Post

GCPC Course 8 - Prepare for cybersecurity jobs

Posted
Preview Image
By Aske Lysgaard
2 min read
GCPC Course 8 - Prepare for cybersecurity jobs

Modul 1

Security mindset

The ability to evaluate risk and constantly seek out and identify the potential or actual breach of a system, application or data

Classifying for safety

  • Public data
    • Public data is already accessible to the public and poses a minimal risk to the organization if viewed or shared by others
  • Private data
    • Private data is information that should be kept from the public. If an individual gains unauthorized access to private data, that event has the potential to pose a serious risk to an organization
  • Sensitive data
    • This information must be protected from everyone who does not have authorized access. Unauthorized access to sensitive data can cause significant damage to an organization’s finances and reputation
  • Confidential data
    • Confidential data often has limits on the number of people who have access to it. Access to confidential data sometimes involves the signing of non-disclosure agreements (NDAs)— legal contracts that bind two or more parties to protect information—to further protect the confidentiality of the data

Customer data

  • Credit card numbers
  • Social security numbers
  • Emails
  • Usernames
  • Passwords

Modul 2

Incident escalation

The process of identifying a potential security incident, triaging it and handling it off to a more experienced team member

Essential skills to escalate security incidents

  • Attention to detail
  • Ability to follow an organizations escalation guidelines or processes

Malware infection

An incident type that occurs when malicious software designed to disrupt a system infiltrates an organization’s computer or network

Unauthorized access

An incident type that occurs when an individual gains digital or physical access to a system or application without permission

Improper usage

An incident type that occurs when an employee of an organization violates the organizations acceptable use policies

Escalation policy

A set of actions that outline who should be notified when an incident alert occurs and how that incident should be handled

Modul 3

Stakeholder

An individual or group that has an interest in the decision or activities of an organization

Stakeholders

  • Risk managers
  • Chief Executive Officer (CEO)
  • Chief Financial Officer (CFO)
  • Chief Information Security Officer (CISO)
  • Operation managers

Risk manager responsibilities

  • Identify risks
  • Manage the response to security incidents
  • Notify the legal department
  • Inform the organization’s public relations team

CEO responsibilities

  • Financial and managerial decisions
  • Report to shareholders
  • Manage operations

CFO responsibilies

  • Manage financial operations
  • Costs of tools and strategies

CISO responsibilies

  • Develop an organizations security architecture
  • Conduct risk analysis and system audits
  • Create security and business continuity plans

Operations managers responsibilies

  • Oversee security professionals
  • Work directly with analysts
  • Responible for daily maintenance of security operations

Security story details

  • What the security challenge is
  • How it impacts the organization
  • Possible solutions to the issue
  • Data

Modul 4

Security websites and blogs

  • CSO online
  • Krebs on security
  • Dark reading

Modul 5

Security analyst

  • Monitoring networks
  • Developing strategies
  • Researching IT security trends

Information security analyst

  • Creating plans
  • Implementing security measures

Security Operations (SOC) analyst

  • Ensuring security incidents are handled rapidly and efficiently
  • Following established polices and procedures
IT-sikkerhed, IT-sikkerhed/blog
This post is licensed under CC BY 4.0 by the author.