Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,880 --> 00:00:05,440 In our next section we will talk about the key security concepts 2 00:00:08,150 --> 00:00:10,460 let's start with the cyber threats. 3 00:00:10,460 --> 00:00:19,190 Cyber threats or simply threats refer to cyber security circumstances or events with the potential to 4 00:00:19,250 --> 00:00:23,330 cause harm by way of their outcome. 5 00:00:23,330 --> 00:00:31,100 A few examples of common threats include as social engineering are phishing attack that leads to an 6 00:00:31,160 --> 00:00:38,180 attacker installing a Trojan and stealing private information from your applications. 7 00:00:38,180 --> 00:00:46,340 Political activists need those seeing your Web site an administrator accidently leaving data unprotected 8 00:00:46,370 --> 00:00:54,560 on a production system causing a data breach or soon flooding your ISP data center. 9 00:00:54,560 --> 00:01:03,680 Cyber security threats are actualized by threat to actors Skye's threat actors usually refer to persons 10 00:01:03,710 --> 00:01:12,650 or entities who may potentially initiate at threat while natural disasters as well as other environmental 11 00:01:12,650 --> 00:01:16,790 and political events do constitute threats. 12 00:01:16,850 --> 00:01:21,590 They are not generally regarded as being threat actors. 13 00:01:21,590 --> 00:01:29,900 Examples of common threat actors include financially motivated criminals which are known also as cyber 14 00:01:29,900 --> 00:01:39,050 criminals guys and politically motivated activists and these guys are known as the hacktivists and competitors 15 00:01:39,080 --> 00:01:44,810 careless employees and nation state attackers. 16 00:01:44,810 --> 00:01:53,090 Cyber threats can also become more dangerous if threat to actors leverage one or more vulnerabilities 17 00:01:53,420 --> 00:02:03,400 to gain to a system often including the operating system yeah let's go ahead with the one notable TS 18 00:02:04,090 --> 00:02:13,000 vulnerabilities simply refer to our weaknesses in our system they make threat the outcomes possible 19 00:02:13,030 --> 00:02:16,360 and potentially even more dangerous. 20 00:02:16,600 --> 00:02:21,040 A system could be exploited through a single vulnerability. 21 00:02:21,040 --> 00:02:29,290 For example let's say as a single ask fuel injection attack could go to an attacker full control over 22 00:02:29,290 --> 00:02:39,970 sensitive data an attacker could also chain several exploits together and taking advantage of more than 23 00:02:39,970 --> 00:02:44,070 one vulnerability to gain more com control. 24 00:02:44,080 --> 00:02:53,680 Examples of common vulnerabilities are as cruel injections cross site scripting server mis configurations 25 00:02:54,010 --> 00:02:58,680 sensitive data transmitted in plain text and more 26 00:03:01,360 --> 00:03:02,470 exploitation. 27 00:03:02,500 --> 00:03:11,740 Exploitation is the next step in attackers playbook after finding a vulnerability on the system exploits 28 00:03:11,800 --> 00:03:20,310 are the meals through which vulnerability can be leveraged for malicious activity by hackers. 29 00:03:20,450 --> 00:03:31,870 And these include pieces of software sector analysis of comments or even open source exploit kids so 30 00:03:31,900 --> 00:03:32,200 yeah. 31 00:03:32,260 --> 00:03:39,660 We have threads and we have vulnerabilities we have exploits saw how we can mitigate it. 32 00:03:39,670 --> 00:03:48,490 All of these things and we have some mitigation techniques and their training and awareness patch management 33 00:03:48,820 --> 00:03:53,380 policies and procedures and incident response. 34 00:03:53,380 --> 00:03:56,800 Let's start with the training and awareness. 35 00:03:56,800 --> 00:04:03,900 It is constituted as the most convenient and comfortable form of the security guys. 36 00:04:04,090 --> 00:04:11,980 User training is considered as the least expensive and the most effective mitigation technique. 37 00:04:11,980 --> 00:04:19,360 Actually it is the best way to keep the users from making mistakes that will lead to success of the 38 00:04:19,810 --> 00:04:25,050 social engineering attack is educating how to handle them. 39 00:04:25,120 --> 00:04:33,790 It is important to know the procedures protocols and the policies for the security of a network or else 40 00:04:33,790 --> 00:04:34,910 training users. 41 00:04:34,900 --> 00:04:40,260 Skew a real advantage of the relatively low cost guys. 42 00:04:40,390 --> 00:04:43,390 And the second thing is the pitch management. 43 00:04:43,390 --> 00:04:52,710 When an application or an operating system is released it is not perfect far from the security perspective 44 00:04:52,720 --> 00:04:53,890 guys. 45 00:04:53,890 --> 00:05:02,560 Then after Dooley's updates and security patches are released on the ongoing basis which can add to 46 00:05:02,580 --> 00:05:09,130 as software to make them more secure or provide it's more functionality. 47 00:05:09,130 --> 00:05:17,770 And the third thing is policies and procedures the security procedures and policies must be outlined 48 00:05:17,770 --> 00:05:26,920 clearly in writing in the organization guys and it should define acceptable behaviors on networks and 49 00:05:27,160 --> 00:05:29,470 organization computers. 50 00:05:29,470 --> 00:05:38,200 Who uses the computers has to read the procedures and policies and also sign the form for agreeing it. 51 00:05:39,070 --> 00:05:47,760 And the last thing is the incident response when the intruder has enacted an attack on the network. 52 00:05:47,800 --> 00:05:56,030 Then the first instinct gets you the user back to work regardless of what that takes. 53 00:05:56,110 --> 00:06:05,220 It makes more sense in the short run but in case of long run it might be a wrong move surely guys. 54 00:06:05,260 --> 00:06:13,180 The rails tall software which is damaged by the attack then this rare installation may covered the threat 55 00:06:13,270 --> 00:06:19,950 of an attacker and prevent it from persecuting and finding it. 56 00:06:20,110 --> 00:06:29,170 Also it is essential to understand these security threats which affect the networks and be familiar 57 00:06:29,170 --> 00:06:38,500 with the affecting networks like those attacks warms viruses social engineering and men in the middle 58 00:06:38,500 --> 00:06:39,450 attacks. 59 00:06:39,730 --> 00:06:46,050 It is necessary to learn each type of these attacks operates and how to secure it. 60 00:06:46,660 --> 00:06:55,270 Additionally understand the mitigation techniques such as incident response procedure and policies patch 61 00:06:55,270 --> 00:07:03,580 management and training and awareness understand efficient and effective methods of protecting against 62 00:07:03,640 --> 00:07:13,030 these social engineering threats and also other network weaknesses as software security physical security 63 00:07:13,030 --> 00:07:22,690 is also so important infrastructure locations such as network closets and data centers should remain 64 00:07:22,690 --> 00:07:25,550 securely locked badge. 65 00:07:25,570 --> 00:07:34,040 Access to sensitive locations is a scalable solution offering an audit trail of identities and time 66 00:07:34,040 --> 00:07:37,540 stamps when access is granted. 67 00:07:37,540 --> 00:07:46,270 Administrators can control access on a granular basis and quickly remove access when an employee is 68 00:07:46,390 --> 00:07:46,960 dismissive. 7779