“Movement is a medicine for creating change in a person’s physical, emotional, and mental states.” – Carol Welch Why? As I am no spring chicken anymore, I noticed from my training that even though I may be still in OK shape and getting a bit stronger and fitter, I am not getting sorer and not moving well. An example is…
Month: July 2020
Security+ Course – 5.6 Data Security and Privacy
1. Understanding Data Security Data States 1. Data at rest: is data stored somewhere for later use. This might be on a hard drive or USB stick, in a cloud service, or on a magnetic tape as part of a backup or archival solution. Data at rest is vulnerable to theft if an attacker gains either physical or logical access…
Security+ Course – 5.5 Forensics
1. Conducting Investigations There are four main types of investigations that often involve cybersecurity professionals. These are: 1. Operational investigations: Seek to resolve technology issues (EG: service might be returning errors, a server might be responding too slowly, or a network might be congested) Restore normal operations as quickly as possible low standards of evidence as no legal action involved…
Security+ Course – 5.4 Incident Response
1. Security Incidents Security Incident Terminology Security Event: these occur anytime that an observable action takes place on a system that has security implications. This may be a user accessing a web page, a file being written to disk by a process, a connection being established through a firewall, or any other security related event. Thousands of security events take…
Security+ Course – 5.3 Business Continuity and Disaster Recovery
1. Business Continuity Planning Business continuity efforts are a collection of activities designed to keep a business running in the face of adversity. This adversity may come in the form of a small-scaled incident such as a single system failure or a catastrophic incident, such as an earthquake or tornado. Business continuity plans may also be activated by man-made disasters…
Security+ Course – 5.2 Supply Chain Risks
1. Managing Vendor Relationships Security professionals must pay careful attention to managing these vendor relationships in a way that protects the confidentiality, integrity, and availability of their organisation’s information and IT systems. This is known as Supply Chain Assessment. Perhaps, the most important rule of thumb is that you should always ensure that vendors follow security policies and procedures that…
Security+ Course – 5.1 Controls & Risks
1. Security Controls Security controls are procedures and mechanisms that an organisation puts in place to address security risks in some manner. This might include trying to reduce the likelihood of a risk materialising, trying to minimise the impact of a risk if it does occur, and trying to detect security issues that actually do take place. Defense in Depth…
Security+ Course – 4.4 Account Management
1. Understanding account and privilege management Account Management Tasks: implement the principles of least privilege: An individual should only have the minimum set of privileges necessary to complete their assigned job duties Implement separation of duties: Performing sensitive actions should require the collaboration of two individuals implementing job rotation schemes: regularly move people between jobs to prevent fraud managing the…
Security+ Course – 4.3 Authorisation
1. Understanding Authorisation Authorisation is the final step in the access control process. Once an individual successfully authenticates to a system, authorisation determines the privileges that individual has to access resources and information. 2 Principles of Authorisation Principal of Least Privilege: This principle states that an individual should have only the minimum set of permissions necessary to accomplish his or…
Security+ Course – 4.2 Authentication
1. Authentication Factors Once you’ve identified yourself to a system, you must prove that claim of identity. That’s where authentication comes into play. 3 different authentication factors Something you know: this is the most common and is typically in the form of a password the user has to remember. Users should choose strong passwords consisting of as many characters as…