Skip to main content

Search Shelves Books Log in

Details

Revision #1

Created 1 year ago by naruzkurai

Updated 1 year ago by naruzkurai

Actions

Revisions

Export

Contained Web File.html
PDF File.pdf
Plain Text File.txt
Markdown File.md

Book Navigation

[Completed] Professional Google Cybersecurity Specialization C5/8; assets, threats, and vulnerabilities
Introduction to Course 5
Course 5 overview
Da'Queshia: My path to cybersecurity
Understand risks, threats, and vulnerabilities
Tri: Life in asset security
Security starts with asset classification
Common classification requirements
The emergence of cloud security
Elements of a security plan
The NIST Cybersecurity Framework
Security guidelines in action
Wrap-up; terms and definitions from course 5, week 1
Welcome to week 2
Security controls
Principle of least privilege
最小権限の原則
The data lifecycle
Information privacy: Regulations and compliance
Heather: The importance of protecting PII
Fundamentals of cryptography
Public key infrastructure PKI
Symmetric and asymmetric encryption
Symmetric and asymmetric encryption
Non-repudiation and hashing
The evolution of hash functions
Access controls and authentication systems
The rise of SSO and MFA
The mechanisms of authorization
Why we audit user activity
Tim: Finding purpose in protecting assets
Identity and access management
Wrap-up; Terms and definitions from Course 5, Week 2
Welcome to week 3
Vulnerability management
Defense in depth strategy
Common vulnerabilities and exposures
The OWASP Top 10
Open source intelligence
Vulnerability assessments
Approaches to vulnerability scanning
The importance of updates
Omad: My learning journey into cybersecurity
Penetration testing
Protect all entry points
Approach cybersecurity with an attacker mindset
Types of threat actors
Niru: Adopt an attacker mindset
Pathways through defenses
Fortify against brute force cyber attacks
Wrap-up; Terms and definitions from Course 5, Week 3
Welcome to week 4; threats and social engeneering
The criminal art of persuasion
Social engineering tactics
Phishing for information
Types of phishing
Malicious software
An introduction to malware
The rise of cryptojacking
Cross-site scripting (XSS)
Exploitable gaps in databases
Prevent injection attacks; SQL injection categories
A proactive approach to security
Chantelle: The value of diversity in cybersecurity
PASTA: The Process for Attack Simulation and Threat Analysis
Traits of an effective threat model
Wrap-up; terms and definitions from course 5, week 4
Terms and definitions from Course 5
Course wrap-up

Books

[Completed] Profession...

Security controls

Security controls

These days, information is in so many places at once.

As a result, organizations are under a lot of pressure to implement effective security controls that protects everyone's information from being stolen or exposed.

Security controls are safeguards designed to reduce specific security risks.

They include a wide range of tools that protect assets before, during, and after an event.

Security controls can be organized into three types:

technical, operational, and managerial.

Technical control types include the many technologies used to protect assets.

This includes encryption, authentication systems, and others.

Operational controls relate to maintaining the day-to-day security environment.

Generally, people perform these controls like awareness training and incident response.

Managerial controls are centered around how the other two reduce risk.

Examples of management controls include policies, standards, and procedures.

Typically, organization's security policy outlines the controls needed to achieve their goals.

Information privacy plays a key role in these decisions.

Information privacy is the protection of unauthorized access and distribution of data.

Information privacy is about the right to choose.

People and organizations alike deserve the right to decide when, how, and to what extent private information about them is shared.

Security controls are the technologies used to regulate information privacy.

For example, imagine using a travel app to book a flight.

You might browse through a list of flights and find one at a good price.

To reserve a seat, you enter some personal information, like your name, email, and

credit card number for payment.

The transaction goes through successfully, and you booked your flight.

Now, you reasonably expect the airline company to access this

information you enter when signing up to complete the reservation.

However, should everyone at the company have access to your information?

A person working in the marketing department shouldn't need access

to your credit card information.

It makes sense to share that information with a customer support agent.

Except, they should only need to access it while helping with your reservation.

To maintain privacy,

security controls are intended to limit access based on the user and situation.

This is known as the principle of least privilege.

Security controls should be designed with the principle of least privilege in mind.

When they are, they rely on differentiating between data owners and

data custodians.

A data owner is a person who decides who can access, edit, use, or

destroy their information.

The idea is very straightforward except in cases where there are multiple owners.

For example, the intellectual property of an organization can have

multiple data owners.

A data custodian is anyone or anything that's responsible for

the safe handling, transport, and storage of information.

Did you notice that I mentioned, "anything?"

That's because, aside from people, organizations and

their systems are also custodians of people's information.

There are other considerations besides these when implementing security controls.

Remember that data is an asset.

Like any other asset, information privacy requires proper classification and

handling.

As we progress in this section,

we'll continue exploring other security controls that make this possible.

(Required)

Welcome to week 2

Principle of least privilege

No Comments

Back to top