THE ABC
OF
CYBERSECURITY
HOW TO PREVENT PHISHING & SOCIAL ENGINEERING ATTACKS
&
INCIDENT MANAGEMENT BEST PRACTICES
&
CYBERSECURITY AWARENESS FOR EMPLOYEES
3 BOOKS IN 1
Mike Miller
Copyright
All rights reserved. No part of this book may be reproduced in any form or by any electronic, print or mechanical means, including information storage and retrieval systems, without permission in writing from the publisher.
Copyright 2020 Mike Miller
Disclaimer
This book is produced with the goal of providing information that is as accurate and reliable as possible. Professionals should be consulted as needed before undertaking any of the action endorsed herein. Under no circumstances will any legal responsibility or blame be held against the publisher for any reparation, damages, or monetary loss due to the information herein, either directly or indirectly. This declaration is deemed fair and valid by both the American Bar Association and the Committee of Publishers Association and is legally binding throughout the United States. The information in the following pages are considered to be a truthful and accurate account of facts, and as such any inattention, use or misuse of the information in question by the reader will render any resulting actions solely under their purview.
Table of Contents Book 1
Table of Contents Book 2
Table of Contents Book 3
Introduction
There are always news reports about cyber-attacks and while they're providing a lot of information; still many people not sure how it impacts them, their business or the company that they work for. You're perhaps not too sure what you're supposed to do about cyber-attacks? Partly because of all the confusing vocabulary or the types of attacks, and perhaps unsure what this mean to you? Well, that's precisely what we are going to cover in book 1. We are going to focus on the basic concepts of security and the terminology used for cyber-attacks. At first, let's get started with the vocabulary. We are going to take a look at why this is so important, what's the impact of having better knowledge of security and what the challenges are that your business faces when dealing with cyber-attacks. We are trying to prevent the loss or corruption of confidential data and that directly impacts your business. If there's a loss of customer data, this can impact not only the operations of the business, but its future financial outlook and there's going to be a personal impact from cyber-attacks that can affect you such as loss of your identify, loss of money or loss of property that might be an impact as well. This is an important concept. Security is everybody responsibility. It's a phrase that you hear all the time, but it's not often practiced. The more active you are in doing this, the better you can improve everyone's security, not just your personal security, but the security of your business too. Your business needs to try to prevent attacks from happening. That's to protect that corporate confidential information and they also have to be able to respond to attacks when they occur and most likely they'll have specialized security professionals who will do that. Also as part of that is to educate the employees or help you out as well because it helps the business. If you notice something that is wrong and you can report it, is great. That might be a great way to get started on responding to a possible attack. Notifications about data loss or corruption if it occurs can help the business to make sure that it's doing everything it can to prevent an attack. The term Cybersecurity is a common term used by the government, but there are a couple of other terms I just want you to be familiar with. I'll use the term Cybersecurity as We are talking about the different types of attacks, but there's also a common term used in the private sector called information security or just known as InfoSec. These are general terms and I will switch between them from time to time. But something else I want you to keep in mind is that you'll hear other term like computer security or network security or software security. The idea is that there are people in place that are trying to make sure that if something were to fall under attack, they could help prevent it, then respond to the attack. There might be very specialized categories that each person follows through, but in general, people refer to it as Cybersecurity or InfoSec. First of all, we are going to take a look at what are you have to protect, what information some malicious person might want to get hold off, and who is going to help you do this protection. Then we want to dive into the different types of attacks, threats, exploits and risks that these are all means to you. This is whats most important and understanding the definitions which will give you a general idea of what you're looking for when something might happen. And what is a proactive approach, both; what your business should do to proactively fight against these attacks and what you can do to help and how to report an attack. We will also discuss who you should report an attack including both; at your business and in your own personal life. This is important but there are many challenges because we want to protect both the business and our own personal information.
In book 2, we're going to look at incident management. That includes incident handling and response. In the following chapters, we're going to learn how to define an incident, how an organization may classify an incident, and we're going to look at incident management, policies, procedures, and so on. All of these contribute to the business developing an incident response strategy. Here's what we're going to cover during this first part of the book. We're going to define incidents. You're going to get the definitions, but you're also going to learn how an organization should define incidents within its own context and environment. We will talk about the fundamentals of incident management, and these concepts will help you develop and maintain an incident management program. You'll also learn how to define and classify incidents in a variety of ways using different criteria such as impact, severity, manmade, natural, accidental, and so on. Lastly, you'll learn about incident management policies and plans and how you can only have a good incident management program if you have effective policies and well-written incident response plans.
