Cybersecurity

1.1.1 What Is Cybersecurity?

Cybersecurity is the ongoing effort to protect individuals, organizations and governments from
digital attacks by protecting networked systems and data from unauthorized use or harm.

Personal

On a personal level, you need to safeguard your identity, your data, and your computing devices.

Organizational

At an organizational level, it is everyone’s responsibility to protect the organization’s reputation,

data and customers.

Government

As more digital information is being gathered and shared, its protection becomes even more vital
at the government level, where national security, economic stability and the safety and wellbeing
of citizens are at stake.

1.1.2 Protecting Your Personal Data

Personal data is any information that can be used to identify you, and it can exist
both offline and online.

Many people think that if they don’t have any social media or online accounts set up, then they
don’t have an online identity. This is not the case. If you use the web, you have an online
identity.
1.1.3 Your Online Identity

It’s your first day on the job, and it’s time to choose a username for your online identity. Which
of the following options would you choose?

This is your first chance to gain some valuable defender points at eLearning company @Apollo,
so take your time and think carefully before making your choices.
1.1.4 Your Data

Personal data describes any information about you, including your name, social security number,
driver license number, date and place of birth, your mother’s maiden name, and even pictures or
messages that you exchange with family and friends.

Cybercriminals can use this sensitive information to identify and impersonate you, infringing on
your privacy and potentially causing serious damage to your reputation.

Select the pins to find out more about how hackers can get their hands on your personal
data.

Medical records

Every time you visit the doctor, personal information regarding your physical and mental health
and wellbeing is added to your electronic health records (EHRs). Since the majority of these
records are saved online, you need to be aware of the medical information that you share.

And these records go beyond the bounds of the doctor’s office. For example, many fitness
trackers collect large amounts of clinical data such as your heart rate, blood pressure and blood
sugar levels, which is transferred, stored and displayed via the cloud. Therefore, you should
consider this data to be part of your medical records.

Education records

Educational records contain information about your academic qualifications and achievements.
However, these records may also include your contact information, attendance records,
disciplinary reports, health and immunization records as well as any special education records
including individualized education programs (IEPs).

Employment and financial records

Employment data can be valuable to hackers if they can gather information on your past
employment, or even your current performance reviews.
Your financial records may include information about your income and expenditure. Your tax
records may include paychecks, credit card statements, your credit rating and your bank account
details. All of this data, if not safeguarded properly, can compromise your privacy and enable
cybercriminals to use your information for their own gain.

1.1.5 Where Is Your Data?

This has got you thinking. Only yesterday, you shared a couple of photos of your first day on the
job with a few of your close friends. But that should be OK, right?

You took some photos at work on your mobile phone. Copies of these photos are now available
on your mobile device.

You shared these with five close friends, who live in various locations across the world.

All of your friends downloaded the photos and now have copies of your photos on their devices.

One of your friends was so proud that they decided to post and share your photos online. The
photos are no longer just on your device. They have in fact ended up on servers located in
different parts of the world and people whom you don’t even know now have access to your
photos.

1.1.6 What's More.

This is just one example that reminds us that every time we collect or share personal data, we
should consider our security. There are different laws that protect your privacy and data in your
country. But do you know where your data is?

Select the images for more examples which may not be so obvious.

1.1.7 Smart Devices

Consider how often you use your computing devices to access your personal data. Unless you
have chosen to receive paper statements, you probably access digital copies of bank account
statements via your bank’s website. And when paying a bill, it’s highly likely that you’ve
transferred the required funds via a mobile banking app.

But besides allowing you to access your information, computing devices can now also generate
information about you.

Wearable technologies such as smartwatches and activity trackers collect your data for clinical
research, patient health monitoring, and fitness and wellbeing tracking. As the global fitness
tracker market grows, so also does the risk to your personal data.

It might seem that information available online is free. But is privacy the price we pay for this
digital convenience?

For example, social media companies generate the majority of their income by selling targeted
advertising based on customer data that has been mined using algorithms or formulas. Of course,
these companies will argue that they are not ‘selling’ customer data, but ‘sharing’ customer data
with their marketing partners.

You can make up your own mind!

1.1.8 What Do Hackers Want?

So, with all this information about you available online, what do hackers want? Of course, they
want your money.

Can you think of an example that you have experienced yourself or that you have heard or read
about, where cybercriminals have accessed or tried to access financial information online?

