Cybersecurity

Google Cybersecurity Professional Course Security Audit Conduct a security audit Incident Report Use the NIST Cybersecurity Framework to respond to a security incident Linux Commands Use Linux commands to manage file permissions SQL Queries Apply filters to SQL queries Vulnerability Assessment Conduct a vulnerability assessment based on NIST SP-800-30 Incident Handler’s Journal Documenting of incident responses File handling in Python Using Python to maintain a security related file (allow-list_ How-to articles Wazuh XDR and SIEM ...

This post is continued from previous entry, Zero Cost Home Cybersecurity with WSL2 and Wazuh. We have installed Wazuh service on WSL2 and its agent on Windows. Now we are able to see various suggestions from the scan result. Where we are First, we want to know where we are. NIST Cybersecurity Framework defines following 5 steps to improve security posture. We want to address each steps with the activity with Wazuh. ...

There are many cybersecurity solutions for home usage in combination with endpoint security and network intrusion detection or prevention systems. Some of them are software packages such as McAfee and others may be provided by your ISP, such as Xfinity xFi Advanced Security which comes with ISP-specific hardware. However, it is unclear to the end users what they do, and sometimes pricy. It is also common to network enthusiasts to set up a white-box approach with plenty of hardware equipment for a home cybersecurity stack. For example, there are many YouTube videos about how to set up a router to mirror all the traffic into IDS in a virtual machine, so that all network traffic can be monitored. However, in my humble opinion, hosting a VM that can monitor all the network traffic in and out is a very much luxury for most people. ...

Back to index Project description This project describes an activity of updating a text file, based on the necessity of the business. It is designed for a process to maintain allow-list-based access control list. In order to restrict access of unauthorized users, businesses are required to review the list and remove access privileges on a need-to basis. With a given list of IP addresses, the program will remove them from the allow-list and write IP addresses back to the text file. ...

Back to index Entry 1: Analyzing ransomeware incident Entry 2: Analyzing phishing email Entry 3: Following up with playbook Entry 4: Review on incident final report Entry 5: Using Splunk to analyze malicious logins Entry 6: Using Chronicle to analyze phishing attempts Entry 1 Date: 07/19/2023 Description Ransomeware damaged a clinic. A small U.S. health care clinic experienced a security incident on Tuesday at 9:00 a.m. which severely disrupted their business operations. ...

Back to index NIST SP 800-30 Rev.1 (given) Vulnerability Assessment Report NIST SP 800-30 Rev.1 Guide to assessing risk NIST SP 800-30 is a publication that provides guidance on performing risk assessments. It outlines strategies for identifying, analyzing, and remediating risks. Organizations use NIST SP 800-30 to gain insights into the potential likelihood and severity of risks—helping them make informed decisions about allocating resources, implementing controls, and prioritizing remediation efforts. ...

Back to index Scenario(given) Apply filters to SQL queries Scenario You are a security professional at a large organization. Part of your job is to investigate security issues to help keep the system secure. You recently discovered some potential security issues that involve login attempts and employee machines. Your task is to examine the organization’s data in their employees and log_in_attempts tables. You’ll need to use SQL filters to retrieve records from different datasets and investigate the potential security issues.

Back to index Scenario(given) Current file permissions(given) File permissions in Linux Scenario You are a security professional at a large organization. You mainly work with their research team. Part of your job is to ensure users on this team are authorized with the appropriate permissions. This helps keep the system secure. Your task is to examine existing permissions on the file system. You’ll need to determine if the permissions match the authorization that should be given. If they do not match, you’ll need to modify the permissions to authorize the appropriate users and remove any unauthorized access. ...

Back to index Project Setup Incident Report Analysis Project Setup Review the scenario below. Then complete the step-by-step instructions. You are a cybersecurity analyst working for a multimedia company that offers web design services, graphic design, and social media marketing solutions to small businesses. Your organization recently experienced a DDoS attack, which compromised the internal network for two hours until it was resolved. During the attack, your organization’s network services suddenly stopped responding due to an incoming flood of ICMP packets. Normal internal network traffic could not access any network resources. The incident management team responded by blocking incoming ICMP packets, stopping all non-critical network services offline, and restoring critical network services. ...

Back to index Project Setup Controls assessment Compliance checklist Stakeholder memorandum Project Setup Summary Perform an audit of Botium Toys’ cybersecurity program. The audit needs to align current business practices with industry standards and best practices. The audit is meant to provide mitigation recommendations for vulnerabilities found that are classified as “high risk,” and present an overall strategy for improving the security posture of the organization. The audit team needs to document their findings, provide remediation plans and efforts, and communicate with stakeholders. ...