Common cybersecurity terminology

As you’ve learned, cybersecurity (also known as security) is the practice of ensuring confidentiality, integrity, and
availability of information by protecting networks, devices, people, and data from unauthorized access or criminal
exploitation. In this reading, you’ll be introduced to some key terms used in the cybersecurity profession. Then, you’ll
be provided with a resource that’s useful for staying informed about changes to cybersecurity terminology.

Key cybersecurity terms and concepts

There are many terms and concepts that are important for security professionals to know. Being familiar with them
can help you better identify the threats that can harm organizations and people alike. A security analyst or
cybersecurity analyst focuses on monitoring networks for breaches. They also help develop strategies to secure an
organization and research information technology (IT) security trends to remain alert and informed about potential
threats. Additionally, an analyst works to prevent incidents. In order for analysts to effectively do these types of
tasks, they need to develop knowledge of the following key concepts.

Compliance is the process of adhering to internal standards and external regulations and enables organizations to
avoid fines and security breaches.

Security frameworks are guidelines used for building plans to help mitigate risks and threats to data and privacy.

Security controls are safeguards designed to reduce specific security risks. They are used with security frameworks
to establish a strong security posture.

Security posture is an organization’s ability to manage its defense of critical assets and data and react to change. A
strong security posture leads to lower risk for the organization.

A threat actor, or malicious attacker, is any person or group who presents a security risk. This risk can relate to
computers, applications, networks, and data.

An internal threat can be a current or former employee, an external vendor, or a trusted partner who poses a
security risk. At times, an internal threat is accidental. For example, an employee who accidentally clicks on a
malicious email link would be considered an accidental threat. Other times, the internal threat actor intentionally
engages in risky activities, such as unauthorized data access.

Network security is the practice of keeping an organization's network infrastructure secure from unauthorized
access. This includes data, services, systems, and devices that are stored in an organization’s network.

Cloud security is the process of ensuring that assets stored in the cloud are properly configured, or set up correctly,
and access to those assets is limited to authorized users. The cloud is a network made up of a collection of servers
or computers that store resources and data in remote physical locations known as data centers that can be
accessed via the internet. Cloud security is a growing subfield of cybersecurity that specifically focuses on the
protection of data, applications, and infrastructure in the cloud.

Programming is a process that can be used to create a specific set of instructions for a computer to execute tasks.
These tasks can include:

 Automation of repetitive tasks (e.g., searching a list of malicious domains)

 Reviewing web traffic
 Alerting suspicious activity
Transferable and technical cybersecurity skills
Previously, you learned that cybersecurity analysts need to develop certain core skills to be successful at work.
Transferable skills are skills from other areas of study or practice that can apply to different careers. Technical
skills may apply to several professions, as well; however, they typically require knowledge of specific tools,
procedures, and policies. In this reading, you’ll explore both transferable skills and technical skills further.

Transferable skills
You have probably developed many transferable skills through life experiences; some of those skills will help you
thrive as a cybersecurity professional. These include:

 Communication: As a cybersecurity analyst, you will need to communicate and collaborate with others.
Understanding others’ questions or concerns and communicating information clearly to individuals with
technical and non-technical knowledge will help you mitigate security issues quickly.
 Problem-solving: One of your main tasks as a cybersecurity analyst will be to proactively identify and solve
problems. You can do this by recognizing attack patterns, then determining the most efficient solution to
minimize risk. Don't be afraid to take risks, and try new things. Also, understand that it's rare to find a perfect
solution to a problem. You’ll likely need to compromise.
 Time management: Having a heightened sense of urgency and prioritizing tasks appropriately is essential in
the cybersecurity field. So, effective time management will help you minimize potential damage and risk to
critical assets and data. Additionally, it will be important to prioritize tasks and stay focused on the most
urgent issue.
 Growth mindset: This is an evolving industry, so an important transferable skill is a willingness to learn.
Technology moves fast, and that's a great thing! It doesn't mean you will need to learn it all, but it does
mean that you’ll need to continue to learn throughout your career. Fortunately, you will be able to apply
much of what you learn in this program to your ongoing professional development.
 Diverse perspectives: The only way to go far is together. By having respect for each other and encouraging
diverse perspectives and mutual respect, you’ll undoubtedly find multiple and better solutions to security
problems.

Technical skills
There are many technical skills that will help you be successful in the cybersecurity field. You’ll learn and practice
these skills as you progress through the certificate program. Some of the tools and concepts you’ll need to use and
be able to understand include:

 Programming languages: By understanding how to use programming languages, cybersecurity analysts

can automate tasks that would otherwise be very time consuming. Examples of tasks that programming can
be used for include searching data to identify potential threats or organizing and analyzing information to
identify patterns related to security issues.
 Security information and event management (SIEM) tools: SIEM tools collect and analyze log data, or
records of events such as unusual login behavior, and support analysts’ ability to monitor critical activities in
an organization. This helps cybersecurity professionals identify and analyze potential security threats, risks,
and vulnerabilities more efficiently.
 Intrusion detection systems (IDSs): Cybersecurity analysts use IDSs to monitor system activity and alerts
for possible intrusions. It’s important to become familiar with IDSs because they’re a key tool that every
organization uses to protect assets and data. For example, you might use an IDS to monitor networks for
signs of malicious activity, like unauthorized access to a network.
 Threat landscape knowledge: Being aware of current trends related to threat actors, malware, or threat
methodologies is vital. This knowledge allows security teams to build stronger defenses against threat actor
tactics and techniques. By staying up to date on attack trends and patterns, security professionals are better
able to recognize when new types of threats emerge such as a new ransomware variant.
 Incident response: Cybersecurity analysts need to be able to follow established policies and procedures to
respond to incidents appropriately. For example, a security analyst might receive an alert about a possible
malware attack, then follow the organization’s outlined procedures to start the incident response process.
 My first day in the world of Cybersecurity

The value of cybersecurity

On my first day as a cybersecurity professional, I am tasked with solving a range of cybersecurity problems to ensure the
integrity, confidentiality, and availability of sensitive information. I focus on identifying and mitigating potential
vulnerabilities in the organization's systems, networks, and applications. This involves conducting regular security
assessments, implementing robust access controls, and staying updated on the latest cyber threats.

