GOOGLE CYBERSECURITY CERTIFICATE

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
4/14/24
MODULE 1

What do we do?
-​ Protect organizations and people (password mgmt, stolen data, hacks)
-​ Safeguard data
-​ Monitor systems and networks
-​ Investigate breaches and report findings
-​ Write code to automate tasks

CYBERSECURITY - The practice of ensuring confidentiality, integrity, and availability of information by

protecting networks, devices, people, and data from unauthorized access or criminal exploitation.

THREAT ACTOR - A person or group who poses a threat to an organization.

BENEFITS OF SECURITY:
-​ Protects against external and internal threats
-​ Meets regulatory compliance
-​ Maintains and improves business productivity
-​ Reduces expenses
-​ Maintains brand trust

COMMON JOB TITLES (for job searches):

-​ Security analyst/specialist
-​ Cybersecurity analyst/specialist
-​ Security operations center (SOC) analyst
-​ Information security analyst

RESPONSIBILITIES OF ENTRY-LEVEL SECURITY ANALYST:

-​ Protect computer and network systems
-​ Ethical hacking
-​ Install prevention software
-​ Conduct periodic security audits

SECURITY ANALYST TRANSFERABLE SKILLS:

-​ Communication
-​ Collaboration
-​ Analysis
-​ Problem-Solving
-​ Time Management

SECURITY ANALYST TECHNICAL SKILLS:

-​ Programming languages
 -​ (SIEM) Security Information and Event Management Tools - collect and analyze log data,
unusual login behavior, etc.
-​ Computer Forensics - Identify, analyze, and preserve the criminal evidence
-​ (IDS) Intrusion Detection Systems - monitor system activity for possible intrusions
-​ Threat Landscape Knowledge - study current trends in malware/ransomware/etc.
-​ Incident Response - follow established policies and procedures to contain and investigate

PII - Personally Identifiable Information - any information used to infer an individual’s identity (eg. full
name, DOB, phone #, physical address, email address, IP address)
SPII - Sensitive Personally Identifiable Information - Stricter handling guidelines (eg. SS#, medical
records, financial records, biometrics)

IDENTITY THEFT - Stealing personal information to commit fraud while impersonating the victim.

Install Detection Software - Security professionals collaborate with IT teams to deploy an application
that helps identify risks and vulnerabilities

Computer Forensics - Identify, analyze, and preserve the criminal evidence

----

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

MODULE 2

​ VIRUSES, MALWARE, SOCIAL ENGINEERING, DIGITAL AGE, 8 SECURITY DOMAINS

PAST CYBERSECURITY ATTACKS:

COMPUTER VIRUS - malicious code written to interfere with computer operations and cause damage
to data and software (a type of Malware)
MALWARE - Software developed to harm devices or networks

BRAIN VIRUS (1986) - Made to track illegal copies of medical software. Physical disks. If a disk was
inserted into the computer it installs a virus. Spread globally and slowed productivity.
MORRIS WORM (1988) - Created to assess the size of the internet. It installed on computers that
were connected, but it kept re-installing until computers ran out of memory and crashed. Affected
6,000 computers (10% of the Internet at the time)
CERTs - Computer Emergency Responses Teams (created in response to Morris Worm)

ATTACKS IN THE DIGITAL AGE:

With the growth of high-speed internet, web-connected computers expanded exponentially. Viruses
didn’t need physical disks anymore and could spread more easily and much quicker.

LOVE LETTER MALWARE (2000) - Stole network login credentials. Sent an email with the subject, “I
Love You” and a Love Letter attachment. Upon downloading and opening the attachment, it scanned
the user’s address books and sent emails to all users listed. It also installed an application (viurus) on
each computer which collected login information. Infected 45 million users and created $10 billion in
damages.

​ SOCIAL ENGINEERING - A manipulation technique that exploits HUMAN ERROR to gain

private information, access, or valuables.
​ PHISHING - Use of digital communication to trick people into revealing sensitive data (SPII) or
deploying malicious software.

EQUIFAX BREACH (2017) - 1 of the largest known breaches in history. 143+ million customers were
affected. 40% of all Americans. (PII/SPII). $500+ million in fines from the US Govt.

