1
00:00:00,880 --> 00:00:05,440
In our next section we will talk about the key security concepts

2
00:00:08,150 --> 00:00:10,460
let's start with the cyber threats.

3
00:00:10,460 --> 00:00:19,190
Cyber threats or simply threats refer to cyber security circumstances or events with the potential to

4
00:00:19,250 --> 00:00:23,330
cause harm by way of their outcome.

5
00:00:23,330 --> 00:00:31,100
A few examples of common threats include as social engineering are phishing attack that leads to an

6
00:00:31,160 --> 00:00:38,180
attacker installing a Trojan and stealing private information from your applications.

7
00:00:38,180 --> 00:00:46,340
Political activists need those seeing your Web site an administrator accidently leaving data unprotected

8
00:00:46,370 --> 00:00:54,560
on a production system causing a data breach or soon flooding your ISP data center.

9
00:00:54,560 --> 00:01:03,680
Cyber security threats are actualized by threat to actors Skye's threat actors usually refer to persons

10
00:01:03,710 --> 00:01:12,650
or entities who may potentially initiate at threat while natural disasters as well as other environmental

11
00:01:12,650 --> 00:01:16,790
and political events do constitute threats.

12
00:01:16,850 --> 00:01:21,590
They are not generally regarded as being threat actors.

13
00:01:21,590 --> 00:01:29,900
Examples of common threat actors include financially motivated criminals which are known also as cyber

14
00:01:29,900 --> 00:01:39,050
criminals guys and politically motivated activists and these guys are known as the hacktivists and competitors

15
00:01:39,080 --> 00:01:44,810
careless employees and nation state attackers.

16
00:01:44,810 --> 00:01:53,090
Cyber threats can also become more dangerous if threat to actors leverage one or more vulnerabilities

17
00:01:53,420 --> 00:02:03,400
to gain to a system often including the operating system yeah let's go ahead with the one notable TS

18
00:02:04,090 --> 00:02:13,000
vulnerabilities simply refer to our weaknesses in our system they make threat the outcomes possible

19
00:02:13,030 --> 00:02:16,360
and potentially even more dangerous.

20
00:02:16,600 --> 00:02:21,040
A system could be exploited through a single vulnerability.

21
00:02:21,040 --> 00:02:29,290
For example let's say as a single ask fuel injection attack could go to an attacker full control over

22
00:02:29,290 --> 00:02:39,970
sensitive data an attacker could also chain several exploits together and taking advantage of more than

23
00:02:39,970 --> 00:02:44,070
one vulnerability to gain more com control.

24
00:02:44,080 --> 00:02:53,680
Examples of common vulnerabilities are as cruel injections cross site scripting server mis configurations

25
00:02:54,010 --> 00:02:58,680
sensitive data transmitted in plain text and more

26
00:03:01,360 --> 00:03:02,470
exploitation.

27
00:03:02,500 --> 00:03:11,740
Exploitation is the next step in attackers playbook after finding a vulnerability on the system exploits

28
00:03:11,800 --> 00:03:20,310
are the meals through which vulnerability can be leveraged for malicious activity by hackers.

29
00:03:20,450 --> 00:03:31,870
And these include pieces of software sector analysis of comments or even open source exploit kids so

30
00:03:31,900 --> 00:03:32,200
yeah.

31
00:03:32,260 --> 00:03:39,660
We have threads and we have vulnerabilities we have exploits saw how we can mitigate it.

32
00:03:39,670 --> 00:03:48,490
All of these things and we have some mitigation techniques and their training and awareness patch management

33
00:03:48,820 --> 00:03:53,380
policies and procedures and incident response.

34
00:03:53,380 --> 00:03:56,800
Let's start with the training and awareness.

35
00:03:56,800 --> 00:04:03,900
It is constituted as the most convenient and comfortable form of the security guys.

36
00:04:04,090 --> 00:04:11,980
User training is considered as the least expensive and the most effective mitigation technique.

37
00:04:11,980 --> 00:04:19,360
Actually it is the best way to keep the users from making mistakes that will lead to success of the

38
00:04:19,810 --> 00:04:25,050
social engineering attack is educating how to handle them.

39
00:04:25,120 --> 00:04:33,790
It is important to know the procedures protocols and the policies for the security of a network or else

40
00:04:33,790 --> 00:04:34,910
training users.

41
00:04:34,900 --> 00:04:40,260
Skew a real advantage of the relatively low cost guys.

42
00:04:40,390 --> 00:04:43,390
And the second thing is the pitch management.

43
00:04:43,390 --> 00:04:52,710
When an application or an operating system is released it is not perfect far from the security perspective

44
00:04:52,720 --> 00:04:53,890
guys.

45
00:04:53,890 --> 00:05:02,560
Then after Dooley's updates and security patches are released on the ongoing basis which can add to

46
00:05:02,580 --> 00:05:09,130
as software to make them more secure or provide it's more functionality.

47
00:05:09,130 --> 00:05:17,770
And the third thing is policies and procedures the security procedures and policies must be outlined

48
00:05:17,770 --> 00:05:26,920
clearly in writing in the organization guys and it should define acceptable behaviors on networks and

49
00:05:27,160 --> 00:05:29,470
organization computers.

50
00:05:29,470 --> 00:05:38,200
Who uses the computers has to read the procedures and policies and also sign the form for agreeing it.

51
00:05:39,070 --> 00:05:47,760
And the last thing is the incident response when the intruder has enacted an attack on the network.

52
00:05:47,800 --> 00:05:56,030
Then the first instinct gets you the user back to work regardless of what that takes.

53
00:05:56,110 --> 00:06:05,220
It makes more sense in the short run but in case of long run it might be a wrong move surely guys.

54
00:06:05,260 --> 00:06:13,180
The rails tall software which is damaged by the attack then this rare installation may covered the threat

55
00:06:13,270 --> 00:06:19,950
of an attacker and prevent it from persecuting and finding it.

56
00:06:20,110 --> 00:06:29,170
Also it is essential to understand these security threats which affect the networks and be familiar

57
00:06:29,170 --> 00:06:38,500
with the affecting networks like those attacks warms viruses social engineering and men in the middle

58
00:06:38,500 --> 00:06:39,450
attacks.

59
00:06:39,730 --> 00:06:46,050
It is necessary to learn each type of these attacks operates and how to secure it.

60
00:06:46,660 --> 00:06:55,270
Additionally understand the mitigation techniques such as incident response procedure and policies patch

61
00:06:55,270 --> 00:07:03,580
management and training and awareness understand efficient and effective methods of protecting against

62
00:07:03,640 --> 00:07:13,030
these social engineering threats and also other network weaknesses as software security physical security

63
00:07:13,030 --> 00:07:22,690
is also so important infrastructure locations such as network closets and data centers should remain

64
00:07:22,690 --> 00:07:25,550
securely locked badge.

65
00:07:25,570 --> 00:07:34,040
Access to sensitive locations is a scalable solution offering an audit trail of identities and time

66
00:07:34,040 --> 00:07:37,540
stamps when access is granted.

67
00:07:37,540 --> 00:07:46,270
Administrators can control access on a granular basis and quickly remove access when an employee is

68
00:07:46,390 --> 00:07:46,960
dismissive.