Wrap-up; Terms and definitions from Course 5, Week 3
Here we are at the end of this section! Can you believe it?
I had so much fun exploring the world of vulnerabilities.
I hope you felt the same.
More importantly, I hope you got a better sense of how complex a landscape the digital world is.
This environment is filled with gaps that attackers can use to gain unauthorized access to assets, making it a challenge to defend.
We've explored a lot of information this time around, so let's quickly recap what we've covered.
You learned about the vulnerability management process, starting with the defense-in-depth model.
You learned about the layers of this security framework and how each of them work together to build a stronger defense.
You then learned about the CVE list that's used to find cataloged vulnerabilities.
This is a great addition to your growing security toolbox.
After that, you learned of the attack surfaces that businesses protect.
We discussed physical and digital surfaces and the challenges of defending the cloud.
We finished up by exploring common attack vectors, where you learned how security teams use an attacker mindset to identify the security gaps that cyber criminals try to exploit.
Every one of the vulnerabilities that we've discussed so far is faced with a number of threats.
When we get back together, we're going to expand our attacker mindset even further by exploring specific type of attacks that cybercriminals commonly use.
We'll look at things like malware and the techniques attackers use to compromise defense systems.
By exploring how these tools and tactics work, you'll gain a clearer understanding of the threats they pose.
We'll then wrap up by investigating how security teams stop these threats from damaging our organizations' operations, their reputation, and most importantly, their customers and employees.
You've done a fantastic job getting to this point.
When you're ready, let's finish the journey together.
I'm looking forward to being back with you again.
Glossary terms from week 3
Advanced persistent threat (APT): An instance when a threat actor maintains unauthorized access to a system for an extended period of time
Attack surface: All the potential vulnerabilities that a threat actor could exploit
Attack tree: A diagram that maps threats to assets
Attack vector: The pathways attackers use to penetrate security defenses
Bug bounty: Programs that encourage freelance hackers to find and report vulnerabilities
Common Vulnerabilities and Exposures (CVE®) list: An openly accessible dictionary of known vulnerabilities and exposures
Common Vulnerability Scoring System (CVSS): A measurement system that scores the severity of a vulnerability
CVE Numbering Authority (CNA): An organization that volunteers to analyze and distribute information on eligible CVEs
Defense in depth: A layered approach to vulnerability management that reduces risk
Exploit: A way of taking advantage of a vulnerability
Exposure: A mistake that can be exploited by a threat
Hacker: Any person who uses computers to gain access to computer systems, networks, or data
MITRE: A collection of non-profit research and development centers
Security hardening: The process of strengthening a system to reduce its vulnerability and attack surface
Threat actor: Any person or group who presents a security risk
Vulnerability: A weakness that can be exploited by a threat
Vulnerability assessment: The internal review process of a company’s security systems
Vulnerability management: The process of finding and patching vulnerabilities
Vulnerability scanner: Software that automatically compares existing common vulnerabilities and exposures against the technologies on the network
Zero-day: An exploit that was previously unknown
