Cyber Security

Certified Information Systems Security Professional (CISSP) security domains

National Institute of Standards and Technology (NIST) frameworks

Eight Courses:

Foundations of Cybersecurity

Play It Safe: Manage Security Risks

Connect and Protect: Networks and Network Security

Tools of the Trade: Linux and SQL

Assets, Threats, and Vulnerabilities

Sound the Alarm: Detection and Response

Automate Cybersecurity Tasks with Python

Put It to Work: Prepare for Cybersecurity Jobs

What to Expect Headings:

Module 1: Welcome to the exciting world of cybersecurity

Module 2: The evolution of cybersecurity

Module 3: Protect against threats, risks, and vulnerabilities

Module 4: Cybersecurity tools and programming languages

Completion of all courses and passing graded quizzes is required for obtaining the Google Cybersecurity Certificate.

Best practices for successful learning include time planning, working at a personalized pace, curiosity, note-taking, reviewing exemplars, engaging in discussion forums, and updating one's profile.

Required software tools include Microsoft Word, Google Docs, Microsoft Excel, Google Sheets, Microsoft PowerPoint, Google Slides, and guidelines for Qwiklabs activities.

Glossaries for modules, courses, and the certificate program help review and understand key terms.

Feedback can be provided on course materials via thumbs-up, thumbs-down, and flagging specific issues.

Cybersecurity, or security, is the practice of ensuring confidentiality, integrity, and availability of information by protecting networks, devices, people, and data from unauthorized access or criminal exploitation.

After completing this certificate program, here are some job titles you may want to search for: Security analyst or specialist, Cybersecurity analyst or specialist, Security operation center or SOC analyst, Information security analyst.

Benefits of security

. Protects against external and internal threats

• follows all the rules, laws, and standards set by authorities or industry bodies

• Maintains and improves business productivity

• Reduces expenses

SQL is a programming language

Security analyst responsibilities

• Protecting computer and network systems

• Installing prevention software

• Conducting periodic security audits( It's like a routine check to keep everything secure and working well.)

Security analysts monitor and protect information and systems

A security audit is like a check-up for a company's or an organization's digital security measures. It involves a thorough examination of their systems, processes, and policies to ensure they're following best practices and meeting security standards. This audit helps identify vulnerabilities, potential risks, or areas where security measures could be improved. It's a way to assess and enhance the overall security posture of an entity. Think of it as a detailed inspection to make sure everything is as secure as possible. 

Primary responsibilities include protecting computer and network systems, conducting prevention measures, and performing periodic security audits

They collaborate with IT teams, contribute to software and hardware development, and engage in penetration testing or ethical hacking

The tasks of security analysts are vital for organizations, ensuring the safety of their data and those they serve

A playbook is a list of how to go through a certain detection, and what the analyst needs to look at in order to investigate those incidents.

Operations(entry-level cybersecurity analyst): Responding to detections and doing investigations

 Projects(entry-level cybersecurity engineer): Working with other teams to build new detections or improve the current detections

An entry-level cybersecurity analyst focuses on operations, while an engineer not only handles operations but also creates and works on new security systems and projects.

One part of the job is about dealing with immediate problems like finding and fixing security issues as they happen. The other part involves working with different teams to create new ways to spot these problems early or make the current ways better. It's like handling today's issues while also planning for tomorrow's safety.

 A playbook is a list of how to go through a certain detection, and what the analyst needs to look at in order to investigate those incidents

"Terminology" refers to the specific words or vocabulary used in a particular field or subject

When data or systems have integrity, it means they haven't been tampered with, modified, or corrupted in an unauthorized manner

A breach in cybersecurity is an unauthorized access or compromise of sensitive data or systems.

Security analyst's main job is to watch over computer networks to spot any unauthorized access or breaches in security.

"Mitigate" means to reduce, or make something less severe or harmful. In cybersecurity, it refers to taking actions or implementing measures to minimize the impact or severity of potential risks, threats, or vulnerabilities

Integrity in the context of cybersecurity refers to the quality of data or systems being trustworthy, accurate, and reliable

"Adhering" means to stick to, follow, or comply with a set of rules, guidelines, or standards. In the context of cybersecurity or any other field, adhering refers to consistently following or maintaining compliance with established rules or protocols to ensure that certain requirements or standards are met. 

- **Security Framework: Think of it like a guidebook. A security framework gives securty analyst or organizaton a plan, a set of rules, and best practices to follow in cybersecurity. It helps you organize and set up your security measures.

- **Security Posture:This is like your overall security status. It's how good your security measures are right now. A strong security posture means you're well-protected, while a weak one means there might be vulnerabilities.

- **Security Control: Controls are like the specific actions or tools you use to secure things. They're the locks on your doors or the alarms on your windows—practical steps to keep things safe according to the plan in your security framework.