BOOK 1
Cybersecurity for Beginners
How to prevent
Phishing & Social Engineering Attacks
Mike Miller
Chapter 1 The Ultimate Goal of Cybersecurity
Chapter 2 Understanding the CIA Triad & Defense in Depth
Security professionals are all about data protection. This is often referred to as the CIA security triad or sometimes the CIA triad. It's not the CIA like Central Intelligence Agency. It stands for confidentiality, integrity, and availability in regards to your data. Let's break this down. We are going to add a fourth piece called privacy to this, but let's start with confidentiality. First of all, we need to make sure that data is confidential. In other words, unauthorized users do not have access to the data. We are going to do that through a variety of mechanisms that you've already experienced. We are going to ask you to log on with your username and a password, something that you know. We are also going to look at encrypting this data. For example if somebody steals your laptop, they may not have your password, but if they pull the hard drive out, they might be able to get data off of it. Well, not if we encrypt that data as well, and this requires training and a good example is printers. In the office, if you've had a print job, printed something out and forgot about it and left it on the printer. Well, imagine for a moment that you printed out confidential information that you left on the printer and anybody who walked to the printer could suddenly see it. Confidentiality is a very important piece to this when protecting data, but it's not the only piece. There's also integrity. Integrity means that the data itself is good. It's consistent and accurate and we can trust the data. In other words, nobody or no malicious software has gotten in and corrupted that data or altered that and we do that by auditing the data, tracking changes on the data, and see who's the last person that made changes to it? Besides integrity, another important aspect is availability. What we want to make sure is that the data is available to authorized users when they need to have access to that data, which means that we may have some fault tolerance or redundancy measures, which we are going to talk about later, to ensure that the data is available. If we lose a server, I can still access that data. With availability, will require ongoing maintenance such as backups and updates, disaster recovery plans, but availability is important and this affects you even in your personal life when we start to talk about one type of malicious software called ransomware. Your data's there, it's not available to you and you might need it. This also then takes us to privacy. This is the fourth leg of the three legs of the CIA triad and privacy relates to you and your personal identifiable information or PII. This is whether it's at a business site or if it's with you personally, your personal information, your medical records or your Social Security number. Perhaps you don't want people to know your address. Whatever this is, is with you or it could be with a business that you've done business with, if you've purchased products. That information needs to be protected. Not everything, but the things that we want protected. Also, organizations may have very specific legal requirements. A couple of them commonly known are the Health Insurance Portability and Accountability Act or HIPAA for medical institutions to protect patient records. Also the Payment Card Industry for credit cards and debit cards. There are compliancy levels on how those transactions have to be made. Can credit card numbers be stored? How about information about a person? The products that they purchased, the dates, the times, when they got these products, how is that stored and is it available to anyone and who are the authorized people that it would be available to? These combine into how we think about protecting data. Confidentiality, integrity, availability and privacy. Security professionals don't only think about the data. In other words, is the data confidential? Does it have integrity? Is it available? They also think about how to protect that data. Imagine for yourself that you have some important confidential information on a piece of paper and you put it into a locked safe. Well, the safe is one mechanism, but if you have a good safe cracker it's pretty easy to get into that safe and steal that information. The concept is this. Can we build layers of security and that's referred to as defense in depth. Using multiple security processes to protect that data. Think of it this way. You've that locked safe, but let's say you put it in a room that's also locked that requires a fingerprint scanner in order to get into, and that room is located in a building that has security guards that they have to scan a badge to see if you can get through. See how we are building layers on that? That's what a security professional wants to do with the data and it's the same thing that you can help with in your business which you can also do in your own personal life. Therefore security professionals spend a lot of time organizing, planning, and figuring out ways to mitigate a variety of attacks. They might do things called penetration testing or pen testing, which is testing their own environment to see if there are points of attack that they can do. They'll also come up with plans to recover and analyze and repair situations after an attack. Security departments will also offer employee training and I would encourage you to find out whether they do. If they do, take advantage of it because you are the ultimate impact. You can expand your knowledge and you will be able to perform security related tasks that are helping the situation both at your business and at home. Best of all, you'll start to notice if something isn't right and then you can let someone else know, which we will talk about at the end of this book. Who can you go and explain that there might be an issue? All of these are security in the business. How to think about your data? Is the data truly safe from unauthorized users? Is its integrity good? How you can protect against that data? Well, now it's time to finally dig in and start to see what you're protecting it from, the different types of threats and exploits that you might face.