2. Understand core terminology and key aspects of cyber security.
|
2.1 Define core terminology used in cyber security. 2.2 Compare typical behaviours of good actors and bad actors. 2.3 Discuss key sectors that are most vulnerable to a cyber-attack.
|
- Core terminology: malicious software, distributed denial of service (DDoS), cloud , software, domain , exploit, breach, firewall, encryption, Virtual Private Network (VPN), IP address, malware, virus, social engineering Bring Your Own Device (BYOD, Penetration testing (pen testing):process of attempting to gain access to resources without knowledge of usernames, passwords and other normal means of access.
- white-box penetration test is to simulate a malicious insider who has knowledge of and possibly basic credentials for the target system.
- black-box penetration test is to simulate an external hacking or cyber warfare attack.
- bad – ex employee, black hat, script kiddies, hacktivist, organised crime hackers,
- good – white hat, certified penetration tester.
-
Good and bad actors:
-
Key sectors: manufacturing, finance, government and defence agencies/departments, educational institutions, utilities, maritime, IT, healthcare, retailers,
|
3. Understand cyber threat intelligence.
|
3.1 Identify key concepts of cyber threat intelligence 3.2 Explain the following terms in relation to cyber security:
- threats
- exploits
- vulnerabilities
- risks
3.3 Identify improvements to secure a network against cyber attacks
|
- Cyber threat intelligence - information an organisation uses to understand the threats that have, will, or are currently targeting the organisation ie sources: open source intelligence, social media intelligence, human Intelligence, technical intelligence or deep and dark web intelligence.
|