An external vendor in the context of cybersecurity refers to a third-party company or entity that is not part of the organization but provides products, services, or expertise

The term "organization's network infrastructure" refers to the entire framework or setup of interconnected devices, equipment, and systems that facilitate communication and data exchange within an organization. It includes all the hardware (like routers, switches, servers, and cables) and software (such as firewalls, operating systems, and networking protocols) that enable devices within the organization to connect and share information

Remote servers are powerful computers located in data centers, often far away from where you are. They store data, run applications, or provide services that users can access over the internet. These servers handle tasks like storing website information, running cloud-based software, or managing data for various online services. When you use services like cloud storage or web applications, you're typically using these remote servers to access and manage your data or perform tasks. 🖥️🌐

In this context, "assets" refer to the digital resources or information that you store in the cloud, such as data, applications, or files. "Cloud" refers to remote servers and services accessed over the internet. So, "cloud security" is about making sure that the digital stuff (assets) you store in remote servers (cloud) is set up correctly and protected from unauthorized access or other security risks. 

Key cybersecurity terms and concepts

Compliance is the process of adhering to internal standards and external regulations and enables organizations to avoid fines and security breaches.

Security frameworks are guidelines used for building plans to help mitigate risks and threats to data and privacy.

Security controls are safeguards designed to reduce specific security risks. They are used with security frameworks to establish a strong security posture.

Security posture is an organization’s ability to manage its defense of critical assets and data and react to change. A strong security posture leads to lower risk for the organization.

A threat actor, or malicious attacker, is any person or group who presents a security risk. This risk can relate to computers, applications, networks, and data.

An internal threat can be a current or former employee, an external vendor, or a trusted partner who poses a security risk. At times, an internal threat is accidental. For example, an employee who accidentally clicks on a malicious email link would be considered an accidental threat. Other times, the internal threat actor intentionally engages in risky activities, such as unauthorized data access.

Network security is the practice of keeping an organization's network infrastructure secure from unauthorized access. This includes data, services, systems, and devices that are stored in an organization’s network.

Cloud security is the process of ensuring that assets stored in the cloud are properly configured, or set up correctly, and access to those assets is limited to authorized users. The cloud is a network made up of a collection of servers or computers that store resources and data in remote physical locations known as data centers that can be accessed via the internet. Cloud security is a growing subfield of cybersecurity that specifically focuses on the protection of data, applications, and infrastructure in the cloud.

Programming is a process that can be used to create a specific set of instructions for a computer to execute tasks. These tasks can include:

Automation of repetitive tasks (e.g., searching a list of malicious domains)

Reviewing web traffic 

Alerting suspicious activity

Perspectives are like different lenses through which people see and understand the world around them. 

A diverse background refers to having a variety of different experiences, perspectives, cultures, or characteristics. 

Transferable skills are skills from other areas that can apply to different careers.

Technical skills may apply to several professions as well. However, at times they may require knowledge of specific tools, procedures, and policies.

Security analyst transferable skills:

Communication

Collaboration

Analysis(The skill of analysis for a security analyst involves the ability to break down complex information, identify patterns or anomalies, and draw meaningful conclusions from data)

Problem solving

Security analyst technical skills:

Programming languages

Security information and event management (SIEM) tools: (These tools organize all that info and look for any weird or suspicious stuff, kind of like a detective. When they find something odd, they let the security team know so they can check it out and keep everything safe from cyber bad guys)

Computer forensics(Computer forensics is like being a detective for computers. It's all about investigating digital stuff to solve cyber mysteries. Just like detectives collect evidence at a crime scene, computer forensic experts gather digital evidence from computers, phones, or any tech gadgets.)

Someone without a technical background can 100% be successful in cybersecurity.

A heightened sense of urgency means feeling a stronger or more intense need to act quickly or promptly in a situation. It's that feeling of being more alert or focused because you know time is of the essence and action needs to be taken swiftly.

"Evolving" means changing or developing gradually over time

Willingness is when you're happy and ready to do something without any feeling of not wanting to do it. It's like being excited and saying, "Yes, I can do that!" 

"Diverse perspectives" means having different points of view or ways of thinking that come from various backgrounds, experiences, or cultures. It's like looking at something from many different angles or having a variety of opinions and ideas about the same topic. Having diverse perspectives enriches discussions and problem-solving because it brings in unique insights and understandings. 

Think of IDS as a guard watching for specific bad guys trying to sneak into your house. When it spots one, it yells, "Hey, intruder!" SIEM is like having many guards all over your neighborhood, watching not just for intruders but also for any unusual activity, like strange cars or suspicious people, and they all share what they see to keep everyone safe. IDS focuses on spotting specific bad things, while SIEM looks at the bigger picture of security. 

"Emerge" means to come out, appear, or become visible or known.

Incident response is like having a plan for when something unexpected or bad happens in the digital world. It's about quickly and effectively dealing with cybersecurity incidents, like a cyber attack or a data breach. 

It involves:

1. **Detection**: Noticing when something unusual or suspicious is happening.

2. **Response**: Acting fast to contain the problem and minimize damage.

3. **Recovery**: Fixing things and getting back to normal as quickly as possible.

Think of it as having a fire drill - you practice what to do if there's a fire, so if it happens, everyone knows how to respond. In the digital world, incident response is the plan to handle cybersecurity emergencies. 