Share your example in the box below, then Submit. Once you have entered your example,
select Show answer to reveal a summary response.
Hackers' main goal is to make money by stealing sensitive data and selling it for profit. They
may also want to gain a competitive advantage or disrupt an organization.

Cybercriminals are certainly very imaginative when it comes to gaining access to your money.
But that’s not all they are after — they could also steal your identity and ruin your life.

1.1.9 Identity Theft

Not content with stealing your money for short-term financial gain, cybercriminals are invested
in the long-term gain of identity theft.

Select the cards for two examples of how they might do this.

1.1.10 Who Else Wants My Data?

It’s not just criminals who seek your personal data.

Select the headings below to find out what other entities are interested in your online
identity and why.

Your Internet service provider (ISP)

Your ISP tracks your online activity and, in some countries, they can sell this data to advertisers
for a profit.

In certain circumstances, ISPs may be legally required to share your information with
government surveillance agencies or authorities.

Advertisers

Targeted advertising is part of the Internet experience. Advertisers monitor and track your online
activities such as shopping habits and personal preferences and send targeted ads your way.

Search engines and social media platforms

These platforms gather information about your gender, geolocation, phone number and political
and religious ideologies based on your search histories and online identity. This information is
then sold to advertisers for a profit.

Websites you visit

Websites use cookies to track your activities in order to provide a more personalized experience.
But this leaves a data trail that is linked to your online identity that can often end up in the hands
of advertisers!

1.2.1 Types of Organizational Data

[Link] Traditional Data
Traditional data is typically generated and maintained by all organizations, big and small. It
includes the following:
[Link] Internet of Things (IoT) and Big Data

IoT is a large network of physical objects, such as sensors, software and other equipment. All of
these ‘things’ are connected to the Internet, with the ability to collect and share data. And given
that storage options are expanding through the cloud and virtualization, it’s no surprise that the
emergence of IoT has led to an exponential growth in data, creating a new area of interest in
technology and business called 'Big Data.'

1.2.2 The Cube

The McCumbers Cube is a model framework created by John McCumbers in 1991 to help
organizations establish and evaluate information security initiatives by considering all of the
related factors that impact them. This security model has three dimensions:

1. The foundational principles for protecting information systems.

2. The protection of information in each of its possible states.
3. The security measures used to protect data.

Scroll down to find out more about the different elements of each dimension.
 Confidentiality is a set of rules that prevents sensitive information from being
disclosed to unauthorized people, resources and processes. Methods to ensure
confidentiality include data encryption, identity proofing and two factor
authentication.
 Integrity ensures that system information or processes are protected from
intentional or accidental modification. One way to ensure integrity is to use
a hash function or checksum.
 Availability means that authorized users are able to access systems and data when
and where needed and those that do not meet established conditions, are not. This
can be achieved by maintaining equipment, performing hardware
repairs, keeping operating systems and software up to date, and creating
backups.
 Processing refers to data that is being used to perform an operation such as updating a
database record (data in process).
 Storage refers to data stored in memory or on a permanent storage device such as a hard
drive, solid-state drive or USB drive (data at rest).
 Transmission refers to data traveling between information systems (data in transit).

 Awareness, training and education are the measures put in place by an organization to
ensure that users are knowledgeable about potential security threats and the actions they
can take to protect information systems.
  Technology refers to the software- and hardware-based solutions designed to protect
information systems such as firewalls, which continuously monitor your network in
search of possible malicious incidents.
 Policy and procedure refers to the administrative controls that provide a foundation for
how an organization implements information assurance, such as incident response plans
and best practice guidelines.

1.2.3 What Do You Think?

A concerned customer has forwarded on what they believe to be a fraudulent email. It
looks as if it has been sent by @Apollo but something appears a little 'phish-y.'

1.2.4 Is This for Real?

Yes, phishing is very common and often works. For example, in August 2020, elite gaming
brand Razer experienced a data breach which exposed the personal information of approximately
100,000 customers.

A security consultant discovered that a cloud cluster (a group of linked servers providing data
storage, databases, networking, and software through the Internet), was misconfigured and
exposed a segment of Razer’s infrastructure to the public Internet, resulting in a data leak.

It took Razer more than three weeks to secure the cloud instance from public access, during
which time cybercriminals had access to customer information that could have been used in
social engineering and fraud attacks, like the one you uncovered just now.

