Every organization needs to protect itself from cyber threats. This course covers the essentials of cyber security, you will learn about threats, vulnerabilities and the protective, defensive and corrective controls deployed by organizations.
A cyber incident can have a significant effect on an organization. Investors, customers and regulators expect cyber security be to managed from the board downwards, so every executive needs the basic understanding of cyber security that you will learn in this course. First, you will meet the attackers who want to harm an organization. Next, you’ll learn how they break into computer systems through vulnerabilities and how an organization defends itself using a risk-based combination of preventative, detective and corrective controls. Finally, you will understand some of the ways that controls are managed, the basics of application security and the typical roles needed to support cyber security in an organization. When you’re finished with this executive briefing you’ll will have the high-level understanding of cyber security that’s essential for every executive and IT professional.
Risk, Threats, Vulnerabilities, and Controls All computer systems have vulnerabilities that a cyber attacker can exploit to make that system do what the attacker wants. Some are simple. For example, a software developer leaving a feature in the software that lets anyone log in with a password of admin. Others are more complex and require the attacker to spend weeks investigating and then writing some special malicious software, or malware, to exploit the vulnerability. But the bottom line is that every system has vulnerabilities, and if a cyber attacker tries hard enough, they will find a way to exploit a vulnerability. There can be vulnerabilities in hardware, operating systems, applications, and yes, even people. And a malicious threat actor will try to exploit a vulnerability to give them the access to the system. So every organization will do technical and procedural things to defend itself. These things, which could be buying software or buying specialist services or buying hardware or training new business processes are known as controls, and this is a really important concept in cybersecurity because a lot of the hard work of cybersecurity is selecting the right controls, and then making sure the controls are actually working. And if the organization has enough of the right types of controls to mitigate the vulnerabilities in a system, most attackers will fail, and those that succeed will be detected quickly before harm can be done. And we can complete the cyber risk picture we started earlier because the probability of an attack being successful does not just depend on whether a cyber attacker wants to harm the confidentiality or integrity or availability of an information asset, but is also related to the number and significance of the system's vulnerabilities and whether there are sufficient controls to reduce the chance of an attack succeeding.