Transferable skills

You have probably developed many transferable skills through life experiences; some of those skills will help you thrive as a cybersecurity professional. These include:

Communication: As a cybersecurity analyst, you will need to communicate and collaborate with others. Understanding others’ questions or concerns and communicating information clearly to individuals with technical and non-technical knowledge will help you mitigate security issues quickly. 

Problem-solving: One of your main tasks as a cybersecurity analyst will be to proactively identify and solve problems. You can do this by recognizing attack patterns, then determining the most efficient solution to minimize risk. Don't be afraid to take risks, and try new things. Also, understand that it's rare to find a perfect solution to a problem. You’ll likely need to compromise.

Time management: Having a heightened sense of urgency and prioritizing tasks appropriately is essential in the cybersecurity field. So, effective time management will help you minimize potential damage and risk to critical assets and data. Additionally, it will be important to prioritize tasks and stay focused on the most urgent issue.

Growth mindset: This is an evolving industry, so an important transferable skill is a willingness to learn. Technology moves fast, and that's a great thing! It doesn't mean you will need to learn it all, but it does mean that you’ll need to continue to learn throughout your career. Fortunately, you will be able to apply much of what you learn in this program to your ongoing professional development.

Diverse perspectives: The only way to go far is together. By having respect for each other and encouraging diverse perspectives and mutual respect, you’ll undoubtedly find multiple and better solutions to security problems. 

Technical skills

There are many technical skills that will help you be successful in the cybersecurity field. You’ll learn and practice these skills as you progress through the certificate program. Some of the tools and concepts you’ll need to use and be able to understand include: 

Programming languages: By understanding how to use programming languages, cybersecurity analysts can automate tasks that would otherwise be very time consuming. Examples of tasks that programming can be used for include searching data to identify potential threats or organizing and analyzing information to identify patterns related to security issues. 

Security information and event management (SIEM) tools: SIEM tools collect and analyze log data, or records of events such as unusual login behavior, and support analysts’ ability to monitor critical activities in an organization. This helps cybersecurity professionals identify and analyze potential security threats, risks, and vulnerabilities more efficiently.

Intrusion detection systems (IDSs): Cybersecurity analysts use IDSs to monitor system activity and alerts for possible intrusions. It’s important to become familiar with IDSs because they’re a key tool that every organization uses to protect assets and data. For example, you might use an IDS to monitor networks for signs of malicious activity, like unauthorized access to a network.

Threat landscape knowledge: Being aware of current trends related to threat actors, malware, or threat methodologies is vital. This knowledge allows security teams to build stronger defenses against threat actor tactics and techniques. By staying up to date on attack trends and patterns, security professionals are better able to recognize when new types of threats emerge such as a new ransomware variant. 

Incident response: Cybersecurity analysts need to be able to follow established policies and procedures to respond to incidents appropriately. For example, a security analyst might receive an alert about a possible malware attack, then follow the organization’s outlined procedures to start the incident response process. This could involve conducting an investigation to identify the root issue and establishing ways to remediate it.

Personally Identifiable Information (PII) includes:

Full Name

Address (Home, Work)

Phone Numbers (Mobile, Home, Work)

Email Address

Social Security Number

Driver's License Number

Passport Number

Date of Birth

Biometric Data (Fingerprints, Retina Scans)

IP Address

Vehicle Registration Plate Number

Personal Financial Information (Bank Account Numbers, Credit Card Numbers)

Usernames and Passwords

Any Other Data That Could Directly Identify an Individual

Sensitive Personally Identifiable Information (SPII) includes all of the above PII plus:

Social Security Numbers

Driver's License Numbers

Passport Numbers

Financial Account Information (Bank Account Numbers, Credit/Debit Card Numbers)

Medical Records or Information

Health Insurance Information

Biometric Data (Fingerprints, Retina Scans)

Information Regarding Minors (Underage Individuals)

Personally identifiable information, known as PII, is any information used to infer an individual's identity. PII includes someone's full name, date of birth, physical address, phone number, email address, internet protocol, or IP address and similar information.

Sensitive personally identifiable information, known as SPII, is a specific type of PII that falls under stricter handling guidelines and may include social security numbers, medical or financial information, and biometric data, such as facial recognition. If SPII is stolen, this has the potential to be significantly more damaging to an individual than if PII is stolen.

PII and SPII data are key assets that a threat actor will look for if an organization experiences a breach. When a person's identifiable information is compromised, leaked, or stolen, identity theft is the primary concern."concern" means something that makes you worried or uneasy about the security of your digital information.

Legal implications are the things you must follow by law, like rules or regulations. If you break these rules, there can be consequences, like fines or even getting in trouble with the law.

Moral considerations are about what's right or wrong, good or bad. It's like your inner compass guiding you to make decisions based on what you believe is fair or ethical. It's about doing what feels right and treating others how you'd want to be treated.

An infographic in cybersecurity is like a picture that shows important information or tips about staying safe online.

Reporting findings in cybersecurity means telling others about what you discovered during a security check or investigation.

A periodic security audit in cybersecurity means regularly checking and reviewing the safety of a computer system or network