The Purple Team Journey: My Cybersecurity Chronicles.

Ethics In Cybersecurity A - Security Ethics Guidelines for making appropriate decisions as a security professional. B - Ethical Principles in Security 1. Confidentiality 2. Privacy Protections  3. Laws 1. Confidentiality As a security professional, you'll encounter proprietary or private information, such as PII. It's your ethical duty to keep that information confidential and safe. For example, you may want to help out a coworker by providing computer system access outside of properly documented channels. However, this ethical violation can result in serious consequences, including reprimands, the loss of your professional reputation, and legal repercussions for both you and your friend. 2. Privacy Protections For example, imagine you receive a personal email after hours from your manager requesting a colleague's home phone number. Your manager explains that they can't access the employee database at the moment, but they need to discuss an urgent matter with that...

Frameworks, Controls And Ethics. Security Frameworks: Guidelines used for building plans to help mitigate risk and threats to data and privacy  Purpose of security frameworks: Protecting PII  Security financial information  Identifying security weaknesses  Managing organizational risks  Aligning security with business goals Four core components of frameworks: 1. Identifying and documenting security goals (e.g. EU general data protection regulation GDPR: A data protection law established to grant European citizens more control over their personal data.) 2. Setting guidelines to achieve security goals, e.g. when implementing guidelines to achieve GDPR compliance, your organization may need to develop new policies for how to handle data requests from individual users. 3. Implementing strong security processes. In the case of GDPR, a security analyst working for a social media company may help design procedures to ensure the organization complies with verified ...

In today's digital landscape, cybersecurity is more critical than ever. As cyber threats become increasingly sophisticated, the demand for skilled cybersecurity professionals is rising sharply. For those looking to start a career in this essential field, the Google Cybersecurity Professional Certificate offers a robust foundation. Let’s explore what makes this certificate a valuable asset for aspiring cybersecurity experts. The Google Cybersecurity Professional Certificate is a comprehensive program designed to impart foundational knowledge and practical skills necessary for a career in cybersecurity. Offered through Coursera, this certificate is aimed at individuals who are new to the field and want to develop the competencies needed to protect against and respond to cyber threats. The program begins with an introduction to cybersecurity, where you'll learn the basics of the field and understand why cybersecurity is crucial. You'll delve into common threats and vulnerabili...

The Eight CISSP Security Domains. 1. Security and Risk Management  => Defines security goals and objectives, risk mitigation, compliance, business continuity, and the law 2. Asset Security => Secures digital and physical assets.  It's also related to the storage, maintenance, retention and destruction of data  3. Security Architecture and Engineering  => Optimizes data security by ensuring effective tools, systems, and processes are in place.  4. Communication and Network security => Manage and secure physical networks and wireless communications.  5. Identity and access management  => keeps data secure, by ensuring users follow established policies to control and manage physical assets, like office spaces, and logical assets, such as networks and applications. 6. Security assessment and testing  => Conducting security control testimng, collecting and analyzing data, and conducting security audits to monitor for r...

The history of cybersecurity. Past Malware Attack examples: Brain virus 1980 Morris worm 1988 Loveletter 2000  Equifax breach 2017 Common types of malware attacks: Viruses: Malicious code written to interfere with computer operations and cause damage to data and software. A virus needs to be initiated by a user (i.e., a threat actor), who transmits the virus via a malicious attachment or file download. When someone opens the malicious attachment or download, the virus hides itself in other files in the now infected system. When the infected files are opened, it allows the virus to insert its own code to damage and/or destroy data in the system. Worms: Malware that can duplicate and spread itself across systems on its own. In contrast to a virus, a worm does not need to be downloaded by a user. Instead, it self-replicates and spreads from an already infected computer to other devices on the same network. Ransomware: A malicious attack where threat actors encrypt an organization's...

The first module of foundation of cyber, You study the following:  1. Common cybersecurity terminology 2. General Glossary terms in IT security  3. Technical cybersecurity analyst skills 4. Transferable cybersecurity analyst skills Common cybersecurity terminology Compliance is the process of adhering to internal standards and external regulations and enables organizations to avoid fines and security breaches. Security frameworks are guidelines used for building plans to help mitigate risks and threats to data and privacy. Security controls are safeguards designed to reduce specific security risks. They are used with security frameworks to establish a strong security posture. Security posture is an organization’s ability to manage its defense of critical assets and data and react to change. A strong security posture leads to lower risk for the organization. A threat actor , or malicious attacker, is any person or group who presents a security risk. This risk can relate to c...