Organizations therefore need to take a proactive approach to cloud security to ensure that
sensitive data is secured.

1.2.5 Data Security Breaches

The implications of a data security breach are severe, but they are becoming all too common.

Select the images to read about two well-known examples.

If you are ever faced with a similar situation, quickly verify if your information was
compromised, so that you can minimize the impact. Keep in mind that, in a time of crisis, you
may be tricked into using unauthorized websites.

Always be vigilant when providing personally identifiable information over the Internet. Check
your credit reports regularly and immediately report any false information, such as applications
for credit that you did not initiate or purchases on your credit cards that you did not make.

1.2.6 Consequences of a Security Breach

These examples show that the potential consequences of a security breach can be severe.

Select the headings for a summary of these impacts.

Reputational damage

A security breach can have a negative long-term impact on an organization’s reputation that has
taken years to build. Customers, particularly those who have been adversely affected by the
breach, will need to be notified and may seek compensation and/or turn to a reliable and secure
competitor. Employees may also choose to leave in light of a scandal.

Depending on the severity of a breach, it can take a long time to repair an organization’s
reputation.

Vandalism

A hacker or hacking group may vandalize an organization’s website by posting untrue

information. They might even just make a few minor edits to your organization’s phone number
or address, which can be trickier to detect.

In either case, online vandalism can portray unprofessionalism and have a negative impact on
your organization’s reputation and credibility.

Theft
A data breach often involves an incident where sensitive personal data has been stolen.
Cybercriminals can make this information public or exploit it to steal an individual’s money
and/or identity.

Loss of revenue

The financial impact of a security breach can be devastating. For example, hackers can take
down an organization’s website, preventing it from doing business online. A loss of customer
information may impede company growth and expansion. It may demand further investment in
an organization’s security infrastructure. And let’s not forget that organizations may face large
fines or penalties if they do not protect online data.

Damaged intellectual property

A security breach could also have a devastating impact on the competitiveness of an

organization, particularly if hackers are able to get their hands on confidential documents, trade
secrets and intellectual property.
Despite the best of intentions and all the safeguards you can put in place, protecting
organizations from every cyberattack is not feasible.

Cybercriminals are constantly finding new ways to attack and, eventually, they will succeed.

When they do, it will be up to cybersecurity professionals, like you, to respond quickly to
minimize its impact.

Next Up

Security breaches can have devastating consequences for an organization. Therefore, it is crucial
to take appropriate steps and implement measures to protect against cyber-attacks.

1.3. What Was Taken?

1.3.1 Scenario 1
Security breaches today are all too common, with attackers constantly finding new and
innovative ways of infiltrating organizations in search of valuable information.

Scroll down to read the latest breaking security news headline.*

1.3.2 What Happened?

According to our sources, a well-known hotel chain that operates across the world has reported a
massive data breach, with the personal information of over three million guests exposed to
hackers.

The hotel discovered that hackers gained access to its customer database by using the login
details of one of its employees.

At this point, the hotel doesn’t believe that the hackers were able to access any account
passwords or financial information. Recent guests are encouraged to check the hotel chain’s web
portal to see if they have been impacted by this breach

In this example, what did the hackers take?

Select the correct answer, and then Submit.

The username and password of all of the hotel’s employees

The names, email address and phone numbers of over three million hotel guests

The card payment information of over three million guests

1.3.3 Scenario 2

ELearning Platforms at Risk!

The team at @Apollo is concerned. ELearning platforms are becoming prime targets for
attackers as more and more organizations make the move to digital learning.

Select the arrows to find out more about a recent case.*

A popular online training platform admitted leaving the personal data of millions of its students
(many of them minors) exposed on a publicly accessible cloud database.

1.3.4 What Exploits?

What exploits did the hackers use in this case to gain access to valuable personal information?

Select the correct answer, and then Submit.

Bypassing the platform’s access control methods

Weaknesses in the platform’s security practices

Taking advantage of student information not being correctly validated on the platform

Extracting information when the volume of student data exceeds the storage capacity of the
platform’s memory buffer

1.3.5 Rewind

Every organization is at risk of a cyber-attack and therefore must take appropriate action to
protect itself.

Thinking back to each of the two security breach examples outlined above, what measures could
these organizations have implemented in order to have prevented these security breaches?

Write your thoughts in the box below, then Submit. Select Show answer to check your
response.

A cyber security breach is an unauthorized attack on a computer system or network that

compromises the security of the data stored there.

