Cybersecurity Fundamentals
Cybersecurity is a good investment for organizations.
Clearly, technology has changed the way businesses operate. With most companies collecting and processing sensitive customer data, it is imperative to ensure the safety and privacy of the information through effective cybersecurity practices.
Companies like Facebook, Adidas, and Ticketmaster have suffered significant brand damage after data breaches.
There’s that, and with more customers becoming concerned about the privacy and security of their data, businesses need to invest in cybersecurity to ensure that their data remains untampered with while instilling the precious trust of their customers.
Analysts contend that organizations at least need to be practicing cybersecurity fundamentals. Better yet, companies should have a cybersecurity plan in place.
A good cybersecurity strategy includes multiple layers of protection distributed across networks, systems, computers, and servers that need protection. The spread of data will make it hard for cybercriminals to track. In any company, the technology processes and people must work as a collective to ensure a sufficient security posture.
Cybersecurity breaches have many consequences. Another motivational factor for companies to deliver effective cybersecurity is penalties if they don’t.
Cybersecurity professionals also contend that creating a security conscious culture in an organization goes a long way in the battle against cybercrime. Train all staff. Create a culture of security by implementing a regular schedule of employee training. Update employees as you find out about new risks and vulnerabilities. If employees don’t attend, consider blocking their access to the network.
It’s also advisable to assemble a team of experts to conduct a comprehensive breach response. Depending on the size and nature of your company, they may include forensics, legal, information security, information technology, operations, human resources, communications, investor relations, and management.
Cybersecurity Fundamentals Course by Tonex
Cybersecurity Fundamental course is a dynamic 2-day training course provided by Tonex, the most trusted provider of cybersecurity training courses, certification, consulting services and research to cybersecurity professionals worldwide.
The 2-day Cybersecurity Fundamental course covers the cybersecurity disciplines dealing with real-world use cases and applications transferring technical, management and policy skills to secure information and infrastructure and combat new attacks.
Our Cybersecurity Fundamental course provides an introduction to a variety of key disciplines fundamental to protecting cyber data, information, critical infrastructure and other assets in the modern digital world.
DoDI 8500.01 Cybersecurity definition: “Prevention of damage to, protection of, and restoration of computers, electronic communications systems, electronic communications services, wire communication, and electronic communication, including information contained therein, to ensure its availability, integrity, authentication, confidentiality, and nonrepudiation.
Participants will learn what cybersecurity is, how it has been evolved , and how cybersecurity frameworks can be applied across a wide range of industries and contexts. This course will also provide an introduction to the Risk Management Framework (RMF) and other technical and non-technical skills that are key knowledge and skills in the cybersecurity domain.
During this course, participants will gain the professional and academic knowledge and skills foundations to become familiar with cybersecurity and start protecting cyber assets.
Course Key Topics:
- Introduction to Cybersecurity
- Fundamentals of Information, Data, Communications, Infrastructure and System Security
- Applications of Cybersecurity
- Overview of Risk Management and Risk Management Framework (RMF)
- Cybersecurity Law, Policy, Regulations and Analysis
- Cyber Management Theory and Practice
Course Schedule- Topics & Activities
Course Requirements
- Homework: Students will receive a set of practice problems. These problems will be due on the second day of the training.
- Quizzes: There will be a daily quiz. These quizzes will cover any material mentioned in class.
- Team Project: Participants will work on a case study project. Each group of five students will have three project topics to choose from. Each group will be required to complete ONE 1-page paper, and give a 10-minute presentation.
The course draws key topics from the U.S. Commerce Department’s National Institute of Standards and Technology (NIST) Framework for policy and management planning and DoD Risk Management Framework (RMF).
Cybersecurity is implemented to increase a system’s capability to protect, detect, react, and restore, even when under attack from an adversary.