PHISHING TYPES:
​ BEC - Business Email Compromise. From a “known” source for seemingly “legitimate”
requests for info. For financial data.
​ Spear Phishing - Targets a specific user or group
​ Whale Phising - Form of Spear Ph. Targets executives.
​ Vishing - Exploitation of electronic voice communication
​ Smishing - Uses text messages to trick users

MALWARE: Software designed to harm networks and devices

​ VIRUSES - Malicious code in attachments/files that must be downloaded
​ WORMS - Malware that spreads on its own. Does NOT need to be downloaded
​ RANSOMWARE - Threat actors ENCRYPT data and demand payment $$
​ SPYWARE - Installs on the user’s CPU to gather and sell information without consent.

​ SOCIAL MEDIA PHISHING - Collects information from socials, then attacks

​ WATERING HOLE ATTACK - Targets website visited by a group of users
​ USB BAITING - Threat actor leaves a physical USB stick with malware for an employee to find
​ PHYSICAL SOCIAL ENGINEERING - Impersonating a person to gain physical access

SOCIAL ENGINEERING PRINCIPLES:

-​ Authority - People are trusting and conditioned to respect authority/power
-​ Intimidation - Bullying
-​ Consensus/Social Proof - “He did it, so you should too.”
-​ Scarcity - “These goods or services are in limited supply!”
-​ Familiarity - Create a fake emotional connection to build trust
-​ Trust - Built over some time
-​ Urgency - Respond quickly without questioning (“You must act now!”)
 8 CISSP SECURITY DOMAINS

1.​ SECURITY AND RISK MANAGEMENT

​ Define security goals and objectives, risk mitigation, compliance, business continuity, and the
law.
​ eg. New HIPPA regulations. Social engineering attacks.

2.​ ASSET SECURITY

​ Secure digital and physical assets. Also related to the storage, maintenance, retention, and
destruction of data.
​ eg. Dispose of old equipment. Physical attacks.

3.​ SECURITY ARCHITECTURE AND ENGINEERING

Optimize data security by ensuring effective tools, systems, and processes are in place.
eg. Firewalls

4.​ COMMUNICATION AND NETWORK SECURITY

Manage and secure physical networks and wireless communication.
eg. Are employees using secure WiFi? Passwords attacks.

5.​ IDENTITY AND ACCESS MANAGEMENT

​ Keep data secure by ensuring users follow policies to control and manage physical assets
(office spaces) and logical assets (networks and applications)
​ eg. Setup keycard access to buildings

6.​ SECURITY ASSESSMENT AND TESTING

​ Conduct security control testing, collecting and analyzing data, and conducting security audits
to monitor for risks, threats, and vulnerabilities.
​ eg. Audit employee permissions to see who has access to employee salaries.

7.​ SECURITY OPERATIONS

​ Investigate and implement preventive measures.
​ eg. Unauthorized access? Follow policies and procedures to stop the threat.

8.​ SOFTWARE DEVELOPMENT AND SECURITY

​ Use secure coding practices (recommended guidelines used to create secure apps and
services)
​ eg. New mobile app? Advise on PW policies.
ATTACK TYPES:
​ Password - Brute force; rainbow table
​ Social Engineering - Phishing; BEC; USB baiting
​ Physical - USB Drive; card skimming
​ Adversarial AI - efficient use of AI and Machine Learning
​ Supply Chain - Look for malware vulnerabilities anywhere in the chain (eg, external vendors)
​ Cryptographic - Affects secure communication

THREAT ACTOR TYPES:

​ (APT) Advanced Persistent Threats - significant expertise accessing an organization’s network.
Researched target. Undetected for a long time.
​ Goals: Damage critical infrastructure (eg, power grid); Gain access to intellectual property (eg.
patents)
​ Insider Threats - Abuse authorized access
​ Goals: Sabotage; corruption; espionage
​ Hacktivists - Goals: political agenda; demonstrations; propoganda; fame; social media

HACKER TYPES:
​ Ethical Hackers (Authorized) - Code of ethics…often internal and directed
​ Semi-authorized - Researchers
​ Unauthorized - Malicious threat actors

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

(4/15/24)
MODULE 3

SECURITY FRAMEWORKS AND CONTROLS

​ (eg. If your organization is under attack. 1) Identify your organization’s critical assets and risks.
2) Implement necessary frameworks and controls.)

