<aside> 📌 Summary
</aside>
Objectives of the module :
Base information on tech needed for GRC analyst
Understand the GRC analyst work context
A basic primer on networking and a little bit about systems
Cybersecurity is about people, processes and technology.
CIA ⇒ Confidentiality Integrity Availability
Cyber security framework
Think left and right of the boom (identify & protect are on the left side of a boom)
GRC look around Identify & Protect
<aside> 📌 Terminology
Vulnerability: A weakness in a person, process or technology
Exploit: An attack on a vulnerability
Risk: How likely and how bad an exploited vulnerability is
Incident: An actively exploited vulnerability
Malware: Malicious software
</aside>
Works on the Identify and Protect section of the NIST framework
Limit the negative consequences and the bad stuff happening
Get the company in the best position possible
<aside> 📌 Completing the GCR, Security operation focus on during and after the boom.
</aside>
Compliance and audit: Are we compliant? Can we demonstrate?
Security awareness: Mitigating risk from people
Assess risk: Are we at risk? Should we invest in security? How much should we invest?