Preparing exam SC – 900 – Microsoft Security, Compliance, and Identity Fundamentals – Explaining few terms related to Security – Part 1

Hi All,

Greetings for the day !!!

I am started preparing for the exam : SC – 900 : Microsoft Security, Compliance and Identity Fundamentals – so sharing the learnings as well

Microsoft exam page – Microsoft Certified: Security, Compliance, and Identity Fundamentals

Today in this article we will discuss few terms related to cybersecurity

• Cyberattack
  • Cyberattack is trying to get the illegal access to any digital device to damage it
  • Victim of cyberattack can be any individual, organisation, institution or government
  • Purpose of Cyberattack can be
    • Damage the device
    • Stole important information from the device
    • Stop any important processes from the device
    • Expose the important information publicly
  • To perform an attack, attacker can use people, computer, phone, applications, messages and system processes
• Cybercriminal
  • Anyone who perform the cyberattack
  • Cybercriminal can be
    • A single person
    • Group of people
    • Any organization
    • Government entity
• Cybersecurity
  • Technologies, Processes to protect systems, devices, network, program, data from the cyberattacks
  • Helps to reduce the risk of cyber attacks and protect against unauthorised access of systems, network, devices
  • Cybersecurity allows us to achieve
    • Confidentiality – Right data / content available to right people
    • Integrity – Data / content is updated by only authorised people
    • Availability – Data / content is available whenever required
• Threat Landscape
  • An entry point for cyberattacks to perform attack and can be
    • Emails
    • Mobiles
    • Computers
    • People
    • Organization network / infrastructure
    • Cloud services
    • Social media accounts
• Attack Vectors
  • Entry point or rout for attacker to get access the system
  • These can be
    • Emails – most common attack vector
    • Social media accounts
    • Browsers
    • Removable devices – USB drives, smart cables, storage cards
    • Cloud services
    • Wireless network – this is also common attack vector
• Security breaches
  • Any attack which get unauthorised access to devices, services, applications or networks
  • Security breaches comes in following forms :
    • Social engineering attacks
    • Browser attacks
    • Password attacks
• Data breaches
  • When attacker get access or control of data
• Malware
  • Software used by cybercriminals to attack or to affect the system
  • This can be to stole data or to affect the processes
  • Malware has two main components
    • Propagation mechanism
      • How the malware spread itself across one or more system
      • Common propagation techniques
        • Virus
        • Worm
        • Trojan
    • Payload
      • Action that malware perform on infected systems
      • Types of Payload
        • Ransomware
        • Spyware
        • Backdoors
        • Botnet
• Mitigation Strategy
  • Set of steps which organization performs to prevent cyberattacks
  • Some of the mitigation strategies are
    • Multifactor authentication
    • Browser security
    • Cybersecurity training to users
    • Threat Intelligence

Thanks for reading!!! Please feel free to discuss in case any questions / suggestions / thoughts !!!

HAVE A GREAT TIME AHEAD !!! LIFE IS BEAUTIFUL 🙂