19. Recap of Course

Recap of the Course

ND545 C1 L5 17 Course Outline

Summary

This concludes the first course of the Udacity cybersecurity nanodegree. At this point, you should have a good idea of why cybersecurity is so critical in today's world and what it means to be secure online. In the course, you learned what it means to maintain a secure infrastructure and administer a system that meets industry security standards. You need to think like a hacker in assessing high-level risks, vulnerabilities, threats, and attacks. Once you know how a data breach may happen, you need to enable adequate defenses. With all of this knowledge, you practiced applying cybersecurity on a sample system using a case study.

Course learning objective

Now you should be able to:

  • Explain security fundamentals including core security principles, critical security controls, and cybersecurity best practices.
  • Evaluate specific security techniques used to administer a system that meets industry standards and core controls
  • Assess high-level risks, vulnerabilities and attack vectors of a sample system
  • Explain methods for establishing and maintaining the security of a network, computing environment, and application.

Glossary

  • Phishing: A technique for attempting to acquire sensitive data, such as bank account numbers, through a fraudulent solicitation in email or on a web site, in which the perpetrator masquerades as a legitimate business or reputable person.
  • Malware: Software or firmware intended to perform an unauthorized process that will have an adverse impact on the confidentiality, integrity, or availability of an information system. A virus, worm, Trojan horse, or other code-based entity that infects a host. Spyware and some forms of adware are also examples of malicious code
  • Ransomware: A type of malicious software designed to block access to a computer system until a sum of money is paid.
  • Business Email Compromise: An exploit in which an attacker obtains access to a business email account and imitates the owner's identity, in order to defraud the company and its employees, customers or partners
  • Internet of Things: The interconnection via the Internet of computing devices embedded in everyday objects, enabling them to send and receive data
  • Multi-Factor Authentication (MFA): Authentication using two or more factors to achieve authentication.
  • AntiVirus (AV) applications: A program or tool specifically designed to detect many forms of malware and prevent them from infecting computers, as well as cleaning computers that have already been infected.
  • Patching: A software component that, when installed, directly modifies files or device settings related to a different software component without changing the version number or release details for the related software component.
  • Updating: An authorized increase in the level of protection to be provided to specified information, e.g., from a Low impact-level to a Moderate impact-level.
  • Governance: A strategic planning responsibility providing organizational oversight that sets policies and establishes practices to enforcement
  • Compliance: The requirements all affected parties follow the same rules.
  • Audit: An independent review and examination of records and activities to assess the adequacy of system controls, to ensure compliance with established policies and operational procedures. (NIST Glossary)
  • Policy: Statements, rules, or assertions that specify the correct or expected behavior of an entity. (NIST)
  • ISMS: Information Security Management System
  • Asset: A major application, general support system, high impact program, physical plant, mission-critical system, personnel, equipment, or a logically related group of systems.
  • Vulnerability: Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat.
  • Threat: Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, or the Nation through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service.
  • Exploit: A hardware or software tool designed to take advantage of a flaw in a computer system, typically for malicious purposes such as installing malware.
  • Risk: A measure of the extent to which an entity is threatened by a potential circumstance or event, and typically a function of: (i) the adverse impacts that would arise if the circumstance or event occurs; and (ii) the likelihood of occurrence
  • Attack: Any kind of malicious activity that attempts to collect, disrupt, deny, degrade, or destroy information system resources or the information itself.
  • Penetration Testing: A test methodology in which assessors, typically working under specific constraints, attempt to circumvent or defeat the security features of an information system.
  • **Hardening: **A process intended to eliminate a means of attack by patching vulnerabilities and turning off nonessential services.
  • Authentication: Verifying the identity of a user, process, or device, often as a prerequisite to allowing access to resources in an information system.
  • Multi-Factor Authentication (MFA): Authentication using two or more factors to achieve authentication.
  • Patch: A software or code revision, is used to fix some type of issue, whether it’s with functionality, security or to add new features
  • Cookie: A small file that stores information for a Web site in order to capture the web site's state and information about the browsing session.
  • Cache: The temporarily storing of information and images from web pages to improve browsing efficiency.

Source: https://csrc.nist.gov/glossary/

Next Concept