Perfect! Let’s study smart.

We can go topic by topic with quick summaries, then I’ll ask you
some practice questions to test your understanding. If anything feels unclear, we can revisit it.
Ready? Here's a simple plan we can follow based on your notes:

✅ Study Plan Overview:

1. Information Systems Security Basics

2. CIA Triad (Confidentiality, Integrity, Availability)
3. Security Objectives & Key Concepts
4. Standardization Bodies & Security Standards
5. Effects of Cyberattacks
6. Duties of an Information Systems Security Officer
7. Disaster Recovery (DR) & DR Planning
8. Incident Response vs Disaster Recovery
9. Case Studies of Major Data Breaches
10. Common Vulnerabilities (Exercise Section)

Let’s start with Topic 1: Information Systems Security Basics

🔐

🔹 What is an Information System?

Defined by U.S. Code 44 § 3502:

“A discrete set of information resources organized for the collection, processing, maintenance,
use, sharing, dissemination, or disposition of information.”

🔹 Why is Information Security Important?

 Protects sensitive data (personal, financial, corporate).

 Maintains business continuity.
 Preserves customer trust.
 Prevents financial losses.
 Ensures compliance with regulations (e.g., GDPR, HIPAA).

✅ Quick Check — Answer these:

 1. What are two key reasons why organizations need information security?
2. True or False: Information systems security is only relevant to IT companies.
3. What does the U.S. Code 44 define an information system as?

Let me know your answers, and once you're done, we’ll go to Topic 2: CIA Triad. Want to
continue like this?

Great! Let’s move to:

✅ Topic 2: The CIA Triad

The CIA Triad is the foundation of information security:

🔹 1. Confidentiality

 Ensures only authorized users can access information.

 Protects against unauthorized disclosure.
 Techniques: Encryption, Access Control, MFA, Data Classification.

✅ Think: “Keeping secrets safe”

🔹 2. Integrity

 Ensures data accuracy, consistency, and trustworthiness.

 Prevents unauthorized or accidental changes to data.
 Techniques: Checksums, Digital Signatures, Version Control.

✅ Think: “No tampering with the data”

🔹 3. Availability

 Ensures data is accessible when needed by authorized users.

 Prevents downtime and ensures system reliability.
 Techniques: Backups, Redundancy, Load Balancers, DR Plans.

✅ Think: “Always online”

⚡ Quick Quiz:

1. What part of the CIA Triad protects against hackers modifying data?
2. Which part is about ensuring services are always running?
3. Which part uses encryption and access controls?

Ready to move to Topic 3: Security Objectives & Key Concepts, or want to answer the quiz
first?

Awesome! Let’s dive into:

✅ Topic 3: Security Objectives & Key Concepts

These expand on the CIA Triad and add more layers to information security.

🔹 Non-Repudiation

 Ensures that a sender cannot deny having sent a message.

 Often enforced using digital signatures and logs.
 Helps in legal accountability and forensics.

✅ Think: “You can’t deny what you did”

🔹 Accountability

 Ensures every action in a system can be traced back to an individual.

 Involves audit trails, logs, and user tracking.
 Critical for detecting insider threats and policy violations.

✅ Think: “Track who did what, when”

🔹 Identification

 Who are you? – User states their identity (e.g., username).

🔹 Authentication

 Prove it! – System verifies identity (e.g., password, biometric).

🔐 Examples:
Concept Real-Life Example

Non-repudiation Signed email cannot be denied later

Accountability Logs show John accessed a file at 3:00 PM

Identification Typing your username into a system

Authentication Entering your password or scanning fingerprint

🧠 Quick Recap:

 CIA = Confidentiality, Integrity, Availability

 Non-repudiation = Can’t deny actions
 Accountability = Actions are traceable
 Identification & Authentication = Who are you, and can you prove it?

Let’s move on to Topic 4: Case Studies of Major Data Breaches, or would you like a quick
quiz on this section first?

