Reports of cyber attacks contain a lot of information, but do you understand the meaning of the attacks? Learn about the basic concepts and vocabulary of cyber security and how they can help prevent a future attack or stop one in its tracks.
After a cyber attack report, you may not be sure what to do and you’re not exactly sure if your home or office is under attack or who to report it to. In this course, Security Awareness: Basic Concepts and Terminology, you'll learn how to protect your business and yourself from cyber attacks. First, you'll dive into an overview of cyber security terminology. Next, you'll explore the common types of attacks and defenses against them. Finally, you'll discover how to be proactive and avoid getting infected with malicious software or a malicious person. When you're finished with this course, you'll have the necessary skills and knowledge of cyber security needed to prevent a future attack.
Jason Helmick is an author for Pluralsight. His IT career spans more than 25 years or enterprise consulting on a variety of technologies, with a focus on strategic IT business planning. He’s a highly successful IT author, columnist, lecturer, and instructor, specializing in automation practices for the IT pro.
Course Overview Hi, I'm Jason Helmick, an author here at Pluralsight and welcome to my course, Security Awareness: Basic Concepts and Terminology. Now look, the televised news reports of a recent attack contain a lot of information; however, most people find that the problem is understanding all the terminology and what the meaning of the attack actually is. You aren't sure what to do. You're not exactly sure if your home or your office is under attack, who should you report this to, and what are you going to do about it. So taking the time to learn about the basic concepts and the vocabulary of cybersecurity can help prevent a future attack or even stop on in its track. You're a part of the solution. In this course you will learn how to protect your business and yourself with gaining knowledge of cybersecurity and its terminology. Learn the types of common attacks and defenses against them. Learn how to be proactive and avoid getting infected with malicious software or a malicious person. Join me on this journey and start learning about cybersecurity. Here at Pluralsight we love learning and we hope that you do, too.
Security: What Are You Protecting? Cyber criminals are going to try a variety of attacks. Those are the malicious people. They're going to try to attack you and your business to gain information and well, just steal money is really the point and they're going to use inventive ways. They're going to use all kinds of different communication methods to try to well, cheat you out of this information. They'll use emails, they'll use websites that you may have clicked on and you get malicious software. They might even use phone calls. There's all sorts of attacks they're going to use, but you know, first of all the focus is what are we trying to protect in the first place and that's what our focus is, is what is it in our business that someone would want to take from us and also personally what is it that they want to take from us and where might some of that information be stored and we want to then take a look at what the challenge is for the business in protecting this information and what the fix might be. So let's get started with data in your business.
Security: Who Is Helping to Protect? The idea of my personal information being attacked and stolen or at the business site losing customer information is a pretty frightening aspect to think about; however, you're not alone in this and this is what we're going to talk about is some of the people around you that can help you and how they think about the basic concepts of security. In this module we're going to take a look at how your business can provide assistance in this and what a security professional starts to think about when they think about protecting data; something called the CIA security triad and those are going to have concepts doing with confidentiality, integrity, and availability. These are things that you want to think about when you think about both data that you're storing at the office and data that you're storing at home and a concept of defense in depth where we layer multiple defensive mechanisms. Let's get started though with who can help you in your business.
Attacks Defined: Threats, Exploits, and Risks Now the question becomes, who's attacking you and what are they attacking you with? Finding ways that you might be able to help mitigate this, both attacking you personally and your company for data and information. Now I want you to keep something in mind. While we're going to go through the different types of attacks that are out there, this list isn't complete and also for more details on specific attacks, how they occur, what they look like and mitigating them, that's what some of the other courses in this series really focus on. So again I need your patience; we're going to go through a litany of different types of attacks, but it's important to get you comfortable with the verbiage, the terminology, and what to watch out for. So in this module we're going to look at threats and threat sources and the weaknesses, vulnerabilities in your system. These vulnerabilities that are in your system, the weaknesses they have will create exploits that a person of malicious intent can then use against you. They can also automate these exploits by writing malware, which is malicious software to do the entire exploit for them. So they don't even have to be present when it occurs. Now there's malware, but there are also other activities like social engineering that I want to mention before we continue on. And before we get started, something I want to point out to you, where you can get more information. Yes, I'm going to be giving you some terms. I'm not going to be giving you all of the terms, of course, but pretty much the major important ones, but someplace that you can go for additional information is to NIST, National Institute of Standards and Technology. I'd mentioned them earlier and as you go out there, there's a lot of great information, especially for security professionals, but there's also a vocabulary list. So if you hear something and you want to know what it means, you can either search for it with your favorite search engine or go right to NIST and find out what the key definitions are and with that, let's get started with defining three things, what a threat is, what a vulnerability is, and what a exploit is.
Security: The Proactive Approach If you've been following along this far then you know, in the last module I kind of just threw the wolves at you. In other words, there's a whole bunch of scary things out there, good luck with that. Well, now let's start to take a look at what a security professional and you yourself can do as more of a proactive approach, some basic general guidelines to think about and the terminology that goes along with it. And so what we're going to look at here are things like, what do security teams do to be more proactive and what are some of the proactive things that you can do as countermeasures to malware and some of those other things that were out there that could be a problem? So let's get started first of all with what security teams might do to be more proactive.
How to Report an Attack If you believe that you've been attacked or you believe you might have been attacked and there is a difference, you're going to want to report this. If you're working at your company, you're going to want to tell somebody about this. If you're at home, you might be left to your own defenses, but there is an ultimate way that you can also report this. So that's what we want to take a look at here is what do you do when you think you've been attacked, and that is how to report it to the business and how to report for any personal attacks that may have occurred and well, there is the ultimate, you can report it to the FBI.