microsoft
diff --git a/‎1.1 The CIA triad and other key concepts.md
Lines changed: 55 additions & 0 deletions b/‎1.1 The CIA triad and other key concepts.md
Lines changed: 55 additions & 0 deletions
diff --git a/‎1.2 Common cybersecurity threats.md
Lines changed: 127 additions & 0 deletions b/‎1.2 Common cybersecurity threats.md
Lines changed: 127 additions & 0 deletions
@@ -0,0 +1,55 @@
+# The CIA triad and other key concepts
+
+[![Watch the video](images/1-1_placeholder.png)](https://learn-video.azurefd.net/vod/player?id=d4c2f633-fa6a-4a3d-8d41-7a1d71189832)
+
+## Introduction
+
+In this lesson, we’ll cover:
+
+ - What is cybersecurity?
+   
+ 
+ - What is the cybersecurity CIA triad?
+
+   
+
+ - What are authenticity, nonrepudiation and privacy in the context of cybersecurity?
+
+## What is cybersecurity?
+
+Cybersecurity, also known as information security, is the practice of protecting computer systems, networks, devices, and data from digital attacks, unauthorized access, damage, or theft. The primary goal of cybersecurity is to ensure the confidentiality, integrity, and availability of digital assets and information. Cybersecurity professionals design and implement security controls to protect assets, data and information. As more and more of our lives have become digitized and online, cybersecurity has become a top concern for both private individuals and organizations.
+
+## What is the cyber security CIA triad?
+
+The cyber security triad refers to the model that incorporates the three main considerations for any cybersecurity work or designing a system/environment:
+
+### Confidentiality
+
+This is the consideration that most people would be familiar with when they think “cybersecurity”: confidentiality is the process of protecting data and information from unauthorized access attempts i.e. only people who need to see information are able to access it. Not all data is created equal though, and data is usually categorized and protected based on how much damage would occur if it were accessed by the wrong people.
+
+### Integrity
+
+Refers to protecting the accuracy and trustworthiness of data contained within environments and not allowing the data to be altered or amended by unauthorized individuals. e.g. a student amends their date of birth on their driver record at the DMV to make them older so they can get their license reprinted with an earlier date of birth to buy alcohol.
+
+### Availability
+
+This is a consideration across operational IT, but availability is also important for cybersecurity. There are specific types of attacks that target availability that security professionals must protect against (e.g. distributed denial of service – DDoS – attacks).
+
+**Cybersecurity CIA Triad**
+
+![image](/images/ciatriad.png)
+
+## What are authenticity, nonrepudiation and privacy in the context of cyber security?
+
+These are additional important concepts that relate to ensuring the security and trustworthiness of systems and data:
+
+**Authenticity** - refers to the assurance that the information, communication, or entity you are interacting with is genuine and has not been tampered with or altered by unauthorized parties.
+
+**Nonrepudiation** - is the concept of ensuring that a party cannot deny their involvement or the authenticity of a transaction or communication. It prevents someone from claiming they didn't send a message or perform a particular action when there is evidence to the contrary.
+
+**Privacy** - refers to the protection of sensitive and personally identifiable information from unauthorized access, use, disclosure, or manipulation. It involves controlling who has access to personal data and how that data is collected, stored, and shared. Privacy
+
+
+## Additional reading
+
+[What Is Information Security (InfoSec)? | Microsoft Security](https://www.microsoft.com/en-us/security/business/security-101/what-is-information-security-infosec#:~:text=Three%20pillars%20of%20information%20security%3A%20the%20CIA%20triad,as%20guiding%20principles%20for%20implementing%20an%20InfoSec%20plan.)
@@ -0,0 +1,127 @@
+# Common cybersecurity threats
+
+[![Watch the video](images/1-2_placeholder.png)](https://learn-video.azurefd.net/vod/player?id=12bdcffa-12b7-44ef-b44d-882602ca7a38)
+
+
+## Introduction
+
+In this lesson, we’ll cover:
+
+ - What is a cybersecurity threat?
+   
+   
+ - Why do malicious actors want to compromise data and IT systems?
+
+   
+   
+
+ - What are the most common types of cybersecurity threats?
+
+   
+   
+
+ - What is the MITRE ATT&CK framework?
+
+   
+   
+
+ - Where can I keep up to date with the cybersecurity threat landscape?
