1
00:00:01,100 --> 00:00:07,480
So before we move ahead, it is important for you to understand the different terms involved in cyber

2
00:00:07,550 --> 00:00:08,180
security.

3
00:00:08,990 --> 00:00:11,050
So the first is information security.

4
00:00:11,420 --> 00:00:13,230
We have already discussed this term.

5
00:00:13,250 --> 00:00:14,930
But let's have a quick recap.

6
00:00:15,170 --> 00:00:22,520
Information security covers the broader aspect of all the assets, whether it is hardware or software

7
00:00:22,820 --> 00:00:25,090
or human resources or assets.

8
00:00:25,100 --> 00:00:28,490
It covers everything that needs to be protected.

9
00:00:29,800 --> 00:00:37,690
The next is risk management, risk management is a procedure which is used to identify risks and threats

10
00:00:37,690 --> 00:00:43,840
in the organization, which can disrupt the normal processing of the organization, and then various

11
00:00:43,840 --> 00:00:51,010
risk treatment procedures are applied to mitigate the risk that comes under the process of risk management.

12
00:00:52,580 --> 00:01:00,020
Confidentiality, confidentiality is a measure which is used to prevent the data from having access

13
00:01:00,020 --> 00:01:07,220
to unauthorized persons, so confidential means something that only restricted people can access or

14
00:01:07,280 --> 00:01:07,730
see.

15
00:01:10,170 --> 00:01:17,970
Integrity is something that the data should not be altered when it is being sent from one sender to

16
00:01:17,970 --> 00:01:18,670
the receiver.

17
00:01:18,690 --> 00:01:25,740
So integrity checks, if the data that is being sent and the data that is being received is same or

18
00:01:25,740 --> 00:01:26,130
not.

19
00:01:28,880 --> 00:01:36,980
Availability make sure that the data or information or assets or anything on which comes on the information

20
00:01:36,980 --> 00:01:43,310
and asset is available to the required people then and wherever it is necessary.

21
00:01:45,960 --> 00:01:54,510
Threat threat is something which can harm the reputation of organization or can disrupt the normal processing

22
00:01:54,510 --> 00:01:56,670
of the organizational services.

23
00:01:59,230 --> 00:02:07,360
Vulnerability, vulnerability is a weakness in the organization or a weakness or a flaw in the system

24
00:02:07,690 --> 00:02:15,340
through which the attackers can gain the access to the internal systems and then they can cause the

25
00:02:15,340 --> 00:02:16,790
different attacks.

26
00:02:17,020 --> 00:02:21,370
For example, let's say you have a house, you have a bungalow, you have two kids.

27
00:02:21,640 --> 00:02:25,020
The first is the front gate and another is a back gate.

28
00:02:25,390 --> 00:02:32,230
Front gate has a security guard installed, but the back gate does not have a security guard, a security

29
00:02:32,230 --> 00:02:34,200
guard, neither a security camera.

30
00:02:34,570 --> 00:02:41,470
So the back gate is a vulnerability for the house because the thief can come into your house, not through

31
00:02:41,470 --> 00:02:45,280
the front gate, but it can definitely come through the back gate.

32
00:02:47,170 --> 00:02:53,860
Attack is an incident which happens in the organization in order to cause harm to the reputation or

33
00:02:53,860 --> 00:02:56,790
which causes a negative impact on the organization.

34
00:02:58,930 --> 00:03:08,080
Firewalls, firewalls are programs specifically designed which are installed on software as well as

35
00:03:08,080 --> 00:03:16,600
hardwares to assess the incoming packets through the Internet and allow or restrict the packets entering

36
00:03:16,750 --> 00:03:17,730
into the network.

37
00:03:20,630 --> 00:03:30,290
Cryptography is the process through which the CIA triad of information security is maintained, so cryptography

38
00:03:30,290 --> 00:03:38,150
is used to see whether the system is following confidentiality, whether the data is not altered, whether

39
00:03:38,150 --> 00:03:43,790
it follows integrity and the data is available when and where it is needed.

40
00:03:46,470 --> 00:03:52,410
Encryption and decryption is the process through which confidentiality, integrity and availability

41
00:03:52,410 --> 00:03:58,410
is achieved are going to see encryption and decryption in upcoming sections as well.

42
00:03:59,430 --> 00:04:04,410
Hashing is the process of converting input thing.

43
00:04:04,420 --> 00:04:05,840
Think it can be a text?

44
00:04:05,850 --> 00:04:07,170
It can be a document.

45
00:04:07,170 --> 00:04:11,420
It can be an image into a specified output of a fixed length.

46
00:04:11,970 --> 00:04:18,620
So it is a string of random alphabets used to check the integrity of the original input.

47
00:04:20,070 --> 00:04:27,600
Virtual private network is a kind of network where people use it to access to the informational assets

48
00:04:29,190 --> 00:04:35,850
when they are working remotely, or anyone who wants to access the organization's resources but are

49
00:04:35,850 --> 00:04:41,970
not in the organizations, use this virtual private network, which is a secured network which uses

50
00:04:41,970 --> 00:04:47,690
secured protocols as if the people are in the organization itself.

