- Define a “ Cybersecurity Specialist / Technician “:, - This is the one who will do the hands-on configuration of a system and do things under the direction of a cybersecurity., - Define a “ Cyber Crime Analyst / Investigator “:, - This is the one who works a lot in the digital forensics’ realm., - Define a “ Incident Analyst / Responder “:, - This is the one who focuses on responding to a data breach or other type of cyberattack that happens across your organization., - Define a “ Cybersecurity Analyst “:, - This is a large overall encompassing term for a lot of the other areas, as well as a senior position inside most organization., - Define a “ Penetration Tester “:, - This is somebody who breaks into somebody's systems with their permission to identify their vulnerabilities., - Define a “ Cybersecurity Manager / Administrator “:, - This is the one responsible for observing all of the operations occurring across the network and managing the infrastructure that facilitates those operations., - Define a “ Cybersecurity Engineer “:, - This is focused on building tools and techniques and designing the entire system at a big, large level for the organization., - Define a Chief Information Security Officer ( C.I.S.O. ):, - This is a senior-level executive who oversees an organization's information, cyber, and technology security, - In regards to the “ Cybersecurity Analyst “:, - A senior position within an organization’s security team with direct responsibility for protecting sensitive information and preventing unauthorized access to electronic data and the systems that protect it., - Any device that processes or uses our information is covered by the role of a cybersecurity analyst., - Cybersecurity teams contain junior and senior analysts., - Analysts are expected to have years of experience working within I.T. and I.T. security., - What are the Functions of the cybersecurity analyst:, - Implementing and configuring security controls., - Working in a S.O.C. or C.S.I.R.T., - Auditing security processes and procedures., - Maintaining up-to-date threat intelligence, - The cybersecurity analyst requires strong problem solving skills.

- This is a location where security professionals monitor and protect critical information assets in an organization., - This is like a security monitoring center., - This is where junior analysts overseen by senior analysts are trying to find what’s known as indicator of compromise., - Security Operations Centers ( S.O.C. ) usually exist for larger corporations, government agencies, and health care organizations., - Things that Security Operations Centers ( S.O.C. ) needs in order for it to be successful:, - Have the authority to operate., - Have motivated and skilled professionals., - Incorporate processes into a single center., - Equipped to perform incident response., - Protect itself and the organization at large., - Can separate the signal from the noise., - Collaborate with other SOCs for data sharing., - The Security Operations Centers ( S.O.C. ) should be the single point of contact for security, monitoring, and incident response.

- We just need a basic understanding of the different security control categories Security Control., - Mitigates vulnerabilities and risk to ensure the confidentiality, integrity, availability, nonrepudiation, and authentication of data., - Security controls should be selected and deployed in a structured manner using a risk management framework NIST Special Publication 800-53 Revision 5., - This document is called the security and privacy controls for federal information systems and organizations., - For the exam, you're not expected to actually read this document and learn everything inside of it. But as a cybersecurity professional, you will use this document a lot when you're selecting controls., - This document has 18 families of controls to make it easier to find controls. Examples of families are:, - Access Control ( A.C. ), - Accountability ( A.A. ), - Incident Response ( I.R. ), - Risk Management ( R.A. ), - Define I.S.O. 27001:, - This is an international standard and a proprietary framework., - Earlier versions of the NIST S.P. 800-53 used classes of controls (technical, operational, and managerial)., - Define Technical (Logical) Controls:, - This is a category of security control that is implemented as a system (hardware, software, or firmware)., - Define Operational Controls:, - A category of security control that is implemented primarily by people rather than systems., - Define Managerial Controls:, - A category of security control that provides oversight of the information system., - Newer versions of NIST S.P. 800-53 do not use classes of controls anymore, but these are still used by the CySA+ exam objectives, so they are included here., - Exam Tips:, - You don't need to read the entire 800-53 document, but it is a good thing to use as an on-the-job resource you don't need to memorize the different family designations, but you should be familiar with the basic concepts are presented inside the 800-53 document., - Define and Categorize “ Security Controls Functional Types”:, - Define a “ Preventative Control “:, - A control that acts to eliminate or reduce the likelihood that an attack can succeed., - Define a “ Detective Control “:, - A control that may not prevent or deter access, but will identify and record any attempted or successful intrusion., - Define a “ Corrective Control “:, - A control that acts to eliminate or reduce the impact of an intrusion event No single security control is invulnerable, so the efficiency of a control is instead measured by how long it delays an attack In addition to preventative detective and corrective controls, there are other control types to take note of:, - Define a “ Physical Control “:, - This is a type of security control that acts against in-person intrusion attempts., - Define a “ Deterrent Control “:, - This a type of security control that discourages intrusion attempts., - Define a “ Compensating Control “:, - This is a type of security control that acts as a substitute for a principal control., - Not the top line, but gives you some protection., - Define a “ Responsive Control “:, - System that actively monitors for potential vulnerabilities or attacks, and then takes action to mitigate., - Define a “ Firewall “:, - This is a system that monitors all incoming and outgoing network, traffic and blocks Intrusion Prevention System ( I.P.S. ) devices that can monitor network traffic for patterns that indicate an intrusion is occurring such as a repeated failed log on attempt.

- How do you select the security controls you want to use?, - Make use of Confidentiality, Integrity, and Availability ( C.I.A. ) to have proper coverage over each of those areas to make sure you're creating security for your system., - None of these technologies can provide CIA alone, but combined uphold the three tenets of security., - How do you decide which security control you're actually going to apply?, - It depends on the risk., - How can I mitigate this risk?, - Use the Confidentiality, Integrity, and Availability ( C.I.A. )., - Ask which part or parts do you have controls for and how can you add controls for what you are missing so that you cover all of them or mitigate what can’t be covered.