Information Assurance (IA) refers to the steps involved in protecting information systems, like computer systems and networks. There are commonly five terms associated with the definition of information assurance (Integrity, Availability, Authentication, Confidentiality, and Nonrepudiation). This module will highlight information assurance concepts and will categorize cyber threats to build context on how the threats can be addressed.
Computer systems have evolved immensely in the past few decades, from supercomputers to mini computers, to powerful desktop computers. This module provides an overview of how computers work, how they communicate with each other, and how our use of computer resources has evolved from physical networks to investing in cloud services.
Cyber threats present a possible danger that might exploit a vulnerability to breach security and therefore cause possible harm. There are many cyber threats that should be understood. As an example, one threat discussed in this module is malicious software or malware.
Malware is designed to damage or disrupt computer operations, gather sensitive information, gain access to private computer systems, or display unwanted advertising. Typical cyber threats and the dangers associated with them will be explained. Counter measures against these threats will also be introduced to assist in implementing the protective measures used to avoid them altogether.
Secure network design requires many layers of defense. Network design is critically important to prevent and detect intrusions and most importantly to reduce the overall risk to the organization. Many different strategies can be implemented in a well-designed network. The purpose of this module is to introduce the defense in depth concept and offer a familiarization on the basics of securing the organizational network.
Network security is a term that describes the many policies and procedures that are implemented to track unauthorized access, modification, exploitation or not being able to access the network or network resources. There are a wide variety of devices that can be utilized on a network to minimize potential threats. In this module we will highlight commonly used devices used to secure the organization’s network.
A cyber threat has a constantly changing definition. With more and more devices being connected to networks and the internet each day it is imperative that we evolve our cyber threat program to match these definitions. In this module we will introduce new technologies, trends and services. We will discuss what they are and their vulnerabilities to assist in decision making for your organization.
Risk is defined as the combination of a threat and a probability assigned to that threat. Because of the varying threats owned by different organizations it is important to understand what hazards are associated with our organization and take a proactive approach in mitigating them. This module explores how to manage risk by exploring these threats and vulnerabilities, assigning priorities to them, and effectively managing a program that attempts to eliminate or reduce the risks involved.
Incident response is an organized approach used to address and manage a security breach or attack. The goal is to handle the situation in a way that limits damage and reduces recovery time and costs. A cyber incident response plan is imperative to mitigate the consequences of a security breach.
This module will discuss strategies for building a robust cyber incident response plan. Overviews include members and roles of our incident response team and how we can limit damage, retain confidence, and reduce recovery time and costs by having a comprehensive incident response plan that takes a proactive approach in preparing for an inevitable incident.
A Culture of security is the practice of minimizing the risks associated with a threat by collective effort. A comprehensive security program is an ever changing, ongoing, and engaging process in an organization’s security posture. In this module we cover elements of a successful security awareness program, training and exercises needed to design and implement a robust cybersecurity program.