Category Archives: 2. Technology & Science

Introduction This article focuses on the Payment Card Industry Data Security Standard (PCI DSS), which is a set of standards designed to ensure that all companies that process, store, or transmit credit card information maintain a secure environment. It explains the origins, key control objectives, and technical requirements of the PCI DSS, as well as the complexities surroundingContinue reading “Payment Card Industry Certification (PCI DSS): Industry Self-regulatory Efforts”

Introduction In this article, the focus is on botnet mitigation through industry collective action. The lesson explains what a botnet is, describes the threat they pose, and discusses the industry and government efforts to combat them, especially through national anti-botnet initiatives. Additionally, it explores the factors that influence the success of botnet cleanup campaigns. 1. What is a Botnet? • A botnet isContinue reading “Collective Botnet Mitigation Efforts: Industry Self-regulatory Efforts”

Introduction In this article, we continue the discussion of Certificate Authorities (CAs) and Public Key Infrastructure (PKI), with a focus on the flaws in the trust model used by CAs and the industry response to address these vulnerabilities. The lesson examines the structural issues in the trust model, key security breaches, and subsequent industry reforms aimed at improving security in web communications.Continue reading “Certificate Authorities and PKI (2): Industry Self-regulatory Efforts”

Introduction This article explores how secure web communications using HTTPS were implemented, focusing on the Public Key Infrastructure (PKI) and Certificate Authorities (CAs). It covers how industry cooperation helped develop secure protocols and digital certificates, which are essential for enabling e-commerce and secure web traffic. 1. Basics of Cryptography: • Encryption: The process of converting plaintext into ciphertext using an algorithm and aContinue reading “Certificate Authorities and PKI (1): Industry Self-regulatory Efforts”

Introduction This article introduces the idea of collective action to improve cybersecurity at the industry level, focusing on how organizations that provide internet services to third parties cooperate to enhance security. 1. The Role of Internet Service Providers in Cybersecurity: • Organizations that supply internet services are critical players in the cybersecurity ecosystem. These include platform providers like Microsoft, Apple, Facebook, and Google, as wellContinue reading “Cybersecurity and the Supply Side: Industry Self-regulatory Efforts”

Introduction This article delves into four key American laws that directly affect the management of an organization’s information security resources. These laws are essential for cybersecurity managers to understand, as they dictate compliance procedures and safeguard requirements for handling sensitive information, depending on the sector in which an organization operates. The laws covered are FISMA, Sarbanes-Oxley (SOX), HIPAA, and GDPR, withContinue reading “Compliance with Information Laws: Organizational Security Policies”

Introduction This article continues exploring network defense tools and covers strategies for defending against distributed denial of service (DDoS) attacks, utilizing the Domain Name System (DNS) for security, and leveraging cloud services to improve security functions. The lesson provides insight into both defensive techniques and the integration of security into cloud and web-based services. 1. Distributed Denial of Service (DDoS) Attacks: • DDoSContinue reading “Tools for Network Defense 2: Organizational Security Policies”

Introduction This article focuses on the technical tools used to defend an organization’s networks and information resources. The lesson covers firewalls, intrusion detection systems (IDS), intrusion prevention systems (IPS), and network segmentation as critical elements of network defense. The goal is to familiarize learners with the key concepts and functionalities of these tools to prepare them for more specialized training or practicalContinue reading “Tools for Network Defense 1: Organizational Security Policies”

Introduction This article provides an in-depth overview of the NIST Cybersecurity Framework. It highlights the structure of the framework, its components, and how organizations can use it to assess and improve their cybersecurity maturity. The NIST framework is emphasized because it is freely available and widely adopted, incorporating references to many other cybersecurity standards and frameworks.Continue reading “The NIST Cybersecurity Framework: Organizational Security Policies”

Introduction This article introduces the concept of security policies at the organizational level and explains how they differ from public policy. The focus is on preparing learners for developing a security policy for an organization. Key Points: 1. Definition of a Security Policy: • A policy articulates goals and objectives that guide decision-making and behavior in an organization. • Policies typically take the form ofContinue reading “What are Security Policies? Organizational Security Policies”