What can happen during a cyber security breach? Sensitive data can be exposed, Operations can
be disrupted, and Financial or reputational damage can occur.

1.3.6 Key Takeaways

 A security breach is an incident that results in unauthorized access to data, applications, services
or devices, exposing private information that attackers can use for financial gain or other
advantages.

But there are many ways to protect yourself and your organization. It’s important to be aware of
common cyber threats and remain vigilant so that you don’t become the next victim.

Interested in finding out more?

Search for a few additional examples of recent security breaches. In each case, can you identify?

 What was taken? What Was Taken may refer to a book by Carol Haack or a book about
forced adoption?
 What Was Taken: An Untold Story: is a book by Carol Haack about a serial killer and the
women who were victims. The book is a combination of autobiography, biography, and
fiction. It's written by the only survivor of the serial killer.
Taken: A True Story of the Pain and Scandal of Forced Adoption is a book about a woman who
was forced to give up her child for adoption. The book covers her life and the struggles she
faced.

Taken may also refer to the 2008 action-thriller film starring Liam Neeson. In the film, an ex-
CIA officer tries to find his daughter and her best friend after they are kidnapped.

 What exploits the attackers used? An exploit benefits from a system's flaw or vulnerability
to perform malicious actions. These systems could either be software, hardware, or a
network, and the attacker delivers these exploits through malware and viruses.
 What actions could be taken to prevent the breach from occurring again in the future?
To prevent a data breach from happening again, you can:

 Update software: Regularly update and patch your systems to minimize the risk of exploitation.

 Conduct risk assessments: Regularly assess your security systems to identify potential
weaknesses.

 Educate employees: Provide regular training to teach employees about security best practices.
 Enable two-factor authentication: Require users to provide two different types of identification
to access a system.

 Monitor systems: Regularly monitor your systems to detect potential security breaches early.

 Create an incident response plan: Create and regularly update a plan for how to respond to and
manage a security incident.

 Fix vulnerabilities: Identify and fix vulnerabilities using real-time threat detection and response
tools.

 Notify affected customers: Immediately alert customers whose personal information may have
been affected.

Next Up

Given the very real threat to organizational data, it is critical that all organizations develop and
implement a comprehensive cybersecurity plan to protect them from potential breaches. But who
are they being protected from?

1.4 Cyber Attackers

Attackers are individuals or groups who attempt to exploit vulnerability for personal or financial
gain. As we’ve already seen, they are interested in everything, from credit cards to product
designs.

1.4.1 Types of Attackers

Let’s look at some of the main types of cyber attackers who’ll try anything to get their hands on
our information. They are often categorized as white hat, gray hat or black hat attackers.

Select the pin icons to find out more.

Amateurs

The term 'script kiddies' emerged in the 1990s and refers to amateur or inexperienced hackers
who use existing tools or instructions found on the Internet to launch attacks. Some script kiddies
are just curious, others are trying to demonstrate their skills and cause harm. While script kiddies
may use basic tools, their attacks can still have devastating consequences.

Hackers

This group of attackers breaks into computer systems or networks to gain access. Depending on
the intent of their break in, they can be classified as white, gray or black hat hackers.

 White hat attackers break into networks or computer systems to identify any
weaknesses so that the security of a system or network can be improved. These break-ins
are done with prior permission and any results are reported back to the owner.
 Gray hat attackers may set out to find vulnerabilities in a system but they will only
report their findings to the owners of a system if doing so coincides with their agenda. Or
they might even publish details about the vulnerability on the internet so that other
attackers can exploit it.
 Black hat attackers take advantage of any vulnerability for illegal personal, financial or
political gain.

Organized hackers
 These attackers include organizations of cyber criminals, hacktivists, terrorists and state-
sponsored hackers. They are usually highly sophisticated and organized, and may even
provide cybercrime as a service to other criminals.
 Hacktivists make political statements to create awareness about issues that are important
to them.
 State-sponsored attackers gather intelligence or commit sabotage on behalf of their
government. They are usually highly trained and well-funded and their attacks are
focused on specific goals that are beneficial to their government.
1.4.2 What Color Is My Hat?
 Now that you know the different types of attackers and their motivations for doing what
they do, can you identify what color of hat is worn by the attacker in each of the
 following scenarios? This is a tricky one but remember, you can earn valuable defender
points if you answer correctly.
Select the correct answer from the dropdowns, then Submit.
1. After hacking into ATM systems remotely using a laptop, this attacker worked with the ATM
manufacturers to resolve the identified security vulnerabilities.
Answer=Gray hat
2. This attacker transferred $10 million into their bank account using customer account and PIN
credentials gathered from recordings.
Answer=Black hat
3. This attacker’s job is to identify weaknesses in a company’s computer system.
Answer=White hat
4. This attacker used malware to compromise a company’s system and steal credit card
information that was then sold to the highest bidder.
Answer=Black hat
5. While carrying out some research, this attacker stumbled across a security vulnerability on an
organization's network that they are authorized to access.
Answer=White hat
1.4.3 Internal and External Threats

