Preparing exam SC – 900 – Microsoft Security, Compliance, and Identity Fundamentals – Explaining few terms related to Security – Part 1
Hi All,
Greetings for the day !!!
I am started preparing for the exam : SC – 900 : Microsoft Security, Compliance and Identity Fundamentals – so sharing the learnings as well
Microsoft exam page – Microsoft Certified: Security, Compliance, and Identity Fundamentals
Today in this article we will discuss few terms related to cybersecurity
- Cyberattack
- Cyberattack is trying to get the illegal access to any digital device to damage it
- Victim of cyberattack can be any individual, organisation, institution or government
- Purpose of Cyberattack can be
- Damage the device
- Stole important information from the device
- Stop any important processes from the device
- Expose the important information publicly
- To perform an attack, attacker can use people, computer, phone, applications, messages and system processes
- Cybercriminal
- Anyone who perform the cyberattack
- Cybercriminal can be
- A single person
- Group of people
- Any organization
- Government entity
- Cybersecurity
- Technologies, Processes to protect systems, devices, network, program, data from the cyberattacks
- Helps to reduce the risk of cyber attacks and protect against unauthorised access of systems, network, devices
- Cybersecurity allows us to achieve
- Confidentiality – Right data / content available to right people
- Integrity – Data / content is updated by only authorised people
- Availability – Data / content is available whenever required
- Threat Landscape
- An entry point for cyberattacks to perform attack and can be
- Emails
- Mobiles
- Computers
- People
- Organization network / infrastructure
- Cloud services
- Social media accounts
- An entry point for cyberattacks to perform attack and can be
- Attack Vectors
- Entry point or rout for attacker to get access the system
- These can be
- Emails – most common attack vector
- Social media accounts
- Browsers
- Removable devices – USB drives, smart cables, storage cards
- Cloud services
- Wireless network – this is also common attack vector
- Security breaches
- Any attack which get unauthorised access to devices, services, applications or networks
- Security breaches comes in following forms :
- Social engineering attacks
- Browser attacks
- Password attacks
- Data breaches
- When attacker get access or control of data
- Malware
- Software used by cybercriminals to attack or to affect the system
- This can be to stole data or to affect the processes
- Malware has two main components
- Propagation mechanism
- How the malware spread itself across one or more system
- Common propagation techniques
- Virus
- Worm
- Trojan
- Payload
- Action that malware perform on infected systems
- Types of Payload
- Ransomware
- Spyware
- Backdoors
- Botnet
- Propagation mechanism
- Mitigation Strategy
- Set of steps which organization performs to prevent cyberattacks
- Some of the mitigation strategies are
- Multifactor authentication
- Browser security
- Cybersecurity training to users
- Threat Intelligence
Thanks for reading!!! Please feel free to discuss in case any questions / suggestions / thoughts !!!
HAVE A GREAT TIME AHEAD !!! LIFE IS BEAUTIFUL 🙂
Thanks for sharing this article