51
00:04:49,020 --> 00:04:57,900
Ransomware is a kind of malware when attacked, the hackers ask for a specific ransom, a specific amount

52
00:04:57,900 --> 00:05:04,930
of money in order to delete the virus or in order to give the system back to its owner.

53
00:05:06,620 --> 00:05:13,490
Hacker, as we are going to see in detail in the next section, HACA is any person who had exceptional

54
00:05:13,490 --> 00:05:20,570
computer skills and knowledge of networking and then operating systems and programming language, who

55
00:05:20,570 --> 00:05:23,790
can then use those skills to breaking into the system.

56
00:05:24,320 --> 00:05:26,880
So not necessarily hacker is a bad guy.

57
00:05:27,260 --> 00:05:29,120
There are three different types of hackers.

58
00:05:29,240 --> 00:05:35,510
White hat hacker, which is a good guy who works for the organization, a black hat hacker, which is

59
00:05:35,510 --> 00:05:41,960
a very bad guy and a great hacker who works according to his own thinking.

60
00:05:43,290 --> 00:05:49,560
Fishing, fishing is an act, fishing is an attack, a social engineering attack done on people who

61
00:05:49,560 --> 00:05:51,270
have no knowledge of security.

62
00:05:51,690 --> 00:05:58,490
It is the process in which Tiger gains the credentials from the users by, you know, talking.

63
00:05:58,740 --> 00:06:00,990
It's just it's kind of a sweet talking.

64
00:06:00,990 --> 00:06:07,230
You know, attackers or hackers talk in such a way that people automatically reveal that information

65
00:06:07,230 --> 00:06:08,130
to the attackers.

66
00:06:09,900 --> 00:06:16,470
Cloud computing or it's not cloud, actually, it's cloud security, cloud computing, OK, cloud has

67
00:06:16,470 --> 00:06:17,970
now it is become very popular.

68
00:06:17,970 --> 00:06:24,840
It's a kind of a storage data where many people have started migrating to cloud technologies because

69
00:06:24,840 --> 00:06:28,980
it provides a much more broader aspect of processing the information.

70
00:06:28,980 --> 00:06:37,260
And again, immediate advantage of security and peace of storage, access control, access control is

71
00:06:37,260 --> 00:06:41,670
a mechanism through which access is restricted to users.

72
00:06:42,030 --> 00:06:49,080
It is a process through which organizations assign different rules, different accesses to their employees.

73
00:06:50,700 --> 00:06:56,910
Identity management, as we discussed in the career part, identity management deals with the identities

74
00:06:56,910 --> 00:07:03,920
of user identities of their employees and how the identities can be protected from the malicious attacks.

75
00:07:03,930 --> 00:07:08,720
And you know, who has the proper access according to the identity.

76
00:07:09,990 --> 00:07:14,100
Again, certifications are very important when it comes to cybersecurity.

77
00:07:14,700 --> 00:07:18,690
People have more certifications than they have their basic degrees.

78
00:07:18,960 --> 00:07:21,910
So certifications do play an important role.

79
00:07:22,320 --> 00:07:29,010
There are many certifications like certified ethical hacker, then certified information systems Orito

80
00:07:29,280 --> 00:07:32,270
CISSP Security Plus.

81
00:07:32,280 --> 00:07:36,300
And you know, it's like leveraging you.

82
00:07:36,300 --> 00:07:39,060
You have a leverage when it comes to certifications.

83
00:07:39,060 --> 00:07:42,150
You have knowledge as compared to other individuals.

84
00:07:43,380 --> 00:07:49,350
Authentication is a process by which we check whether the person who is trying to access the system

85
00:07:49,530 --> 00:07:52,810
is really the person who he or she is claiming to be.

86
00:07:52,830 --> 00:07:59,130
So let's say if you are X, Y, Z, and if you are accessing a particular resource, so you have to

87
00:07:59,130 --> 00:08:01,000
prove that you are X, Y, Z.

88
00:08:01,350 --> 00:08:08,700
So there are different authentication factors like login IDs, passwords, or, you know, there are

89
00:08:08,700 --> 00:08:11,300
like fingerprints, biometric modules.

90
00:08:11,700 --> 00:08:20,490
So these this is the process of authentication is the process of basically proving your identity antivirus

91
00:08:20,670 --> 00:08:26,430
software, which is used to counter the various malware that enter into your system.

92
00:08:27,030 --> 00:08:31,470
So antivirus is a software, it is only installed, it is only a software.

93
00:08:31,470 --> 00:08:33,390
It cannot be installed on routers.

94
00:08:33,560 --> 00:08:36,660
It just meant for laptops and backstops.

95
00:08:37,230 --> 00:08:41,040
So antivirus is used to tackle the hardware.

96
00:08:41,160 --> 00:08:44,880
Spyware is malware, Trojans and everything.

97
00:08:47,300 --> 00:08:53,540
Great job now that you have understood the basic terminologies in the next lecture.

98
00:08:53,570 --> 00:08:59,660
We will talk about the vulnerability assessment procedure that many penetration testers follow.

99
00:08:59,690 --> 00:09:06,290
So if you are really interested in getting known to the ethical hacking part, you should not skip this

100
00:09:06,290 --> 00:09:06,840
lecture.

101
00:09:07,520 --> 00:09:09,430
I will see you in the next lecture.