筆記參與 Google CyberSecurity Professional Certificate 完成課程與取得證照的學習心得。
說明
這個證照課程總共包含 8 個課程,每個課程又可以分成 4-5 個模組 (Modules),完成課程必須要通過 Quizzes,有些課程則有 Portfolio Activity 的小型專案需要完成。
Quizzes 通常是 10 題的選擇題 (包含單選與複選),Portfolio Activity 則是盤點、設計、分析面向的資安文件作業,完成方式是自我評估是否符合文件要求。
另外部分模組有實作課程,會透過 Google Cloud Skills Boost 來完成,這部分課程通常都是 Optional 不是完成課程的必要條件,但建議一定要動手實作,對於深入課程內容有很大的幫助。
官方預期的證照課程完成時間是 6 個月,但線上課程的好處就在於學習者可以自行安排時間,按照學習的情況來調整學習步調。
以筆者已經有一定資安基礎 (ISO27001 Certificate) 以及已具備使用 Python, SQL 及 Linux 的經驗,利用下班時間以及週末全時投入的學習情況,大約費時 2 個月的時間完成所有課程。
- Foundations of Cybersecurity
- Play It Safe: Manage Security Risks
- Connect and Protect: Networks and Network Security
- Tools of the Trade: Linux and SQL
- Assets, Threats, and Vulnerabilities
- Sound the Alarm: Detection and Response
- Automate Cybersecurity Tasks with Python
- Put It to Work: Prepare for Cybersecurity Jobs
Basic Responsibilities of Cybersecurity Entry-Level Roles:
- Protecting Computer and Network Systems
- Monitor internal network for threats
- Respond to detected threats
- Participate in penetration testing and ethical hacking to identify vulnerabilities
- Preventing Threats
- Work with IT teams to install prevention software
- Involved in software and hardware development to support product security
- Conducting Periodic Security Audits
- Review security records, activities, and documents
- Examine in-house security issues to ensure data protection
CISSP’s 8 Security Domains
- Security and Risk Management
- Asset Security
- Security Architecture and Engineering
- Communication and Network Security
- Identity and Access Management
- Security Assessment and Testing
- Security Operations
- Software Development Security
NIST’s Risk Management Framework (RMF)
- Prepare: Manage security and privacy risks before a breach occurs, Identify controls to reduce risks, Monitor for risks and identify potential.weaknesses.
- Categorize: Develop risk management processes and tasks, Identify how risk can impact the confidentiality, integrity, and availability of systems and information.
- Select: Select security controls and develop a security plan
- Implement: Implement security controls and document security processes, Minimize the impact of ongoing security risks..
- Assess: Assess security controls and document assessment results
- Authorize: Account for security and privacy risks in an organization. Develop plans of action, generate reports, and establish project milestones aligned with organization’s security goals.
- Monitor: Monitor security controls and document security status
What is Threat Actors?
Individuals or groups who present a security risk, including internal and external threats.
What is Security Frameworks?
Guidelines for building plans to mitigate risks and threats to data and privacy.
What is Security Controls?
Safeguards designed to reduce specific security risks, used with security frameworks to establish a strong security posture.
What is Compliance?
Adhering to internal standards and external regulations to avoid fines and security breaches.
Personally identifiable information (PII): Any information used to infer an individual’s identity
Security posture: An organization’s ability to manage its defense of critical assets and data and react to change
Sensitive personally identifiable information (SPII): A specific type of PII that falls under stricter handling guidelines
Internal threat: A current or former employee, external vendor, or trusted partner who poses a security risk
Technical skills: Skills that require knowledge of specific tools, procedures, and policies
Threat: Any circumstance or event that can negatively impact assets
Threat actor: Any person or group who presents a security risk
Transferable skills: Skills from other areas that can apply to different careers
What is Asset?
An asset is an item perceived as having value to an organization. Value is determined by the cost associated with the asset.
What is NIST Cybersecurity Framework?
A voluntary framework developed by the National Institute of Standards and Technology (NIST) to manage cybersecurity risk.
Consists of standards, guidelines, and best practices to manage short and long-term risk.
NIST CSF Core Functions:
- Identify: Manage cybersecurity risk and its effect on people and assets.
Example: Monitor systems and devices to identify potential security issues. - Protect: Implement policies, procedures, training, and tools to mitigate cybersecurity threats.
Example: Study historical data and improve policies and procedures. - Detect: Identify potential security incidents and improve monitoring capabilities.
Example: Review security tool setup to flag potential threats or incidents. - Respond: Contain, neutralize, and analyze security incidents, and implement improvements.
Example: Collect and organize data to document incidents and suggest process improvements. - Recover: Return affected systems back to normal operation.
Example: Restore systems, data, and assets affected by an incident.
Health Insurance Portability and Accountability Act (HIPAA): A U.S. federal law established to protect patients’ health information
Confidentiality, integrity, availability (CIA) triad: A model that helps inform how organizations consider risk when setting up systems and security policies
Protected health information (PHI): Information that relates to the past, present, or future physical or mental health or condition of an individual
Active Recall
SIEM (Security Information and Event Management) 是一種安全管理系統,可以自動化監控網路流量。
IDS (Intrusion Detection System) 是一種主動式的安全系統,可以偵測 (detect) 網路流量中的異常行為。
IPS (Intrusion Prevention System) 是一種主動式的安全系統,可以阻擋 (block) 網路流量中的異常行為。
SOAR (Security Orchestration, Automation, and Response) 是一種安全管理系統,可以自動化監控網路流量並且自動化回應。
藉由 Playbook 定義自動化回應的流程,可以讓安全團隊更有效率地回應安全事件,Playbook 包含以下幾個步驟:
- Detect
- Analyze
- Investigate
- Respond
- Recover
資安團隊如何進行 Incident Response:
- Preparation
- Identification
- Containment
- Eradication
- Recovery
- Lessons Learned
資安人員需要掌握的技能:
- Log Analysis with Python
- Network Traffic Analysis with Wireshark and TCPDump
- Using Security Tools like Nmap, Nessus, and Metasploit
- Escalating Incident Response with SOAR