Google CyberSecurity Professional Certificate
2024-07-26
筆記參與 Google CyberSecurity Professional Certificate 完成課程與取得證照的學習心得。
說明
這個證照課程總共包含 8 個課程,每個課程又可以分成 4-5 個模組 (Modules),完成課程必須要通過 Quizzes,有些課程則有 Portfolio Activity 的小型專案需要完成。
Quizzes 通常是 10 題的選擇題 (包含單選與複選),Portfolio Activity 則是盤點、設計、分析面向的資安文件作業,完成方式是自我評估是否符合文件要求。
另外部分模組有實作課程,會透過 Google Cloud Skills Boost 來完成,這部分課程通常都是 Optional 不是完成課程的必要條件,但建議一定要動手實作,對於深入課程內容有很大的幫助。
官方預期的證照課程完成時間是 6 個月,但線上課程的好處就在於學習者可以自行安排時間,按照學習的情況來調整學習步調。
以筆者已經有一定資安基礎 (ISO27001 Certificate) 以及已具備使用 Python, SQL 及 Linux 的經驗,利用下班時間以及週末全時投入的學習情況,大約費時 2 個月的時間完成所有課程。
課程模組清單
- Foundations of Cybersecurity
- Play It Safe: Manage Security Risks
- Connect and Protect: Networks and Network Security
- Tools of the Trade: Linux and SQL
- Assets, Threats, and Vulnerabilities
- Sound the Alarm: Detection and Response
- Automate Cybersecurity Tasks with Python
- Put It to Work: Prepare for Cybersecurity Jobs
Basic Responsibilities of Cybersecurity Entry-Level Roles
- Protecting Computer and Network Systems
- Monitor internal network for threats
- Respond to detected threats
- Participate in penetration testing and ethical hacking to identify vulnerabilities
- Preventing Threats
- Work with IT teams to install prevention software
- Involved in software and hardware development to support product security
- Conducting Periodic Security Audits
- Review security records, activities, and documents
- Examine in-house security issues to ensure data protection
重點觀念
CISSP's 8 Security Domains
- Security and Risk Management
- Asset Security
- Security Architecture and Engineering
- Communication and Network Security
- Identity and Access Management
- Security Assessment and Testing
- Security Operations
- Software Development Security
NIST's Risk Management Framework (RMF)
- Prepare: Manage security and privacy risks before a breach occurs, Identify controls to reduce risks, Monitor for risks and identify potential.weaknesses.
- Categorize: Develop risk management processes and tasks, Identify how risk can impact the confidentiality, integrity, and availability of systems and information.
- Select: Select security controls and develop a security plan
- Implement: Implement security controls and document security processes, Minimize the impact of ongoing security risks..
- Assess: Assess security controls and document assessment results
- Authorize: Account for security and privacy risks in an organization. Develop plans of action, generate reports, and establish project milestones aligned with organization's security goals.
- Monitor: Monitor security controls and document security status
名詞解釋
What is Threat Actors?
Individuals or groups who present a security risk, including internal and external threats.
What is Security Frameworks?
Guidelines for building plans to mitigate risks and threats to data and privacy.
What is Security Controls?
Safeguards designed to reduce specific security risks, used with security frameworks to establish a strong security posture.
What is Compliance?
Adhering to internal standards and external regulations to avoid fines and security breaches.
What is Asset?
An asset is an item perceived as having value to an organization. Value is determined by the cost associated with the asset.
What is NIST Cybersecurity Framework?
A voluntary framework developed by the National Institute of Standards and Technology (NIST) to manage cybersecurity risk.
Consists of standards, guidelines, and best practices to manage short and long-term risk.
- Personally identifiable information (PII): Any information used to infer an individual’s identity
- Security posture: An organization’s ability to manage its defense of critical assets and data and react to change
- Sensitive personally identifiable information (SPII): A specific type of PII that falls under stricter handling guidelines
- Internal threat: A current or former employee, external vendor, or trusted partner who poses a security risk
- Technical skills: Skills that require knowledge of specific tools, procedures, and policies
- Threat: Any circumstance or event that can negatively impact assets
- Threat actor: Any person or group who presents a security risk
- Transferable skills: Skills from other areas that can apply to different careers
NIST CSF Core Functions
Identify: Manage cybersecurity risk and its effect on people and assets.
Example: Monitor systems and devices to identify potential security issues.
Protect: Implement policies, procedures, training, and tools to mitigate cybersecurity threats.
Example: Study historical data and improve policies and procedures.
Detect: Identify potential security incidents and improve monitoring capabilities.
Example: Review security tool setup to flag potential threats or incidents.
Respond: Contain, neutralize, and analyze security incidents, and implement improvements.
Example: Collect and organize data to document incidents and suggest process improvements.
Recover: Return affected systems back to normal operation.
Example: Restore systems, data, and assets affected by an incident.
- Health Insurance Portability and Accountability Act (HIPAA): A U.S. federal law established to protect patients' health information
- Confidentiality, integrity, availability (CIA) triad: A model that helps inform how organizations consider risk when setting up systems and security policies
- Protected health information (PHI): Information that relates to the past, present, or future physical or mental health or condition of an individual
Active Recall
- SIEM (Security Information and Event Management) 是一種安全管理系統,可以自動化監控網路流量。
- IDS (Intrusion Detection System) 是一種主動式的安全系統,可以偵測 (detect) 網路流量中的異常行為。
- IPS (Intrusion Prevention System) 是一種主動式的安全系統,可以阻擋 (block) 網路流量中的異常行為。
- SOAR (Security Orchestration, Automation, and Response) 是一種安全管理系統,可以自動化監控網路流量並且自動化回應。
Steps of Incident Response with Playbook
藉由 Playbook 定義自動化回應的流程,可以讓安全團隊更有效率地回應安全事件,Playbook 包含以下幾個步驟:
- Detect
- Analyze
- Investigate
- Respond
- Recover
Incident Response Plan
- Preparation
- Identification
- Containment
- Eradication
- Recovery
- Lessons Learned
Cybersecurity must-have skills
- Log Analysis with Python
- Network Traffic Analysis with Wireshark and TCPDump
- Using Security Tools like Nmap, Nessus, and Metasploit
- Escalating Incident Response with SOAR