Prerequisites
None. There are no prerequisites for this course
Learning Objectives
Upon completion of this course, the participants will:
- Learn about cybersecurity principles and key disciplines that support cybersecurity capabilities
- Gain a deep perspective on cyber assets including information and data, computer science, programming, hardware, embedded systems and software, IT architecture, communication networks, risk management, program and project management, regulation, laws, standards and national and global institutions and their influence on cybersecurity policies and standards
- Become familiar with key concepts around vulnerabilities, cyber-based threats, threat vectors and Risk Management Framework (RMF)
- Learn about system security architecture and data flows, extracting Cybersecurity requirements, common methods of cyber attacks and exploits, protection and recovery methods and principles
- Gain fluency in risk management, tools to assess and mitigate risk and integrating the Cybersecurity Risk Management Framework (RMF) into the System Acquisition Lifecycle
- Gain a deep appreciation on cybersecurity quantitative disciplines including cybersecurity program and project management, risk quantification, management, Earned Value Management (EVM), and cost-benefit analyses
- Explore how to plan and execute, and conducting cybersecurity process
Course Topics
Introduction to Cybersecurity
- Basics of Cybersecurity
- Cybersecurity Domains and Assets
- Security of Networks, Systems, Applications, Information and Data
- Principles of CIA (Confidentiality, Integrity, Availability)
- Common Vulnerabilities and Exposures
- Threats and Security Controls
- Cryptography Fundamentals
- Symmetric and Asymmetric key Encryption
- Elliptical Curve Cryptography
- Quantum Cryptography
- Digital Signature
- Public Key Infrastructure (PKI)
- Cryptocurrency Hijacking
- Malware
- Phishing
- Distributed Denial of Service (DDoS) attacks
- Social Engineering Attacks
- Cybersecurity Controls
- Discovery, Footprinting, and Scanning
- Security Architecture
- Security Policies
- Cybersecurity Roles: Governance, risk management, & compliance
- Principles of Risk Management and Risk Management Framework (RMF)
- Business Continuity and Disaster Recovery
- Incident Response and Computer Forensic
Overview of Cybersecurity Domains and Assets
- Generic
- Data and Information Security
- Computers and Servers
- Technology
- Operational
- Management
- Communications and Networking
- Tactical Links and Assets
- Managing User Security
- Controlling Physical Environments and User Actions
- Protecting Host Systems
- Network Security and Network Threats
- Wireless Network Security
- Encryption and Cryptography
- Threats to Data
- Penetration Testing
- Cloud Computing
Overview of Cybersecurity Threats
- A drive-by Download
- Password Cracking Application
- Distributed Denial-of-Service (DDoS)
- Domain Shadowing
- Drive-by-Download
- Intrusion
- Malicious Codes
- Malvertising
- Malware
- Virus, Worm, Trojan Horse and Bots
- Man-in-the-Middle (MitM) attack
- Phishing
- Rogue software
- Spyware
Common Attack Types and Attack Vectors
- Threat vectors
- Attack attributes
- Non-adversarial threat events
- Malware & attack types
- Cybersecurity Roles
- Cybersecurity Structure and Governance
- Tampering systems and data stored within
- Exploitation of resources
- Unauthorized access to the targeted system and accessing sensitive information
- Disrupting normal functioning and operation of the business and its processes
- Using ransomware attacks to encrypt data and extort money from victims
Overview of Cybersecurity Processes
- Identity
- Protect
- Detect
- Respond
- Recover
- Process controls
- Vulnerability Management
- Vulnerability Scans and Assessment
- Penetration Testers
- Blue and Red Team Structure and Tasks
Overview of Cybersecurity Controls
- AC (Access Control)
- AT (Awareness and Training)
- AU (Audit and Accountability)
- CA (Security Assessment and Authorization)
- CM (Configuration Management)
- CP (Contingency Planning)
- IA (Identification and Authentication)
- IR (Incident Response)
- MA (Maintenance)
- MP (Media Protection)
- PE (Physical and Environmental Protection)
- PL (Planning)
- PM (Program Management)
- PS (Personnel Security)
- RA (Risk Assessment)
- SA (System and Services Acquisition)
- SC (System and Communications Protection)
- SI (System and Information Integrity
Overview of Advanced Persistent Threats (APT)
- Overview of major APT Attacks
- Sources of APT Threat
- Intelligence Agencies
- criminal Groups
- Terrorist Groups
- Activist Groups
- Armed Forces
Enterprise Risk of Successful APT Attack
- Loss of Availability
- Loss of Intellectual Property (IP)
- Loss of personal Information
- Contractual Breaches
- Financial Loss
- Reputation Damage
The “Cyber Kill Chain”
- Sequence of activities and events
- conducted by an attacker to carry out an APT attack
- Reconnaissance
- Weaponization
- Delivery
- Exploitation
- Installation
- Command and Control (C2)
- Action of Objectives
Cybersecurity Fundamentals