CYF - Cybersecurity Foundations (Overview)

Cybersecurity Foundations

Introduction

In this module, you will learn that since the Internet is used to send, receive, and store valuable personal information, users are at risk of having this information stolen through cyber-attacks. Cybersecurity is a field that involves several disciplines of computer science. It is valuable to learn the basics of computer science literacy no matter what field you will eventually enter.

Learning Questions

  1. Define cybersecurity.
  2. Discuss the CIA triad and authentication process.
  3. Discuss careers in cybersecurity.
  4. Discuss capstone project requirements.

Key Terms

Access Control: means permission.

Accounting: means using log files to keep a record of what has happened on the system.

Algorithm: is a step-by-step procedure or a set of rules to solve a particular problem.

Authentication: methods of proving that you are who you say you are.

Authentication Process: the steps of verifying the identity of a user, system, or application.

Availability: means we need the data to be there when we need it.

Biometrics: refers to the measurement and statistical analysis of people's unique physical and behavioral characteristics.

Birthday Attack: based on the belief that for any hashing algorithm, there is a mathematical likelihood that two different passwords will come out with the same hash.

Breach: refers to an incident where an unauthorized individual or group gains access to a system, network, or data, typically with malicious intent.

Brute Force Attack: is a trial-and-error method in which instead of exploiting vulnerabilities or using sophisticated techniques, the attacker simply attempts every possible combination until the correct one is found.

Certificate: also known as a digital certificate, public key certificate, or identity certificate, is an electronic document used to prove the ownership of a public key in public key infrastructure.

CIA Triad: stands for Confidentiality, Integrity, and Availability, and these three pillars are considered the core principles that any comprehensive information security strategy should address.

Confidentiality: means the data is not revealed to anyone except the intended users.

Credential Stuffing: is a type of cyber attack where attackers take combinations of usernames and passwords leaked from other data breaches (often available on the dark web) and use them to attempt to gain unauthorized access to user accounts on various online platforms.

Credentials: refer to the information that users, systems, or applications provide to prove their identity and gain access to a specific resource. They're the digital equivalent of a physical key or access card.

Cybersecurity: refers to the practice of protecting computer systems, networks, and data from theft, damage, unauthorized access, or disruption.

Database: is a structured collection of data that is stored and organized in such a way that it can be easily accessed, managed, and updated.

Dictionary Attack: is a type of brute force attack in which an attacker attempts to guess a password, passphrase, or encryption key by systematically trying every word from a pre-compiled list of potential passwords or phrases.

Hash Collision: occurs when two different inputs produce the same output hash value using a specific hash function.

Hashing: refers to the process of converting an input (often called a "message") into a fixed-length string of characters, which typically appears random.

Hybrid Attack: uses a combination of a dictionary database and brute force methods.

Identity Proofing: is the process of verifying the identity of a person or entity to ensure that they are who they claim to be.

Information Technology (IT): refers to the use of computers, storage devices, networking equipment, and other digital technologies to store, retrieve, transmit, and manipulate data or information.

Integrity: means ensuring that data stays in its original state and is neither changed nor damaged.

Internet of Things (IoT): refers to the network of physical objects or "things" embedded with sensors, software, and other technologies for the purpose of connecting and exchanging data with other devices and systems over the Internet.

Passphrase: is a sequence of words or other text used to control access to a computer system, program, or data.

Password: is a secret sequence of characters that is used to authenticate a user to a computer system, network, or application.

Password Spraying: takes a database of common passwords and tests each one against a large number of different accounts.

Rainbow Tables: a hacking approach idea of “pre-staging” an attack by taking an algorithm and hashing every word in the dictionaries and every possible combination of characters.

Single Sign-On (SSO): used in organizations to make it easier for users to get access to all different kinds of data.

Smart Cards: one example of “what you have” authentication, usually integrated into an employee ID card, often with a picture on the card.

Salting: refers to the practice of adding random data, known as a "salt," to an input (like a password) before hashing it; enhances the security of the hashed data.

 

[CC BY-NC-SA 4.0 Links to an external site.] UNLESS OTHERWISE NOTED | IMAGES: LICENSED AND USED ACCORDING TO TERMS OF SUBSCRIPTION - INTENDED ONLY FOR USE WITHIN LESSON.