is crucial for security professionals. Knowing them will make it easier for you to recognise the dangers that could endanger both individuals and organisations. The primary responsibility of a security or cybersecurity analyst is to keep an eye out for network breaches. In order to stay vigilant and knowledgeable about potential threats, they also assist in the development of organisational security strategies and do research on information technology (IT) security trends. An analyst also strives to avert incidents. To perform these kinds of activities efficiently, analysts must become knowledgeable about the following essential ideas.

Compliance is the process of adhering to internal standards and external regulations and enables organizations to avoid fines and security breaches.

Security frameworks are guidelines used for building plans to help mitigate risks and threats to data and privacy.

Security controls are safeguards designed to reduce specific security risks. They are used with security frameworks to establish a strong security posture.

Security posture is an organization’s ability to manage its defense of critical assets and data and react to change. A strong security posture leads to lower risk for the organization.

A threat actor, or malicious attacker, is any person or group who presents a security risk. This risk can relate to computers, applications, networks, and data.

An internal threat can be a current or former employee, an external vendor, or a trusted partner who poses a security risk. At times, an internal threat is accidental. For example, an employee who accidentally clicks on a malicious email link would be considered an accidental threat. Other times, the internal threat actor intentionally engages in risky activities, such as unauthorized data access.

Network security is the practice of keeping an organization’s network infrastructure secure from unauthorized access. This includes data, services, systems, and devices that are stored in an organization’s network.

Cloud security is the process of ensuring that assets stored in the cloud are properly configured, or set up correctly, and access to those assets is limited to authorized users. The cloud is a network made up of a collection of servers or computers that store resources and data in remote physical locations known as data centers that can be accessed via the internet. Cloud security is a growing subfield of cybersecurity that specifically focuses on the protection of data, applications, and infrastructure in the cloud.

Programming is a process that can be used to create a specific set of instructions for a computer to execute tasks. These tasks can include:

• Automation of repetitive tasks (e.g., searching a list of malicious domains)
• Reviewing web traffic
• Alerting suspicious activity

Transferable and technical cybersecurity skills

Transferable Skills:

• Communication: You will have to cooperate and interact with people in your role as a cybersecurity analyst. You can immediately mitigate security vulnerabilities by listening to others’ questions and concerns and clearly explaining information to both technical and non-technical people.
• Problem-solving:Proactively identifying and resolving issues will be one of your primary responsibilities as a cybersecurity analyst. This can be achieved by first identifying attack patterns and then figuring out the best way to reduce risk. Take chances and attempt new things without fear. Recognise that there are seldom any ideal answers to issues. It’s likely that you’ll have to give in.
• Time management: In the subject of cybersecurity, it’s critical to prioritise activities appropriately and have a strong sense of urgency. Thus, you can reduce potential harm and risk to important assets and data by practicing good time management. It will also be crucial to set priorities for your work and maintain your attention on the most pressing problem.
• Growth mindset: A willingness to learn is a crucial transferable quality in this sector since it is constantly changing. The rapid advancement of technology is a wonderful thing! While you won’t have to study everything, you will need to keep learning throughout your professional life. Thankfully, a lot of the knowledge you gain from this programme will be applicable to your continued career growth.
• Diverse perspectives: We can only achieve greatness as a team. There are many more and better ways to solve security-related issues if you respect one another, value differences of opinion, and foster mutual respect.

Technical Skills:

You will need a wide range of technical abilities to succeed in the cybersecurity industry. As you advance through the certificate programme, you’ll acquire and put these abilities into practice. You’ll need to be able to utilise and comprehend a few of the following concepts and tools:

• Programming languages: Cybersecurity experts who are proficient in programming languages can automate laborious operations that would take a lot of time to complete. Programming can be used for a variety of activities, including as organising and analysing data to find patterns linked to security issues or scanning data to discover possible risks.
• Security information and event management (SIEM) tools: SIEM technologies assist analysts in keeping an eye on crucial organisational processes by gathering and analysing log data, or records of occurrences like anomalous login behaviour. This makes it easier for cybersecurity experts to recognise and evaluate any risks, vulnerabilities, and security threats.
• Intrusion detection systems (IDSs): IDSs are used by cybersecurity analysts to track system activity and provide notifications about potential breaches. IDSs are a crucial tool that every organisation utilises to secure assets and data, thus it’s necessary to learn about them. An intrusion detection system (IDS) can be used, for instance, to keep an eye out for indicators of hostile behaviour on networks, such as illegal access.
• Threat landscape knowledge: It’s critical to be informed on emerging trends in malware, threat actors, and attack techniques. Security teams can strengthen their defences against threat actor strategies and techniques by using this knowledge. Security experts can identify emerging threats more quickly, such as a new ransomware variant, by keeping up with attack trends and patterns.
• Incident response: To properly respond to incidents, cybersecurity analysts must be able to adhere to established standards and processes. For instance, a security analyst might be notified of a potential malware assault and initiate the incident response process by following the organization’s established protocols. This can entail looking into the matter to find the source of the problem and devising a plan to fix it.

The Importance of Cybersecurity

1. Protecting Sensitive Information: When it comes to protecting personally identifiable information (PII) and sensitive PII (SPII), which includes information like social security numbers, health, and financial records, security experts are essential.
2. Preventing Identity Theft: They aid in the prevention of identity theft, which mostly uses stolen personal information to commit financial crime, by safeguarding data.
3. Ensuring Business Continuity: Robust security protocols foster a sense of confidence among users, which may foster stable and profitable corporate operations.

Glossary Terms:

Cybersecurity (or security): The practice of ensuring confidentiality, integrity, and availability of information by protecting networks, devices, people, and data from unauthorized access or criminal exploitation

Cloud security: The process of ensuring that assets stored in the cloud are properly configured and access to those assets is limited to authorized users

Internal threat: A current or former employee, external vendor, or trusted partner who poses a security risk

Network security: The practice of keeping an organization’s network infrastructure secure from unauthorized access

Personally identifiable information (PII): Any information used to infer an individual’s identity

Security posture: An organization’s ability to manage its defense of critical assets and data and react to change

Sensitive personally identifiable information (SPII): A specific type of PII that falls under stricter handling guidelines

Technical skills: Skills that require knowledge of specific tools, procedures, and policies

Threat: Any circumstance or event that can negatively impact assets

Threat actor: Any person or group who presents a security risk

Transferable skills: Skills from other areas that can apply to different careers