Confidentiality:

Ensuring information is accessible only to authorized users. Methods include encryption, access controls, and data classification.

Integrity:

Ensuring information remains accurate and unaltered. Methods include hashing, digital signatures, and integrity checks.

Availability:

Ensuring systems and data are accessible when needed. Methods include redundancy, backups, and disaster recovery.

Authentication:

Verifying identity through something you know (password), have (token), or are (biometric).

Authorization:

Determining what resources a user can access after authentication.

Accounting:

Tracking and logging user activities and resource usage for audit purposes.

DAC (Discretionary Access Control):

Resource owners determine access rights. Common in file systems.

MAC (Mandatory Access Control):

System enforces access policies based on security clearance levels.

RBAC (Role-Based Access Control):

Access based on user's role within an organization.

ABAC (Attribute-Based Access Control):

Access decisions based on attributes of users, resources, and environment.

Key Principles:

• Never trust, always verify
• Least privilege access
• Assume breach
• Verify explicitly

Encryption:

Converting plaintext to ciphertext. Symmetric (AES) vs Asymmetric (RSA).

Hashing:

One-way function creating fixed-size output (SHA-256, MD5).

Digital Signatures:

Ensuring authenticity and integrity of digital messages.

Threat Actors:

• Nation-states (APT groups)
• Script kiddies
• Insider threats
• Competitors
• Cybercriminal organizations

Attack Vectors:

• Email (phishing)
• Web applications
• Network vulnerabilities
• Physical access
• Social engineering

Virus:

Self-replicating code that spreads through host programs.

Worm:

Self-propagating malware that spreads across networks.

Trojan:

Malware disguised as legitimate software.

Ransomware:

Encrypts files and demands payment for decryption.

Spyware:

Secretly monitors user activities.

Adware:

Displays unwanted advertisements.

Phishing:

Fraudulent emails appearing to be from legitimate sources.

Spear Phishing:

Targeted phishing attacks against specific individuals.

Whaling:

Phishing attacks targeting high-profile individuals.

Pretexting:

Creating a fabricated scenario to obtain information.

Baiting:

Offering something enticing to lure victims.

Tailgating:

Following someone through secure areas.

Discovery:

• Vulnerability scanning
• Security assessments
• Penetration testing

Assessment:

• Risk scoring (CVSS)
• Business impact analysis
• Asset prioritization

Remediation:

• Patching
• Configuration changes
• Compensating controls

Preventive Controls:

Firewalls, antivirus, access controls, encryption

Detective Controls:

IDS/IPS, SIEM, log monitoring, honeypots

Corrective Controls:

Backup systems, incident response procedures

Deterrent Controls:

Policies, awareness training, security guards

Network Segmentation:

• VLANs (Virtual LANs)
• DMZ (Demilitarized Zone)
• Air gaps
• Microsegmentation

Network Security Components:

• Firewalls (Next-Generation)
• Network Access Control (NAC)
• Intrusion Detection/Prevention
• Network monitoring

Deployment Models:

• Public cloud (AWS, Azure, GCP)
• Private cloud
• Hybrid cloud
• Multi-cloud

Service Models:

• IaaS (Infrastructure as a Service)
• PaaS (Platform as a Service)
• SaaS (Software as a Service)

Shared Responsibility Model:

Cloud provider vs customer security responsibilities vary by service model.

Defense in Depth:

Multiple layers of security controls throughout the system.

Fail Secure:

Systems should fail in a secure state rather than an open state.

Least Privilege:

Users and processes should have minimum necessary access.

Separation of Duties:

Critical tasks should require multiple people to complete.

Economy of Mechanism:

Security mechanisms should be as simple as possible.

ICS Components:

• SCADA systems
• PLC (Programmable Logic Controllers)
• HMI (Human Machine Interface)
• Field devices

ICS Security Challenges:

• Legacy systems
• Safety considerations
• Real-time requirements
• Network connectivity

Network Protocols:

• IPSec (VPN security)
• TLS/SSL (web security)
• SSH (secure shell)
• S/MIME (email security)

Authentication Protocols:

• Kerberos
• SAML
• OAuth 2.0
• RADIUS/TACACS+

SIEM Components:

• Log collection and aggregation
• Event correlation and analysis
• Alert generation and management
• Compliance reporting

Log Sources:

• Firewalls and network devices
• Operating systems
• Applications
• Databases
• Authentication systems

Security Analytics:

• User and Entity Behavior Analytics (UEBA)
• Network traffic analysis
• Endpoint detection and response (EDR)

Incident Response Lifecycle:

• Preparation
• Detection and Analysis
• Containment, Eradication, and Recovery
• Post-Incident Activity

IR Team Structure:

• CSIRT (Computer Security Incident Response Team)
• Roles and responsibilities
• Communication plans

Evidence Handling:

• Chain of custody
• Digital forensics
• Legal considerations

Vulnerability Assessment:

• Authenticated vs unauthenticated scans
• Credentialed assessments
• Web application scanning
• API security testing

Remediation Strategies:

• Patch management
• Configuration hardening
• Compensating controls
• Risk acceptance

Vulnerability Prioritization:

• CVSS scoring
• Asset criticality
• Threat intelligence

Patch Management Process:

• Identification and prioritization
• Testing in controlled environment
• Deployment planning
• Verification and monitoring

Patch Strategies:

• Emergency patching
• Scheduled maintenance windows
• Phased rollouts
• Automated patching

Considerations:

• System availability
• Compatibility testing
• Rollback procedures

Change Control Process:

• Change request
• Impact assessment
• Approval workflow
• Implementation
• Verification and documentation

Change Types:

• Emergency changes
• Standard changes
• Normal changes

Governance Structure:

• CISO (Chief Information Security Officer)
• Security steering committee
• Risk management committee
• Security awareness team

Policy Framework:

• Enterprise security policy
• Issue-specific policies
• System-specific policies
• Procedures and guidelines

Standards and Frameworks:

• ISO 27001/27002
• NIST Cybersecurity Framework
• COSO
• CobIT

Risk Assessment Process:

• Asset identification and valuation
• Threat modeling
• Vulnerability assessment
• Impact analysis
• Risk calculation

Risk Response Strategies:

• Risk mitigation
• Risk acceptance
• Risk transference
• Risk avoidance

Risk Frameworks:

• FAIR (Factor Analysis of Information Risk)
• STRIDE
• PASTA

Regulatory Frameworks:

• GDPR (General Data Protection Regulation)
• HIPAA (Health Insurance Portability and Accountability Act)
• PCI DSS (Payment Card Industry Data Security Standard)
• SOX (Sarbanes-Oxley Act)

Compliance Monitoring:

• Internal audits
• External audits
• Continuous monitoring
• Remediation tracking

Privacy Considerations:

• Data classification
• Consent management
• Data retention policies
• Right to be forgotten

Training Programs:

• Security awareness training
• Phishing simulation
• Role-based training
• Executive briefings

Training Content:

• Password security
• Social engineering awareness
• Data handling procedures
• Incident reporting

Metrics and Effectiveness:

• Training completion rates
• Phishing click rates
• Security incident trends

Vendor Assessment:

• Security questionnaires
• Penetration testing requirements
• Security certifications
• Financial stability assessment

Contractual Requirements:

• Service level agreements (SLAs)
• Data protection clauses
• Breach notification requirements
• Audit rights

Ongoing Monitoring:

• Performance monitoring
• Security incident reporting
• Periodic reassessment