First Line of Defense
The Beginners Book
Of Cyber Security
Christopher Nelson MBA, CISSP, PMP, CSPO, ITIL Expert
Copyright 2020 Christopher Nelson
Nelson True Life Series
All rights reserved.
ISBN: 9798642907276
DEDICATION
To Marynette Lee
I wrote this story for people who want to get a better understanding of cyber security, but when I started writing, I realized that I could not have done it without you. You have been my mentor and friend for over 30 years and guided me like a lighthouse through stormy day. It always shines brightly on the darkest days. I am older now, but I will always be your young employee who needed a mentor. I write books to help others the way you have always helped me. Using kind words of wisdom and a gentle approach, I can only hope that I have grown to make you proud. All professionals were once new employees - although few of them remember, and I hope they take the time to help someone else on their lifes journey the way you helped me .
CONTENTS
Acknowledgments | Pg 6 |
Preface | Pg 7 |
| What is Cybersecurity? | Pg 11 |
| Information Security Policy | Pg 28 |
| Security Policies | Pg 41 |
| Legal, Ethical and Professional Issues | Pg 51 |
| Standard Operating Procedures | Pg 57 |
| Asset Management | Pg 66 |
| Human Resources and Personnel Security | Pg 76 |
| Security and Personnel | Pg 82 |
| Access Control Management | Pg 85 |
| Security and Auditing | Pg 92 |
Glossary | Pg 111 |
ACKNOWLEDGMENTS
The author would like to thank several people and their families for their contributions and support.
Contributors
Durham College and the National Institute of Standards and Technology are the source of many references and content used in this textbook.
Reviewers
I am indebted to Danny Aniag, Professor, School of Business, IT & Management; and Christopher Reckord, Chief Executive Officer at tTech Limited.
Special Thanks
Special thanks to Barbara Nelson for her editorial expertise and professional efforts which improved the quality of work.
To Durham College for the inspiration to teach with the highest standards and compassion for students.
To Paul B. Scott and Melanie Subratie, Chairman & Vice Chairman, Musson Group of Companies, for their innovation and vision in the world of technology.
Preface
As cyber and data breaches continue to grow exponentially, corporations continue to depend on cybersecurity professionals to detect threats and protect sensitive data. Experts predict that the demand for cybersecurity specialist will continue to grow as the industry is opening up many opportunities for beginners and professionals who want to enter this exciting field.
Careers in cybersecurity may be demanding, but at the same time satisfying. The primary objective is to safeguard an organizations critical data from being lost or damaged by an attack.
Currently there are billions of devices connected to the internet that are changing the way we work and live. Gartner, the global research firm estimates that there are over 3.8 billion devices connected to the internet. These range from heart monitors, door locks, refrigerators to phones, computers, tablets and servers.
Although the career paths in cybersecurity differ with each person, research indicates that there are key hard and soft skills which support this career choice.
For positions in cybersecurity, candidates are required to have the following soft skills:
Attention to detail.
Creative and technical problem solving.
Peaceful disposition in times of trouble.
Ability to be a team player.
Desire for additional skills and information.
Be an enthusiastic listener.
Good verbal and written communication.
A curious and investigative mind.
Hard skills required include the following:
Understand the basics of programing or scripting language.
Knowledge of computers.
The ability to discuss technical topics in plain words.
Learn a cybersecurity sub-category and become a specialist.
Be skilled in the tools used for attacks and security frameworks.
Investigative, regulatory and evidence gathering techniques.
There are many career paths to explore and the roles identified are some of the best career options:
Security Engineer
Consultant and Business Owner
Developer and Pentester
CISO/CISSP
Security Analyst
Cybersecurity Project Manager
Cybersecurity Lawyer
Security Architect
Cybersecurity Sales
Many people who work in the industry have a job that is relatively secure as compared to other industries. This is due to the fact that employment opportunities for information security analysts will grow by an amazing 28 percent from 2016 to 2026 and experts believe that with threats increasing every day, there may be 3.5 million unfilled cybersecurity jobs globally by 2021.
The benefit of learning or switching to a career in cybersecurity is that people from similar fields who are already proficient in technology and those with a non-technical background can transition if they build on their hard or soft skills.
The question is which cybersecurity certification and path is best for you?
There is no clear choice when selecting a career path or certification and everyones journey will be different but three factors should be taken into consideration:
Which skills and qualifications that you currently hold can be transitioned to cyber security?
At what level are you in your current career? Is it Entry, Mid Senior or Executive?
What are you passionate about or hoping to accomplish?
This means that If you have skills that can be transitioned such as investigative, analytical, project management or regulatory, then the change could be easier. Those with no technical or cybersecurity experience could explore Security+ or Network+ which will provide a more in-depth view of cybersecurity.
Before an individual makes that final decision to get into the industry, it is important to note that whereas the majority of organizations have identified information security as an important risk to the success of their business, it also does not guarantee that it is their primary focus. It is a competitive industry with very talented people who demonstrate new ways to protect organizations.
At the end of the day, your experience is the number one quality that organizations are looking for and this does not mean you must have 5 to 10 years of cybersecurity experience. It means bringing 100% effort to work every day, doing it well and getting the hard work done.
CHAPTER 1: What is Cybersecurity?
Cybersecurity is the practice of protecting systems, networks, and programs from digital and physical attacks.
These attacks are usually aimed at accessing, changing, or destroying sensitive information; extorting money from users; or interrupting normal business processes.