SECURITY FRAMEWORKS - Guidelines used for building plans to help mitigate risk and threats to
data & privacy.

PURPOSE OF SECURITY FRAMEWORKS:

-​ Protect PII
-​ Secure financial info
-​ Identify security weaknesses
-​ Manage organizational risks
-​ Align security with business goals

4 CORE COMPONENTS OF SECURITY FRAMEWORKS:

1)​ Identify and document security GOALS
2)​ Set GUIDELINES to achieve security goals
 3)​ Implement strong security PROCESSES
4)​ MONITOR and COMMUNICATE results

SECURITY CONTROLS - Safeguards designed to reduce specific security risks. (eg. create an
application that confirms user have watched a privacy video…track their progress.)

CIA TRIAD

Foundational model that helps inform how organizations consider risk when setting up systems &
security policies.

CIA = CONFIDENTIALITY, INTEGRITY, AVAILABILITY

CONFIDENTIALITY - Only authorized users can access specific assets or data

INTEGRITY - Data is correct, authentic, and reliable (eg. encryption)
AVAILABILITY - Data is always accessible to those who are authorized to access it

ASSET - An item perceived to have value to an organization

SECURITY LIFECYCLE - Constantly evolving set of policies and standards
COMPLIANCE - Process of adhering to internal standards and external regulations

NIST - National Institute of Standards and Technology

COMMON CONTROLS, FRAMEWORKS, AND COMPLIANCE STANDARDS

NIST CSF - NIST Cybersecurity Framework. “A voluntary framework that consists of standards,
guidelines, and best practices to manage cybersecurity risk.” A baseline to manage short & long-term
risk.

NIST RMF - NIST Risk Management Framework

FERC-NERC -Federal Energy Regulatory Commission-North American Electric Reliability Corporation
​ (For organizations that work with electricity to keep the US power grid secure)
FedRAMP - Federal Risk and Authorization Management Program. -US Federal government program
that standardizes security assessment, authorization, monitoring, and handling of CLOUD Services
and Product Offerings.
CIS - Center for Internet Security. - non-profit. Set of controls to safeguard systems and networks
GDPR - General Data Protection Regulation. -EU regulations that protect user data worldwide.
PCI DSS - Payment Card Industry Data Security Standard. -International security standards to
safeguard credit card processing and limit credit card fraud.
HIPAA - Health Insurance Portability and Accountability Act. - US Law (1996) to protect patient’s
health information. 1) Privacy, 2) Security, 3) Breach Notification
HITRUST - Health Information Trust Alliance. -Security framework that helps institutions meet HIPAA
compliance.
ISO - International Organization for Standardization. -International standard for technology,
manufacturing, and management across borders.
SOC (type 1 & 2) - System and Organization Controls. -developed by AICPA (American Institue of
CPAs). A series of reports that focus on USER ACCESS policies at different organizational levels.
(eg. Associate, Supervisor, Manager, Executive, Vendor.)
---
SECURITY ARCHITECTURE - A type of security design composed of multiple components, such as
tools and processes, used to protect an organization from risks and external threats.
SECURITY GOVERNANCE - Practices that help support, define, and direct security efforts of an org.

ETHICS IN CYBERSECURITY

SECURITY ETHICS - Guidelines for making appropriate decisions as a security professional.

ETHICAL PRINCIPLES IN SECURITY:

1)​ Confidentiality - Don’t give unauthorized access to friends!
2)​ Privacy Protections - Don’t give your manager a co-worker's personal information (phone…)
3)​ The Law - recognized by a community, enforced by a governing entity.

COUNTER-ATTACKS ON A THREAT ACTOR:​ (spoiler: don’t do it)

​ US STANCE: It is illegal. You can only defend, not counter-attack.

​ ​ (Computer Fraud and Abuse Act (1986))
​ ​ (Cybersecurity Information Sharing Act (2015))
​ ​ Don’t be a vigilante!

