Fundamentals from the Book

• Introduction to Cybersecurity
  • Cybersecurity vs. Information Security (InfoSec)
  • The NIST Cybersecurity Framework
  • Additional NIST Guidance and Documents
  • The International Organisation of Standards (ISO)
• Defining Threats, Vulnerabilities, & Exploits
  • Threat
  • Vulnerability
  • Exploit
  • Risk, Assets, Threats, & Vulnerabilities
  • Defining Threat Actors
  • Threat Intelligence
  • Viruses and Worms
  • Trojans
  • Distributing Malware
  • Ransomware
  • Covert Communication
  • Keyloggers
  • Spyware
  • Analysing Malware
  • Static Analysis
  • Dynamic Analysis
• Common Software and Hardware Vulnerabilities
  • Injection Vulnerabilities
  • SQL Injection
  • HTML Injection
  • Command Injection
  • Authentication-based Vulnerabilities
  • Cross-site Scripting
  • Cross-site Request Forgery
  • Cookie Manipulation Attacks
  • Race Conditions
  • Unprotected APIs
  • Return-to-LibC Attacks and Buffer Overflows
  • OWASP Top 10
  • Security Vulnerabilities in Open Source Software
• CIA
  • Confidentiality
  • Integrity
  • Availability
  • Denial-of-Service Attack
  • Access Control Management
• Cloud Security Threats
  • Cloud Computing Issues and Concerns
  • Cloud Computing Attacks
  • Cloud Computing Security
• IoT Security Threats
  • IoT Protocols
  • Hacking IoT Implementations
• Digital Forensics and Incident Response
  • ISO/IEC 27002:2013 and NIST Incident Response Guidance
  • Incident Definition
  • False Positives, False Negatives, True Positives, and True Negatives
  • Incident Severity Levels
  • Incident Reporting
  • Incident Response Program
  • Incident Response Plan
  • Incident Response Process
  • Simulations and Playbooks
  • Information Sharing and Coordination
  • Computer Security Incident Response Teams
  • Product Security Incident Response Teams (PSIRTs)
  • The Common Vulnerability Scoring System (CVSS)
  • National CSIRTs and Computer Emergency Response Teams (CERTs)
  • Coordination Centres
  • Key Incident Management