+
+## What is a cybersecurity threat?
+
+A cybersecurity threat refers to any potential danger or risk that has the potential to compromise the confidentiality, integrity, or availability of data or IT systems. These threats are posed by malicious actors who attempt to exploit vulnerabilities in order to gain unauthorized access, steal sensitive information, disrupt operations, or cause harm to individuals, organizations, or even entire nations. Cybersecurity threats can take various forms and target different aspects of digital systems and data.
+
+## Why do malicious actors want to compromise data and IT systems?
+
+Malicious actors compromise data and IT systems for a variety of reasons, often driven by personal gain, ideological motives, or the desire to cause disruption. Understanding these motivations can help organizations and individuals better defend against cyber threats. Some common reasons why malicious actors engage in cyberattacks include:
+
+1. **Financial Gain**: Many attacks are driven by the desire for financial profit. Malicious actors may steal sensitive information like credit card numbers, bank account details, or personal identification information to commit fraud, identity theft, hold an individual or organization to ransom or sell the stolen data on the dark web.
+
+2. **Espionage**: Nation-states, competitors, or other entities may engage in cyber espionage to steal sensitive government, corporate, or research data for political, economic, or military advantage.
+
+3. **Disruption and Sabotage**: Some attacks aim to disrupt critical infrastructure, services, or operations for political or ideological reasons. These attacks can cause widespread chaos, financial loss, and damage to reputation.
+
+4. **Ideological Motivations**: Hacktivists and groups with ideological or political motivations may compromise systems to raise awareness about certain issues, promote their beliefs, or protest against specific actions or organizations.
+
+5. **Unintentional Actions**: Not all malicious actions are deliberate; some individuals may unknowingly contribute to cyber threats by falling victim to social engineering or being part of a compromised network.
+
+Ultimately, the motivations for compromising data and IT systems can vary widely, and the impact of these attacks can be severe. It's important for individuals, organizations, and governments to take cybersecurity seriously and implement measures to protect against these threats.
+
+## What are the most common types of cybersecurity threats?
+
+There are several common types of cybersecurity attacks that malicious actors use to compromise systems, steal data, and cause disruptions. Here are some of the most prevalent types at the time of writing
+
+1. **Phishing**:
+
+Phishing involves sending deceptive emails or messages that appear to be from legitimate sources in order to trick recipients into revealing sensitive information, such as passwords, credit card numbers, or personal details. Phishing can also lead victims to malicious websites or to download malware.
+
+2. **Malware**:
+
+Malware (malicious software) encompasses a range of malicious programs designed to infect systems, steal data, or cause damage. Types of malware include:
+
+- **Ransomware**: Encrypts files and demands a ransom for decryption.
+
+- **Trojans**: Disguised as legitimate software, they give attackers unauthorized access.
+
+- **Viruses**: Self-replicating programs that attach to files and spread.
+
+- **Worms**: Self-replicating programs that spread through networks.
+
+3. **Denial of Service (DoS) and Distributed Denial of Service (DDoS)**:
+
+DoS attacks overload a target system, rendering it unavailable to users. DDoS attacks involve using a network of compromised devices to flood a target with traffic, making it difficult for the system to function properly or they may stop the system working entirely.
+
+4. **SQL Injection**:
+
+In this attack, attackers manipulate a web application's input fields to inject malicious SQL queries, potentially gaining unauthorized access to databases and sensitive data.
+
+5. **Cross-Site Scripting (XSS)**:
+
+Attackers inject malicious scripts into web applications, which are then executed by unsuspecting users' browsers. This can lead to the theft of user data and/or the spreading of malware.
+
+6. **Social Engineering**:
+
+Social engineering exploits human psychology to manipulate individuals into divulging confidential information or performing actions that compromise security.
+
+7. **Zero-Day (0day) Exploits**:
+
+These attacks target vulnerabilities in software or hardware that are not yet known to the vendor or public. Attackers take advantage of these vulnerabilities before patches are developed. Many organizations worry about zero-days as there is no patch for them but they are not as common as the other attacks on this list. When a zero-day is discovered, security researchers will work quickly to make a patch and hence zero-days are generally short lived.
+
+8. **Credential Attacks**:
+
+These attacks include brute force attacks, where attackers repeatedly guess passwords, and credential stuffing attacks, where stolen credentials from one site are used to attempt access on other sites**.**
+
+## What is the MITRE ATT&CK framework?