​ INTERNATIONAL STANCE: ICJ (Int’l Court of Justice) says you may counter-attack IF:
1)​ The counter only affects the attacking party
2)​ The counter is a direct communication asking the threat actor to stop
3)​ The counter does not escalate the situation
4)​ The counter’s effects can be reversed

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

(4/15/24)
MODULE 4

CYBERSECURITY TOOLS

LOG - record of events that occur within an organization’s system (eg. A record of employee logins or
web access.

SIEM TOOLS (Security Information and Event Management Tools)

 -​ An application that collects and analyzes log data to monitor critical activities in an
organization. Collects REAL-TIME info. They reduce the amount of data an analyst must
review by providing alerts for specific risks or threats.

Use SIEM Tools to:

1)​ Analyze filtered events and patterns
2)​ Perform incident analysis
3)​ Proactively search for threats

SIEM Tools have different “Dashboards” that visually organize data into categories.

COMMON SIEM TOOLS:

​ SPLUNK - Data-analysis platform. Splunk Enterprise is a self-hosted tool to retain, analyze,
and search log data
​ GOOGLE CHRONICLE - cloud-native (easier to setup and maintain, quicker to update)
​ PLAYBOOKS - manuals that provide details about any operation action. (How to handle a
security before, during, and after)
​ NETWORK PROTOCOL ANALYZER (“PACKET SNIFFER”) - Tool designed to capture and
analyze data traffic within a network. (eg. TC Dump; Wire Shark)

CORE CYBERSECURITY KNOWLEDGE AND SKILLS:

PROGRAMMING - Used to create a specific set of instructions for a computer to execute tasks.
(repetitive tasks, high degree of accuracy and efficiency) “automation”

​ LINUX - open-source operating system. Command line interface (text based). NOT a
programming language.
​ SQL - (“sequel”) STRUCTURED QUERY LANGUAGE - a programming language used to
create, interact with, and request info from a database (an organized collection of information or data)
​ PYTHON - Used to automate tasks that are repetitive and time-consuming and that require a
high level of detail and accuracy.

OPERATING SYSTEM - interface between computer hardware and the user. (eg. Linux, MacOS,
Windows)

WEB VULNERABILITY - a unique flaw in a web application that a threat actor could exploit by using
malicious code or behavior to allow unauthorized access, data theft, and malware deployment.

ANTIVIRUS SOFTWARE - A software program to prevent, detect, and eliminate malware. Scans the
device’s memory for the presence of malware.

INTRUSION DETECTION SYSTEM (IDS) - Application that monitors system activity and alerts of
possible intrusions. Scans small network packets.
ENCRYPTION - Make data unreadable and difficult to decode for an unauthorized user. For
confidentiality of privacy data.

CRYPTOGRAPHIC ENCODING - (not encryption) converting plaintext into secure ciphertext

PENETRATION TESTING (PEN testing) - a simulated attack that helps identify vulnerabilities in
systems, networks, websites, applications, and processes. A thorough risk assessment.

CYBERSECURITY PORTFOLIO

​ Used to demonstrate your security education, skills, and knowledge. Share with potential
employers. More in-depth than a resume.

Hosts:​ your Documents folder. Google Drive. Dropbox. Google Sites. Git repository.

1.​ Documents Folder / Drive / Dropbox

-​ Professional documents
-​ Resume
-​ Education
-​ Portfolio documents
-​ Cybersecurity tools
-​ Programming
2.​ Google Sites
-​ Create a web page to share with potential employers
-​ Responsive web pages (adjusts to different devices)
-​ Publish website and receive a URL to share
3.​ Git Repository
-​ Store labs, documents, and screenshots from Course

PORTFOLIO PROJECTS:

1.​ Draft a professional statement

2.​ Conduct a security audit
3.​ Analyze network structure and security
4.​ Use Linux commands to manage file permissions
5.​ Apply filters to SQL queries
6.​ Identify vulnerabilities for small business
7.​ Document incidents with an incident handler’s journal
8.​ Import and parse a text file in a security-related scenario
9.​ Create a resume

---
MUSIC -> CYBERSECURITY

Pros:
-​ Creative
-​ Think outside the box
-​ See evolving patterns
-​ Jazz “improvisation”
-​ Music is another language
-​ Music technology (cognitive experiences)