Play it Safe: Manage Security Risks- Google's second part of Cyber Security Certificate
Overview
This blog acts as notes to prepare for Entry-level Cybersecurity Analysts Jobs(For me also!)
I'm gonna cover a brief about
CISSP domains
Risk Management frameworks
CIA Triad
NIST frameworks
SIEM tools
uff!! That's a lot!
It's okay. Let's get started.
1. CISSP (Certified Information Systems Security Professional) Domains
It contains 8 domains
Security and Risk Management
Asset Security
Security Architecture and Engineering
Communications and Network Security
Identity and Access Management
Security Assessment and Testing
Security Operations
Software Development Security
Let's dive in!
1. Security and Risk Management
It involves setting Goals and objectives for security, Mitigating Risks, Compliance, Business Continuity plans, Legal Regulations, and Professional and organizational ethics.
InfoSec comes under this category.
For Ex: The Security team, may need to alter how PII(Personally Identifiable Information)is treated to adhere to EU GDPR.
2. Asset Security
It involves managing organizational assets like storing, retrieving, creating, preventing, and deleting physical or virtual Data.
3. Security Architecture and Engineering
Manages data security. It involves ensuring effective tools, systems, and processes are in place to help protect organization assets and data. Security architects and Engineers come into play in this role.
Ex: using SIEM tools to monitor for flags related to unusual login or activity.
4. Communication and Network Security
Focuses on managing physical networks and wireless communications. This includes on-site, remote and hybrid cloud.
5. Identity and Assess Management (IAM)
This focuses on keeping data secure by ensuring user identities are trusted and authenticated and that access to physical and logical assets is authorized.
It uses the least privilege principle, granting minimal access to complete the task.
6. Security Assessment and Testing
It involves identifying and mitigating risks, threats, and vulnerabilities.
Penetration Testers (Pen Testers) are a simple example.
7. Security Operations
This involves investigating potential data breaches and inventing preventive measures after the breach.
8. Software Development Security
This focuses on using secure programming practices to create secure applications.
NIST Framework
Asset
An asset is an item perceived as having value to the organization.
Threat
A threat is any circumstance or event that can negatively impact assets.
---> Insider threats: Staff members of vendors abuse their authorized access
Advanced Persisted Threats(APTs): A threat actor maintains unauthorized access to a system for an extended period.
Risk
A risk is anything that can impact the CIA triad of an asset.
Vulnerability
A vulnerability is a weakness that can be exploited by a threat.
The Seven Steps to NIST RMF Framework (PC SIAAM)
Prepare
Categorize
Select
Implement
Assess
Authorize
Monitor
CIA Triad
CIA Triad helps inform how organizations consider risk when setting up systems and security policies.
Confidentiality
The core Idea is to make sure only authorized people can have access to specific assets and data. The principle of Least Privilege is a good example.
Integrity
Integrity makes sure that data is correct, authentic, and reliable. Using Cryptography or Encryption, We can verify the data.
Availability
It makes sure that data is available to the authorized personnel only.
SIEM dashboards
logs
A record of events that occur within an organization's systems and networks.
Firewall logs
Network logs
Server Logs
SIEM Tools
self-hosted
cloud-hosted
hybrid