+
+The [MITRE ATT&CK framework](https://attack.mitre.org/) (Adversarial Tactics, Techniques, and Common Knowledge) is a framework that catalogs and categorizes the tactics, techniques, and procedures (TTPs) that adversaries use during cyberattacks. The framework was created by MITRE Corporation, a not-for-profit organization that operates research and development centers for various government agencies.
+
+The MITRE ATT&CK framework provides a standardized way to describe and analyze cyber threats, allowing cybersecurity professionals to better understand and defend against various attack techniques. It is widely used by security teams, threat hunters, and incident responders to:
+
+1. **Understand Adversarial Behavior**: The framework documents real-world attack behaviors, outlining the steps attackers take from initial entry to achieving their objectives. It covers a broad range of attack techniques used by different threat groups.
+
+2. **Plan and Implement Defense Strategies**: Security teams can use the framework to develop proactive defense strategies that align with the specific tactics and techniques adversaries might employ.
+
+3. **Incident Response and Threat Hunting**: When investigating incidents or conducting threat hunting, security professionals can refer to the framework to identify and mitigate specific techniques used by attackers.
+
+The MITRE ATT&CK framework is organized into matrices that group attack techniques based on specific platforms and environments, such as Windows, macOS, Linux, and cloud services. Each matrix is divided into tactics (high-level goals) and techniques (specific methods used to achieve those goals). For each technique, the framework provides information about how it works, potential mitigations, and relevant references to real-world threat actors that have used the technique.
+
+The framework is continuously updated and expanded as new threat intelligence is gathered and as the cybersecurity landscape evolves. It's a valuable resource for enhancing an organization's cybersecurity posture by enabling a deeper understanding of how attackers operate and how to defend against their tactics.
+
+## Where can I keep up to date with the cybersecurity threat landscape?
+
+There are many sources that can be used to keep up to date with cybersecurity threats, here are a selection:
+
+ -   [Open Web Application Security Project (OWASP) top 10 vulnerabilities](https://owasp.org/Top10/)
+ - [Common Vulnerabilities and Exposures (CVEs)](https://www.bing.com/ck/a?!&&p=53df6007f017bca2JmltdHM9MTY5MjU3NjAwMCZpZ3VpZD0zYmY4N2RiYS1jYWI1LTYwMDgtMWY1YS02ZmYyY2JjNjYxZWUmaW5zaWQ9NTc2OQ&ptn=3&hsh=3&fclid=3bf87dba-cab5-6008-1f5a-6ff2cbc661ee&psq=cve&u=a1aHR0cHM6Ly9iaW5nLmNvbS9hbGluay9saW5rP3VybD1odHRwcyUzYSUyZiUyZmN2ZS5taXRyZS5vcmclMmYmc291cmNlPXNlcnAtcnImaD1BZXN4S0VBWTNnbGhNZEFpd3daMlNSZkZQNTlrODhIUnYxRUtlSkY1RTk0JTNkJnA9a2NvZmZjaWFsd2Vic2l0ZQ&ntb=1 "Common Vulnerabilities and Exposures")
+ - [Microsoft Security Response Center blogs](https://msrc.microsoft.com/blog/)
+ - [National Institute of Standards and Technology
+   (NIST)](https://www.dhs.gov/topics/cybersecurity): NIST provides resources, alerts, and latest updates on potential cybersecurity threats.
+ - [Cybersecurity and Infrastructure Security Agency
+   (CISA)](https://www.cisa.gov/resources-tools/resources/free-cybersecurity-services-and-tools): CISA provides cybersecurity resources and best practices for
+   businesses, government agencies, and other organizations. CISA shares
+   up-to-date information about high-impact types of security activity
+   affecting the community at large and in-depth analysis on new and
+   evolving cyber threats.
+ - [National Cybersecurity Center of Excellence (NCCoE)](https://www.dhs.gov/topics/cybersecurity): NCCoE is a hub that provides practical cybersecurity solutions that can be applied in real-world situations.
+ - [US-CERT](https://www.cisa.gov/resources-tools/resources/free-cybersecurity-services-and-tools):The United States Computer Emergency Readiness Team (US-CERT) provides a variety of cybersecurity resources, including alerts, tips, and more.
+ - Your country's Cyber Emergency Response Team (CERT)