Great! Let’s break it down into digestible study points for your revision. Here’s a summarized
and structured version to help you revise quickly:

✅ Standardization Bodies & Key Standards

Body Key Standards Importance

ISO ISO/IEC 27001, 27002, 27701 Global security management standards
NIST CSF, SP 800-53, 800-171 U.S. government and private sector security controls
IEEE 802.1X, 802.11, 1619 Network access and wireless security
IETF TLS, IPSec, RFC 2196 Internet security protocols
 Body Key Standards Importance
PCI SSC PCI DSS, PTS, SSF Payment data and financial transaction security

🔐 Elements of Information Security

1. Supports organization’s mission

2. Integrated with management
3. Risk-based approach
4. Defined roles/responsibilities
5. Responsibilities extend externally
6. Comprehensive approach
7. Regular assessment
8. Considers societal/cultural constraints

⚠️Effects of Successful Cyberattacks

 Data corruption/loss
 Privacy loss, theft of trade secrets
 Adverse publicity & loss of trust
 Business downtime & reduced productivity
 Financial losses, litigation
 Identity theft, fraud
 Slow/unavailable systems, defaced websites

👤 Typical Duties of a Security Officer

 Design & monitor IT security systems

 Investigate incidents & document impact
 Perform audits, penetration testing
 Train staff on security best practices
 Recommend enhancements, stay updated
 Install/update security tools like firewalls & antivirus

🎓 Requirements & Skills

Qualifications:

 Bachelor’s in CS, IT, or related field

 5-10 years of experience
  Preferred certs: CISSO, CISSP, CISM

Skills:

 Technical (OS, software, tools)

 Communication (clear reporting, teamwork)
 Analytical (threat detection, impact analysis)
 Problem-solving (incident response)
 Leadership (team coordination & mentorship)

🧾 Top Certifications

 CISSP – Certified Information Systems Security Professional

 CISM – Certified Information Security Manager
 CISSO – Certified Information Systems Security Officer

🧪 Exercise (Common Vulnerabilities)

Research known vulnerabilities for:

 Operating Systems: Windows 7, Android, iOS, CentOS 7

 Servers: Apache, Microsoft IIS, SharePoint
 Languages: PHP
 Databases: MySQL
 Protocols/Tech: TCP/IP, Wi-Fi
 Browsers: Firefox, Chrome

🧠 Tip: Use sites like CVE Details or NIST’s NVD to check vulnerability databases.

Want me to quiz you next or help you create flashcards?

Awesome! Here's a clean and structured breakdown of your notes on Threats, Vulnerabilities,
and Cybercrime to help you review for your exam:

🔐 Key Security Concepts

✅ Definitions
 Term Definition

A weakness in a system that can be exploited (e.g., unpatched OS, weak

Vulnerability
passwords, open ports).

Threat Potential danger related to exploiting a vulnerability.

The entity (person, software, or system) that exploits a vulnerability (e.g.,

Threat Agent
intruder, malware, careless employee).

Risk Likelihood of a threat exploiting a vulnerability + potential business impact.

The state of being subject to potential loss (e.g., weak password policy exposes
Exposure
users to compromise).

Control Any action, device, or procedure that reduces risk (e.g., firewalls, encryption,
(Countermeasure) access controls).

🛡 Types of Controls

1. By Nature

Type Description Examples

Security policies, background checks, awareness

Administrative "Soft" management controls
training

Technical (Logical) Hardware/software-based Firewalls, antivirus, access control, encryption

Physical Physical barriers Guards, locks, CCTV, fences

2. By Functionality

Function Purpose Examples

Preventive Stop incidents before they occur Passwords, encryption, access control

Detective Identify/monitor incidents IDS, CCTV, audit logs

Corrective Fix issues after they happen System patches, reloading backups

Deterrent Discourage attackers Warning signs, security cameras

Recovery Restore systems Backups, disaster recovery plans

Compensating Alternatives for primary controls Manual checks when automation fails
🧱 Defense in Depth

A layered security strategy using multiple controls across physical and technical layers.

Example:

Physical Layers:

 Fence → Locked doors → CCTV → Guard → Locked server room → Cable locks

Technical Layers:

 Firewall → IDS/IPS → Antimalware → Access Control → Encryption

🔑 Rule: More sensitive the asset, more layers are needed.

🎯 Cyber Threat Actors ("Enemies")

Actor Motivation

Crackers Intellectual challenge (often teenagers)

Cybercriminals Fraud, identity theft, financial gain

Vandals Cause damage out of anger or revenge

Nation-states Espionage, cyberwarfare

Hacktivists Social/political causes

Insiders Disgruntled employees or careless staff

💰 Motives of Cybercriminals

1. Financial Gain

 Phishing, ransomware, credit card fraud

 Crypto theft, fake online stores, BEC

2. Espionage

 Corporate: Trade secrets

 Government: Surveillance, critical infrastructure
 Political: Influence elections
3. Disruption/Destruction

 Hacktivism, sabotage, cyberwarfare

4. Personal Revenge

 Targeted attacks, doxing

5. Psychological Gratification

 Thrill, notoriety in hacker communities

6. Ideological/Religious

 Attacks based on belief systems

7. Data Exploitation

 Identity theft, dark web sales, blackmail

8. Service-for-Hire

 Malware-as-a-Service, contract hacking

9. Vulnerability Exploitation

 Curiosity, skill-testing, zero-day sales

10. Cyberterrorism

 Instilling fear or causing national disruption

11. Social Engineering

 Misinformation, psychological manipulation

12. Competitive Advantage

 Disrupting competitors, insider trading

Let me know if you'd like:

 Flashcards
  A quiz based on this content
 Quick recall sheets
 Mind maps/diagrams
 Mnemonics for memorization

We can go topic by topic if you'd like to revise in sessions. Just say the word!

Perfect! Just like before, I’ll summarize the major points from your detailed notes into a
structured, simplified exam-ready study guide for easy revision.

✅ Risk Formula

 Risk = Threats × Vulnerabilities

🔥 Components of a Threat

Component Description Examples / Notes

Source of threat (who initiates
1. Threat Actor Hackers, insiders, nation-states, bots
it)
Method used to carry out the
2. Threat Vector Phishing, malware, social engineering
attack
3. Threat Target What is being attacked Data, systems, networks, reputation
4. Threat Motivation Reason behind the attack Financial gain, revenge, politics
Skills and resources of the
5. Threat Capability Script kiddies vs. nation-state APTs
attacker
Damage caused if attack
6. Threat Impact Financial loss, data breach, legal issues
succeeds
Probability that the threat Depends on motivation, controls, and
7. Threat Likelihood
occurs target value
Unusual traffic, system crashes, IDS
8. Threat Indicators Signs an attack is happening
alerts
9. Threat External context affecting the
Geopolitics, industry trends, new tech
Environment threat
10. Threat
How the threat is reduced Firewalls, monitoring, response plans
Mitigation

👤 Types of Threat Agents

Type Description
1. Human Insiders, hackers, competitors, social engineers, terrorists
 Type Description
2. Technological Malware, bots, system bugs
3. Natural/Environmental Earthquakes, floods, power outages, pandemics
4. Supply Chain Untrusted vendors, counterfeit products

🛢️Top 10 Database Security Threats

1. SQL Injection (SQLi) – Injecting malicious SQL commands

2. Weak Authentication – Poor access controls, weak passwords
3. Insider Threats – Misuse of database privileges
4. Malware/Ransomware – Encrypted or stolen data
5. Unpatched Software – Exploited outdated versions
6. Unencrypted Data – Data exposed during storage or transmission
7. Denial-of-Service (DoS) – Flooding database with traffic
8. Backup Exposure – Unsecured or public backups
9. Privilege Escalation – Gaining higher privileges illegally
10. Third-Party Risks – Weak vendor security practices

🌐 Ten Web Threats

1. SQL Injection – Unauthorized DB access via form inputs

2. XSS (Cross-Site Scripting) – Malicious script injection
3. CSRF (Cross-Site Request Forgery) – Forcing user to perform actions
4. Broken Authentication – Session hijacking or weak login
5. Security Misconfigurations – Default settings, outdated software
6. DDoS Attacks – Overwhelming servers with traffic
7. IDOR – Unauthorized data access via URL manipulation
8. API Vulnerabilities – Poorly secured APIs
9. Phishing & Social Engineering – Credential theft through deception
10. Zero-Day Exploits – Attacks using unknown vulnerabilities

🧨 Major Security Threats to Information Systems

1. Malware – Ransomware, viruses, trojans

2. Phishing & Social Engineering – Deception to gain sensitive data
3. Insider Threats – Employees or contractors misusing access
4. SQLi & Web Attacks – Exploiting DB/web weaknesses
5. DoS & DDoS – Service disruption
6. Data Breaches – Unauthorized data access or leaks
7. Weak Authentication – Poor passwords, reuse
8. Cloud Security Risks – Misconfigured storage/APIs
 9. IoT Vulnerabilities – Poorly secured smart devices
10. Supply Chain Risks – Vendor weaknesses impacting system

🕳️Types of Vulnerabilities

Type Description & Examples Mitigation

1. Software Buffer overflow, unpatched software Updates, secure coding
2. Network Open ports, weak encryption, MITM attacks Firewalls, VPNs, IDS
Outdated firmware, Spectre/Meltdown, physical Firmware updates,
3. Hardware
access biometric locks
4. Human Phishing, weak passwords, accidental leaks Awareness training, MFA
5. Physical Surveillance, secure storage,
Server room access, device theft, disasters
Security backups
Default passwords, over-permissioned users,
6. Configuration Access control, audits
exposed cloud buckets
AES-256, proper key
7. Cryptographic Weak algorithms, hardcoded keys
rotation
8. Web
SQLi, XSS, CSRF Input validation, WAFs
Application
Public storage buckets, weak API auth, lack of
9. Cloud Encryption, access controls
visibility
Default passwords, outdated firmware, plaintext Segmentation, firmware
10. IoT
comms updates

Would you like this in a printable one-pager or flashcard format next?

Here is a comprehensive analysis of five major cybersecurity incidents, focusing on their threats,
vulnerabilities, attack methods, impacts, and organizational responses:

1. Equifax Data Breach (2017)

a) Threats and Vulnerabilities

 Unpatched Software: Attackers exploited a known vulnerability (CVE-2017-5638) in

Apache Struts, which Equifax failed to patch promptly.
 Poor Security Practices: Sensitive data, including credentials, were stored in plaintext,
and inadequate network segmentation facilitated unauthorized access.
citeturn0news59

b) How the Attack Happened

Hackers exploited the Apache Struts vulnerability to gain access to Equifax's systems. They
conducted extensive reconnaissance to understand the database structure, then exfiltrated data by
storing it in temporary files, compressing it, and transferring it through encrypted channels to
avoid detection. citeturn0news59

c) Impact

 Data Compromised: Personal information of approximately 147.9 million Americans,

including Social Security numbers, birth dates, and addresses, was exposed.
 Financial and Legal Repercussions: Equifax faced lawsuits, regulatory investigations,
and a significant loss of consumer trust. citeturn0search10

d) Organizational Response

 Public Disclosure: Equifax delayed public disclosure of the breach, leading to criticism.
 Remediation Efforts: The company offered free credit monitoring services to affected
individuals and overhauled its security infrastructure. citeturn0news58

2. WannaCry Ransomware Attack (2017)

a) Threats and Vulnerabilities

 Exploited Vulnerability: The attack leveraged the EternalBlue exploit, targeting a

vulnerability in Microsoft's SMB protocol.
 Outdated Systems: Many affected systems were running outdated Windows versions
without the necessary security patches. citeturn0search11

b) How the Attack Happened

WannaCry spread rapidly across networks by exploiting the SMB vulnerability, encrypting files
on infected machines and demanding ransom payments in Bitcoin for decryption keys.
citeturn0search1

c) Impact

 Global Disruption: Over 200,000 computers across 150 countries were affected,
disrupting operations in healthcare, transportation, and other sectors.
 Financial Losses: The attack caused estimated damages ranging from hundreds of
millions to billions of dollars. citeturn0search11

d) Organizational Response

 Emergency Patches: Microsoft released emergency patches for unsupported Windows

versions.
  Kill Switch Activation: A security researcher inadvertently activated a kill switch that
halted the spread of the ransomware. citeturn0news57

3. Target Data Breach (2013)

a) Threats and Vulnerabilities

 Third-Party Access: Attackers gained access through credentials stolen from a third-
party HVAC vendor.
 Network Segmentation Failures: Lack of proper network segmentation allowed
attackers to move laterally to sensitive systems. citeturn0search12

b) How the Attack Happened

Using the stolen credentials, attackers infiltrated Target's network and installed malware on
point-of-sale (POS) systems, capturing credit card data during transactions.
citeturn0search7

c) Impact

 Data Compromised: Information of approximately 40 million credit and debit card

accounts and 70 million customer records were stolen.
 Financial and Reputational Damage: Target faced significant financial losses, legal
actions, and a damaged reputation. citeturn0search2

d) Organizational Response

 Security Enhancements: Target implemented advanced security measures, including

enhanced monitoring and network segmentation.
 Leadership Changes: The company underwent executive leadership changes and
increased investment in cybersecurity. citeturn0search2

4. NotPetya Cyberattack (2017)

a) Threats and Vulnerabilities

 Exploited Tools: The attack utilized the EternalBlue exploit and other tools to spread
rapidly.
 Software Supply Chain Compromise: Attackers compromised the update mechanism
of Ukrainian accounting software, M.E.Doc. citeturn0search8

b) How the Attack Happened

NotPetya was distributed through a malicious update of M.E.Doc software. Once inside a
network, it spread using multiple techniques, including exploiting SMB vulnerabilities, and
rendered systems inoperable by encrypting the Master File Table. citeturn0search3

c) Impact

 Widespread Disruption: The attack affected numerous organizations globally, including

Maersk, Merck, and FedEx, causing operational paralysis.
 Economic Losses: Estimated damages exceeded $10 billion worldwide.
citeturn0search13

d) Organizational Response

 System Restoration: Affected organizations undertook extensive recovery efforts,

including rebuilding IT infrastructures.
 Security Overhauls: Companies enhanced their cybersecurity measures to prevent future
incidents. citeturn0search3

5. Facebook Data Breaches (2023)

a) Threats and Vulnerabilities

 Data Transfer Violations: Facebook was found to have violated GDPR regulations by
transferring user data to the U.S. without adequate protections.
citeturn0search14

b) How the Breach Happened

While not a traditional breach, the violation involved improper handling and transfer of user data
across borders, contravening data protection laws.

### Information Systems Security Frameworks and Standards

#### Definition

Frameworks and standards provide structured guidelines, best practices, and methodologies for
securing information systems.

#### Purpose
- **Protect the CIA Triad**: Ensure the confidentiality, integrity, and availability of information systems.

- **Risk Management**: Provide a systematic approach to identifying, assessing, and mitigating risks.

- **Compliance**: Ensure adherence to legal, regulatory, and industry requirements.

### Key Frameworks and Standards

- **NIST Cybersecurity Framework (CSF)**

- **ISO/IEC 27001**

- **COBIT (Control Objectives for Information and Related Technologies)**

- **PCI DSS (Payment Card Industry Data Security Standard)**

- **HIPAA (Health Insurance Portability and Accountability Act)**

---

### NIST Cybersecurity Framework (CSF)

#### Overview

The NIST CSF offers guidance on managing and reducing IT infrastructure security risks through
standards, guidelines, and practices aimed at preventing, detecting, and responding to cyber attacks.

#### Target Audience

- Particularly beneficial for small or less-regulated entities aiming to enhance security awareness.

- Less informative for larger organizations with established IT security programs.

#### Structure

The framework is voluntary and performance-based, organized into three main parts:

1. **Core**

- **Identify**: Understand cybersecurity risks, assets, and vulnerabilities.

- **Protect**: Implement safeguards for systems and data.

- **Detect**: Develop capabilities to identify cybersecurity threats.

 - **Respond**: Take action upon detecting a cybersecurity event.

- **Recover**: Restore services after a cybersecurity incident.

2. **Implementation Tiers**

- **Tier 1 (Partial)**: Limited awareness and ad-hoc processes.

- **Tier 2 (Risk Informed)**: Awareness of risks but no formal policy.

- **Tier 3 (Repeatable)**: Formal policies and organization-wide implementation.

- **Tier 4 (Adaptive)**: Continuous improvement and proactive risk management.

3. **Profiles**

- Customized to align cybersecurity objectives, risk tolerance, and resources.

#### Benefits

- **Flexibility**: Applicable to organizations of all sizes and sectors.

- **Risk-Based Approach**: Focuses on managing risks rather than mere compliance.

- **Common Language**: Standardized communication about cybersecurity risks.

- **Collaboration**: Encourages collaboration among stakeholders.

- **Continuous Improvement**: Supports ongoing assessment and adaptation.

---

### ISO/IEC 27001

#### Overview

ISO/IEC 27001 is an international standard for establishing, implementing, maintaining, and continually
improving an Information Security Management System (ISMS).

#### Key Features

- **Risk-Based Approach**: Focuses on identifying and mitigating information security risks.

- **Comprehensive Framework**: Structured for establishing and improving an ISMS.

- **Certification**: Organizations can achieve certification through accredited audits.

- **Global Recognition**: Widely adopted across various industries.

#### Core Components

1. **Clauses (1-10)**: Outline requirements for establishing and maintaining an ISMS.

2. **Annex A (Controls)**: Provides a set of 114 controls organized into 14 categories.

#### Benefits

- **Enhanced Security**: Protects sensitive information.

- **Regulatory Compliance**: Helps meet legal and regulatory requirements.

- **Customer Trust**: Demonstrates commitment to information security.

- **Risk Management**: Structured approach to identifying and mitigating risks.

---

### COBIT

#### Overview

COBIT is a framework for governing and managing enterprise IT, developed by ISACA, providing
guidelines to align IT with business goals and manage IT-related risks.

#### Key Features

- **Business-Focused**: Aligns IT goals with business objectives.

- **Comprehensive Framework**: Covers all aspects of IT governance and management.

- **Risk-Based Approach**: Helps manage IT-related risks.

- **Flexible and Adaptable**: Tailored to organizations of all sizes.

#### Core Principles

1. Meeting stakeholder needs.

2. Enabling a holistic approach.

3. Dynamic governance.

4. Tailored to enterprise needs.

5. Separating governance from management.

6. An end-to-end governance system.

#### Domains

- **Governance Domain**: Focuses on setting objectives and monitoring performance.

- **Management Domain**: Focuses on implementing and executing IT processes.

---

### HIPAA

#### Overview

HIPAA outlines legal obligations for protecting patient information in the healthcare sector, ensuring
confidentiality and security of health information.

#### Key Rules

1. **Privacy Rule**: Safeguards patients' rights to Protected Health Information (PHI).

2. **Security Rule**: Protects electronic PHI (ePHI) through national standards.

3. **Breach Notification Rule**: Guidelines for responding to data breaches.

4. **Transaction Rule**: Protects healthcare transactions.

5. **Enforcement Rule**: Establishes penalties for non-compliance.

#### Compliance Requirements

1. **Administrative Safeguards**: