DISCLAIMER: TO AVOID COPYRIGHT INFRINGEMENT I WILL NOT BE REVIEWING EVERY ASPECT OF THIS COURSE. IF YOU WANT TO ACCESS THE FULL COURSE GO TO: IBM Cybersecurity Analyst Professional Certificate. ENJOY!
Introduction to Cybersecurity Tools & Cyber Attacks
In the first of a series of 7 courses within the IBM "Cybersecurity Analyst Professional Certification," you will learn about the current challenges that are occurring within the cybersecurity field. As more and more valuable information and resources that have monetary worth become available, the more security threats and alerts will increase. With this increase in security threats, one would think, "with so many bad guys creating security threats and attacks, there must be a ton of good guys to counter the bad guys, right?". Well, unfortunately, that is not the case, there is a lack of skilled security professionals in the cybersecurity field. There was a global study conducted by the Information Systems Security Association (ISSA) and Enterprise Strategy Group (ESG) which states that "the cybersecurity skills shortage is exacerbating the number of data breaches,” with the top two contributing factors to security incidents being “a lack of adequate training of non-technical employees” (31%) first and “a lack of adequate cybersecurity staff (22%)” second. As attacks become more complex, the knowledge that is required to deal with these attacks begins to increase whilst the time we have to deal with the attacks unfortunately decreases. The longer it takes for professionals to respond to attacks, the more it will cost to recover.
"What is a SOC Analyst and what do they do?"
"What is a SOC Analyst and what do they do?"A Security Operations Center (SOC) Analyst "is a cybersecurity professional who works as part of a team to monitor and fight threats to an organization's IT infrastructure". A SOC Analyst will also "assess security systems and measures for weaknesses and possible improvements." It is up to the SOC Analyst to use tools for reviewing Security Incident and Event Management (SIEM) and decide which events should recieve a high level of priority over others. You can check out the article "SOC analyst job description, salary, and certification" by Josh Fruhlinger to learn more about what a SOC Analyst does and how you can get a career by becoming a SOC Analyst.
What are We Talking about when We Talk about Cybersecurity?
In this section we will discuss the definition of cybersecurity, a few key terms and roles within security. Let's get started!
Now I know what you're thinking when it comes to defining the term "Information Security", and if you were thinking something along the lines of "securing information" then you are absolutely right! Information Security, according to the National Institute of Standards and Technology (NIST) is "The protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to ensure confidentiality, integrity, and availability." Within this definition are three importatant key words, "Confidentiality, Integrity, and Availability.". These three words together are known as the "CIA Triad", "but what does confidentiality, integrity, and availability have to do with information security?" you might ask, well it actually has alot to do with information security, since the CIA triad is practically the building blocks to securing information. Let's get into more detail about what the CIA Traid really means!
The CIA Triad
In the Information Security sub-section I mentioned the CIA Triad and what it is in minor detail, but lets discuss in further detail what the C.I.A in the triad really means.
The dictionary definition of "Confidentiality" is "The ethical principle or legal right that a physician or other health professional will hold secret all information relating to a patient, unless the patient gives consent permitting disclosure." of course this is looking at it from a medical standpoint, but I'm sure you get the general idea 😊. Ok let's take Dictionary.com's definition and try to think of confidentiality from a technical standpoint, think about all the data a company has in their database, and we have security professionals taking measures to prevent said data from falling into the wrong hands. That is confidentiality.
By definition Integrity is "the state of being whole, entire, or undiminished", so think of Integrity as the prevention of data being deleted or modified from an unauthorized source is essentially what Integrity stands for in the triad.
Available meaning to be "suitable or ready for use; of use or service; at hand", when it comes to security, availability in essence means to have your data always ready to access when needed, by authorized users of course. A few best practices for maintaining availability would include: