Scribd
Upload
163 views5 pages

IT Security and Cybersecurity Reviewer

Uploaded by

jasperalvindee
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
163 views5 pages

IT Security and Cybersecurity Reviewer

Uploaded by

jasperalvindee
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

IT Security and Cybersecurity Reviewer

1. Fundamental Concepts

1.1. Definitions

• Information Security: Protecting information from unauthorized access,


disclosure, modification, or destruction.

• Cybersecurity: The practice of protecting systems, networks, and programs from


digital attacks.

• CIA Triad: The three core principles of information security:

o Confidentiality: Ensuring that information is accessible only to those


authorized.

o Integrity: Ensuring the accuracy and completeness of data.

o Availability: Ensuring that information and resources are accessible when


needed.

1.2. Types of Threats

• Malware: Malicious software designed to harm or exploit any programmable device,


service, or network.

o Virus: A program that attaches itself to a legitimate program or file and


spreads to other systems.

o Worm: A self-replicating malware that spreads across networks without user


intervention.

o Trojan Horse: A malicious program disguised as legitimate software.

o Ransomware: Malware that encrypts data and demands a ransom for its
release.

o Spyware: Software that secretly gathers information from a user’s device.

• Phishing: A method of tricking users into revealing personal information such as


passwords or credit card numbers.

• Denial of Service (DoS) Attack: An attack that overwhelms a system, network, or


website, causing it to crash or become unavailable.
• Man-in-the-Middle (MitM) Attack: An attack where the attacker intercepts
communication between two parties.

2. Cryptography

2.1. Key Concepts

• Encryption: The process of converting plain text into ciphertext to prevent


unauthorized access.

• Decryption: The process of converting ciphertext back into plain text.

• Symmetric Encryption: Uses the same key for both encryption and decryption
(e.g., AES, DES).

• Asymmetric Encryption: Uses a pair of keys – public and private (e.g., RSA, ECC).

• Hashing: The process of converting data into a fixed-size string of characters, which
is typically a digest that represents the original data (e.g., SHA-256, MD5).

2.2. Common Algorithms

• AES (Advanced Encryption Standard): A widely used symmetric encryption


algorithm.

• RSA (Rivest-Shamir-Adleman): A widely used asymmetric encryption algorithm.

• SHA (Secure Hash Algorithm): A family of cryptographic hash functions designed


for data integrity.

3. Network Security

3.1. Network Security Devices

• Firewall: A network security device that monitors and filters incoming and outgoing
network traffic.

• Intrusion Detection System (IDS): A system that detects potential malicious


activity or policy violations.

• Intrusion Prevention System (IPS): A system that detects and prevents identified
threats.

• Virtual Private Network (VPN): A service that encrypts your internet connection
and hides your IP address.

3.2. Network Security Protocols


• HTTPS (HyperText Transfer Protocol Secure): An extension of HTTP with security
for data encryption.

• SSL/TLS (Secure Sockets Layer/Transport Layer Security): Protocols for


establishing authenticated and encrypted links between networked computers.

• IPsec (Internet Protocol Security): A protocol suite for securing Internet Protocol
(IP) communications.

4. Cybersecurity Policies and Standards

4.1. Security Frameworks

• NIST (National Institute of Standards and Technology): Provides a cybersecurity


framework for improving critical infrastructure cybersecurity.

• ISO/IEC 27001: An international standard for managing information security.

4.2. Common Policies

• Acceptable Use Policy (AUP): Defines acceptable activities and behaviors for
network and internet usage.

• Data Privacy Policy: Outlines how an organization collects, stores, and protects
personal data.

• Incident Response Plan: A set of instructions to detect, respond to, and recover
from network security incidents.

5. Cybersecurity Attacks and Defense Mechanisms

5.1. Types of Cyber Attacks

• Brute Force Attack: Trying all possible combinations of passwords or encryption


keys to gain unauthorized access.

• SQL Injection: An attack that involves inserting malicious SQL queries into input
fields to manipulate a database.

• Cross-Site Scripting (XSS): An attack where an attacker injects malicious scripts


into content from otherwise trusted websites.

• Zero-Day Exploit: An attack that occurs on the same day a weakness is discovered
in software.

5.2. Defense Mechanisms


• Two-Factor Authentication (2FA): Adds an extra layer of security by requiring two
forms of identification.

• Antivirus Software: Programs designed to detect and remove malware.

• Patch Management: The process of regularly updating software to fix


vulnerabilities.

• Network Segmentation: Dividing a network into multiple segments to reduce the


risk of an attacker moving laterally.

6. Ethical Hacking and Penetration Testing

6.1. Key Terms

• White Hat Hacker: A security professional who uses hacking skills for ethical
purposes, such as penetration testing.

• Black Hat Hacker: A hacker who violates computer security for personal gain or
malicious intent.

• Penetration Testing: A simulated cyber attack against your system to check for
vulnerabilities.

• Social Engineering: The manipulation of people into performing actions or divulging


confidential information.

6.2. Common Tools

• Kali Linux: A Linux distribution used for penetration testing.

• Metasploit: A penetration testing framework for finding vulnerabilities.

• Wireshark: A network protocol analyzer that captures and inspects data on a


network.

7. Emerging Technologies in Cybersecurity

• Artificial Intelligence (AI) in Cybersecurity: Using AI for threat detection, behavior


analysis, and incident response.

• Blockchain Security: Leveraging blockchain technology for secure transactions


and data integrity.

• Internet of Things (IoT) Security: Protecting IoT devices from cyber threats.
• Zero Trust Architecture: A security model that assumes all users, devices, and
systems are untrusted by default.

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy