1
00:00:01,290 --> 00:00:07,980
In this section and we're going to cover some security terms they should be familiar with for the CCN

2
00:00:07,990 --> 00:00:09,770
a cyber ops exam

3
00:00:13,230 --> 00:00:17,260
threat actors are the individuals responsible for an attack.

4
00:00:17,580 --> 00:00:23,850
So an individual hacker or a group of people that attack in network would be considered to be threat

5
00:00:23,910 --> 00:00:24,610
actors.

6
00:00:27,800 --> 00:00:35,750
Run book automation is the ability to define build orchestrate manage and report on workflows that support

7
00:00:35,750 --> 00:00:38,550
system and network operational processes.

8
00:00:39,870 --> 00:00:47,100
OK so in layman's terms a run book is simply documentation for tasks that an I.T. administrator carries

9
00:00:47,100 --> 00:00:47,770
out.

10
00:00:48,120 --> 00:00:53,520
So if a server needs to be added to the network and an administrator can reference the procedure to

11
00:00:53,520 --> 00:01:01,320
do so in a run book by following a run book you can be consistent with your operations eliminate room

12
00:01:01,320 --> 00:01:09,130
for error and improve the time it takes to complete tasks to take this concept a step further.

13
00:01:09,250 --> 00:01:14,940
If Iran book is automated with software tools then processes can be even more efficient.

14
00:01:17,120 --> 00:01:24,740
A chain of custody refers to the paper trail or physical and electronic evidence in a cyber forensics

15
00:01:24,800 --> 00:01:26,820
investigation.

16
00:01:26,990 --> 00:01:33,860
If you or your company is compromised then it is important to preserve and copy evidence properly to

17
00:01:33,860 --> 00:01:35,650
maintain its integrity.

18
00:01:38,030 --> 00:01:43,790
Reverse engineering can be used to identify the details of a breach and how an attacker entered the

19
00:01:43,790 --> 00:01:45,270
system.

20
00:01:45,380 --> 00:01:52,310
Tools are available to debug disassemble and decompile data for reverse engineering things like encryption

21
00:01:52,340 --> 00:01:56,830
algorithms and malware programs.

22
00:01:56,870 --> 00:02:04,160
This can be a helpful cybersecurity technique for analyzing malware to identify its behavior and possibly

23
00:02:04,160 --> 00:02:05,570
the author of the program

24
00:02:09,250 --> 00:02:14,330
traffic anomalies are abnormal changes to the network traffic flows.

25
00:02:14,380 --> 00:02:18,660
This can be a major red flag in an enterprise network.

26
00:02:18,710 --> 00:02:25,950
Imagine that you had a web server that for years only communicated with Web protocols like HTP and HGT.

27
00:02:25,980 --> 00:02:31,850
Yes and then all of a sudden it was sending large amounts of data using S-sh.

28
00:02:31,850 --> 00:02:35,050
That would be a traffic anomaly.

29
00:02:35,110 --> 00:02:43,240
One of the main goals of cybersecurity is protecting sensitive data like personal identifiable information

30
00:02:43,720 --> 00:02:45,810
and protected health information.

31
00:02:46,700 --> 00:02:51,090
This information includes but is not limited to credit card numbers.

32
00:02:51,140 --> 00:03:00,350
Social Security numbers and medical records due to the importance of PIII and P.H. by specific government

33
00:03:00,380 --> 00:03:08,680
and Hippel regulations must be followed to secure sensitive information.

34
00:03:08,750 --> 00:03:15,830
The last security term I want to cover in this section is the principle of least privilege the principle

35
00:03:15,830 --> 00:03:22,840
of least privilege enforces differentiated access to networks meaning that users should only have access

36
00:03:23,110 --> 00:03:31,480
to the bare minimum resources that are required to perform their job duties when a network is designed.

37
00:03:31,550 --> 00:03:37,260
Groups should be defined to segment users so that Access can be regulated.

38
00:03:39,750 --> 00:03:41,040
Just like users.

39
00:03:41,100 --> 00:03:45,750
Programs should also only have the privileges needed to function.

40
00:03:45,750 --> 00:03:51,950
For example you would not want all the programs on a device to have root access.

41
00:03:52,080 --> 00:03:58,880
If you've ever heard of a device being routed or jail broken that means that all the apps have root

42
00:03:58,880 --> 00:04:03,530
access which can leave a device vulnerable to threats such as malware.