Unlock the full potential of your projects.
전체 맵 표시
마인드맵 복사&편집 복사

Cybersecurity Fundamentals

기술
HA
Hai Anh Nguyen
시작하기. 무료입니다
또는 회원 가입 e메일 주소
비슷한 마인드맵 마인드맵 개요
Cybersecurity Fundamentals 저자: Mind Map: Cybersecurity Fundamentals

1. Overview

1.1. What is cybersecurity?

1.1.1. Information security

1.1.1.1. Physical security

1.1.1.2. Cybersecurity

1.1.2. CIA

1.1.2.1. Confidentiality

1.1.2.2. Integrity

1.1.2.3. Availability

1.2. Key elements

1.2.1. People

1.2.2. Process

1.2.3. Technology

1.3. Risk management

1.3.1. Risk value = Consequence x Likelihood

1.3.2. Likelihood = Adversary capability x Adversary motivation x Vulnerability severity

1.3.3. Risk response

1.3.3.1. Accept / Reduce / Transfer / Reject

1.4. Common misconceptions

1.5. Laws and ethics

2. On the Offense

2.1. Threat actor groups

2.1.1. Script kiddie

2.1.2. Hacktivist

2.1.3. Criminal gang

2.1.4. Nation state hacker (APT)

2.1.5. Malicious insider

2.2. Types of cyber attacks

2.2.1. Denial of service (DoS)

2.2.2. Distributed denial of service (DDoS)

2.2.3. Phishing attack

2.2.4. Spear phishing attack

2.2.5. Malware

2.2.6. Man in the middle (MitM) attack

2.2.7. Domain name system (DNS) attack

2.2.8. SQL injection

2.3. Structure of a cyber attack

2.3.1. Lockheed Martin Cyber Kill Chain

2.3.1.1. Reconnaissance

2.3.1.2. Weaponization

2.3.1.3. Delivery

2.3.1.4. Exploitation

2.3.1.5. Installation

2.3.1.6. Command and Control (C2)

2.3.1.7. Actions on Objectives

2.3.2. MITRE ATT&CK

2.4. Social engineering

2.5. Open source intelligence (OSINT)

2.5.1. Company website

2.5.2. Media and news

2.5.3. Social media

2.5.4. Government or public records

2.6. Technical scanning

2.6.1. Ping test

2.6.2. Traceroute

2.6.3. Port scanning

2.6.4. Network vulnerability scanning

2.6.5. Search engine for the internet

3. On the Defense

3.1. Protect against attacks

3.1.1. Examine the perimeter

3.1.2. Network segregation (DMZ)

3.1.3. Least privilege

3.1.4. Patch and vulnerability management

3.1.5. Defense in depth

3.2. Detect attacks

3.2.1. Logging

3.2.2. Network monitoring

3.2.3. SIEM tools

3.2.4. Security operations center (SOC)

3.2.5. False alarms

3.2.6. Activity time

3.3. Respond to attacks

3.3.1. Preparation

3.3.2. Identification

3.3.3. Containment

3.3.4. Eradication

3.3.5. Recovery

3.3.6. Reflection

3.4. Cryptography

3.4.1. Defining secure communications

3.4.1.1. Confidentiality

3.4.1.2. Authenticity

3.4.1.3. Integrity

3.4.2. Encryption

3.4.2.1. Symmetric encryption

3.4.2.2. Asymmetric encryption

3.5. Threat intelligence

3.5.1. Benefits