In order to protect the organization, I employ a multi-layered approach. This includes implementing advanced firewalls,
intrusion detection and prevention systems, and encryption protocols. I also play a crucial role in educating employees
about cybersecurity best practices to minimize the risk of social engineering attacks. Regularly updating and patching
software systems is another key aspect of my role to address emerging security vulnerabilities.

To protect individuals, I work on developing and implementing security awareness programs that empower users to
recognize and respond to potential threats. This involves creating training materials, conducting workshops, and
fostering a culture of cybersecurity consciousness within the organization.

The most exciting part of my day is the dynamic and ever-evolving nature of the cybersecurity field. Whether it's
investigating a new type of malware, analyzing a sophisticated cyberattack, or devising innovative security strategies,
each day presents a fresh challenge that keeps me engaged and motivated to stay at the forefront of cybersecurity
developments.
Common attacks and their effectiveness
Previously, you learned about past and present attacks that helped shape the cybersecurity industry. These
included the LoveLetter attack, also called the ILOVEYOU virus, and the Morris worm. One outcome was the
establishment of response teams, which are now commonly referred to as computer security incident response
teams (CSIRTs). In this reading, you will learn more about common methods of attack. Becoming familiar with
different attack methods, and the evolving tactics and techniques threat actors use, will help you better protect
organizations and people.

Phishing
Phishing is the use of digital communications to trick people into revealing sensitive data or deploying malicious
software.

Some of the most common types of phishing attacks today include:

 Business Email Compromise (BEC): A threat actor sends an email message that seems to be from a known
source to make a seemingly legitimate request for information, in order to obtain a financial advantage.
 Spear phishing: A malicious email attack that targets a specific user or group of users. The email seems to
originate from a trusted source.
 Whaling: A form of spear phishing. Threat actors target company executives to gain access to sensitive
data.
 Vishing: The exploitation of electronic voice communication to obtain sensitive information or to impersonate
a known source.
 Smishing: The use of text messages to trick users, in order to obtain sensitive information or to impersonate
a known source.

Malware
Malware is software designed to harm devices or networks. There are many types of malware. The primary purpose
of malware is to obtain money, or in some cases, an intelligence advantage that can be used against a person, an
organization, or a territory.

Some of the most common types of malware attacks today include:

 Viruses: Malicious code written to interfere with computer operations and cause damage to data and
software. A virus needs to be initiated by a user (i.e., a threat actor), who transmits the virus via a malicious
attachment or file download. When someone opens the malicious attachment or download, the virus hides
itself in other files in the now infected system. When the infected files are opened, it allows the virus to insert
its own code to damage and/or destroy data in the system.
 Worms: Malware that can duplicate and spread itself across systems on its own. In contrast to a virus, a
worm does not need to be downloaded by a user. Instead, it self-replicates and spreads from an already
infected computer to other devices on the same network.
 Ransomware: A malicious attack where threat actors encrypt an organization's data and demand payment
to restore access.
 Spyware: Malware that’s used to gather and sell information without consent. Spyware can be used to
access devices. This allows threat actors to collect personal data, such as private emails, texts, voice and
image recordings, and locations.

Social Engineering
Social engineering is a manipulation technique that exploits human error to gain private information, access, or
valuables. Human error is usually a result of trusting someone without question. It’s the mission of a threat actor,
acting as a social engineer, to create an environment of false trust and lies to exploit as many people as possible.
Some of the most common types of social engineering attacks today include:

 Social media phishing: A threat actor collects detailed information about their target from social media sites.
Then, they initiate an attack.
 Watering hole attack: A threat actor attacks a website frequently visited by a specific group of users.
 USB baiting: A threat actor strategically leaves a malware USB stick for an employee to find and install, to
unknowingly infect a network.
 Physical social engineering: A threat actor impersonates an employee, customer, or vendor to obtain
unauthorized access to a physical location.

Social engineering principles

Social engineering is incredibly effective. This is because people are generally trusting and conditioned to respect
authority. The number of social engineering attacks is increasing with every new social media application that allows
public access to people's data. Although sharing personal data—such as your location or photos—can be
convenient, it’s also a risk.

Reasons why social engineering attacks are effective include:

 Authority: Threat actors impersonate individuals with power. This is because people, in general, have been
conditioned to respect and follow authority figures.
 Intimidation: Threat actors use bullying tactics. This includes persuading and intimidating victims into doing
what they’re told.
 Consensus/Social proof: Because people sometimes do things that they believe many others are doing,
threat actors use others’ trust to pretend they are legitimate. For example, a threat actor might try to gain
access to private data by telling an employee that other people at the company have given them access to
that data in the past.
 Scarcity: A tactic used to imply that goods or services are in limited supply.
 Familiarity: Threat actors establish a fake emotional connection with users that can be exploited.
 Trust: Threat actors establish an emotional relationship with users that can be exploited over time. They use
this relationship to develop trust and gain personal information.
 Urgency: A threat actor persuades others to respond quickly and without questioning.

Key takeaways
In this reading, you learned about some common attacks and their impacts. You also learned about social
engineering and why it’s so successful. While this is only a brief introduction to attack types, you will have many
opportunities throughout the program to further develop your understanding of how to identify and defend against
cybersecurity attacks.