Cyber-attacks can originate from within an organization as well as from outside of it.

Select the images to find out more.

1.4.4 What Do You Think?

Remember that phishing email you received earlier from one of your customers?

An investigation into this email revealed that the user accounts and access privileges of a former
employee were not fully removed from the IT systems on leaving the company. In fact, this
former employee, who now works for a competitor, logged into @Apollo’s customer database
only three days ago.
Has an internal or external security threat occurred here?

Select an answer, and then Submit.

Answer=Internal
External

Next Up

The profile of a cyber attacker varies depending on their goals, motivations and capabilities. At
the extreme, hackers can launch cyber-attacks against nations and states, wreaking havoc on their
computer systems and networks.

1.5. Cyberwarfare

Cyberwarfare, as its name suggests, is the use of technology to penetrate and attack another
nation’s computer systems and networks in an effort to cause damage or disrupt services, such as
shutting down a power grid.

1.5.1 Sign of the Times (Stuxnet)

One example of a state-sponsored attack involved the Stuxnet malware that was designed not just
to hijack targeted computers but to actually cause physical damage to equipment controlled by
computers!

Press the play button to watch a short video on the case of Stuxnet and discover the impact
this malware had on Iran’s nuclear enrichment plant.

1.5.2 The Purpose of Cyberwarfare

The main reason for resorting to cyberwarfare is to gain advantage over adversaries, whether
they are nations or competitors.

Select the arrows to find out more about how cyberwarfare is used.
To gather compromised information and/or defense secrets

A nation or international organization can engage in cyberwarfare in order to steal defense

secrets and gather information about technology that will help narrow the gaps in its industries
and military capabilities.

Furthermore, compromised sensitive data can give attackers leverage to blackmail personnel
within a foreign government.

To impact another nation’s infrastructure

Besides industrial and military espionage, a nation can continuously invade another nation’s
infrastructure in order to cause disruption and chaos.

For example, a cyber-attack could shut down the power grid of a major city. Consider the
consequences if this were to happen; roads would be congested, the exchange of goods and
services would be halted, patients would not be able to get the care they would need if an
emergency occurred, access to the internet would be interrupted. By shutting down a power grid,
a cyber-attack could have a huge impact on the everyday life of ordinary citizens.

Cyberwarfare can destabilize a nation, disrupt its commerce, and cause its citizens to lose faith
and confidence in their government without the attacker ever physically setting foot in the
targeted country.

Next Up

Cyberwarfare is a very serious issue with potentially devastating consequences, and attacks are
becoming more widespread. Now, more than ever, nations and governments need cybersecurity
professionals to help protect their citizens and infrastructure. You’ve started your cybersecurity
career at the right time!

And you’ve almost completed this first module. But before you move on, let’s check your
understanding of everything.
Question 1
An individual user profile on a social network site is an example of an
Online identity.
Question 2

Cybersecurity is the ongoing effort to protect individuals, organizations and governments from
digital attacks by protecting networked systems and data from unauthorized use or harm.

What level of cyber protection does each of the following factors require?

Your online identity=Personal

A customer database=Organizational
Economic stability=Government
Question 3

Which of the following pieces of information would be classified as personal data?

Select three correct answers

Social security number

Driver license number

Date and place of birth

Job title

IP address
Question 4

Your neighbor tells you that they don't have an online identity. They have no social media
accounts and only use the Internet to browse. Is your neighbor right?

Yes

No
Question 5

What are the foundational principles for protecting information systems as outlined in the
McCumber Cube?

Choose three correct answers

Access

Integrity

Scalability

Availability

Confidentiality

Intervention
Question 6

Which of the following methods can be used to ensure confidentiality of information?

Choose three correct answers

Backup

Version control

Data encryption

File permission settings

Two-factor authentication

Username ID and password

Question 7

Why might internal security threats cause greater damage to an organization than external
security threats?
 Internal users have better hacking skills

Internal users have direct access to the infrastructure devices

Internal users can access the organizational data without authentication

Internal users can access the infrastructure devices through the Internet
Question 8

Which of the following is a key motivation of a white hat attacker?

Taking advantage of any vulnerability for illegal personal gain

Fine tuning network devices to improve their performance and efficiency

Studying operating systems of various platforms to develop a new system

Discovering weaknesses of networks and systems to improve the security level of these systems
Question 9

Which of the following statements describes cyberwarfare?

Cyberwarfare is an attack carried out by a group of script kiddies

Cyberwarfare is simulation software for Air Force pilots that allows them to practice under a
simulated war scenario

Cyberwarfare is a series of personal protective equipment developed for soldiers involved in

nuclear war

Cyberwarfare is an Internet-based conflict that involves the penetration of information

systems of other nations
Question 10

Which of the following methods is used to check the integrity of data?

 Backup

Hashes or checksums

Encryption

Authentication
2.1.1 Types of Malware

Cybercriminals use many different types of malicious software, or malware, to carry out their
activities. Malware is any code that can be used to steal data, bypass access controls, or cause
harm to or compromise a system. Knowing what the different types are and how they spread is
key to containing and removing them.

Select the headings to find out more about some of the most common malware.

Spyware

Designed to track and spy on you, spyware monitors your online activity and can log every key
you press on your keyboard, as well as capture almost any of your data, including sensitive
personal information such as your online banking details. Spyware does this by modifying the
security settings on your devices.

It often bundles itself with legitimate software or Trojan horses.

Adware

Adware is often installed with some versions of software and is designed to automatically deliver
advertisements to a user, most often on a web browser. You know it when you see it! It’s hard to
ignore when you’re faced with constant pop-up ads on your screen.

It is common for adware to come with spyware.

Backdoor
This type of malware is used to gain unauthorized access by bypassing the normal authentication
procedures to access a system. As a result, hackers can gain remote access to resources within an
application and issue remote system commands.

A backdoor works in the background and is difficult to detect.

Ransomware

This malware is designed to hold a computer system or the data it contains captive until a
payment is made. Ransomware usually works by encrypting your data so that you can’t access it.

Some versions of ransomware can take advantage of specific system vulnerabilities to lock it
down. Ransomware is often spread through phishing emails that encourage you to download a
malicious attachment or through software vulnerability.

Scareware

This is a type of malware that uses 'scare’ tactics to trick you into taking a specific action.
Scareware mainly consists of operating system style windows that pop up to warn you that your
system is at risk and needs to run a specific program for it to return to normal operation.

If you agree to execute the specific program, your system will become infected with malware.

Rootkit

This malware is designed to modify the operating system to create a backdoor, which attackers
can then use to access your computer remotely. Most rootkits take advantage of software
vulnerabilities to gain access to resources that normally shouldn’t be accessible (privilege
escalation) and modify system files.

Rootkits can also modify system forensics and monitoring tools, making them very hard to
detect. In most cases, a computer infected by a rootkit has to be wiped and any required software
reinstalled.
Virus

A virus is a type of computer program that, when executed, replicates and attaches itself to other
executable files, such as a document, by inserting its own code. Most viruses require end-user
interaction to initiate activation and can be written to act on a specific date or time.

Viruses can be relatively harmless, such as those that display a funny image. Or they can be
destructive, such as those that modify or delete data.

Viruses can also be programmed to mutate in order to avoid detection. Most viruses are spread
by USB drives, optical disks, network shares or email.

Trojan horse

This malware carries out malicious operations by masking its true intent. It might appear
legitimate but is, in fact, very dangerous. Trojans exploit your user privileges and are most often
found in image files, audio files or games.

Unlike viruses, Trojans do not self-replicate but act as a decoy to sneak malicious software past
unsuspecting users.

Worms

This is a type of malware that replicates itself in order to spread from one computer to another.
Unlike a virus, which requires a host program to run, worms can run by themselves. Other than
the initial infection of the host, they do not require user participation and can spread very quickly
over the network.

Worms share similar patterns: They exploit system vulnerabilities, they have a way to propagate
themselves, and they all contain malicious code (payload) to cause damage to computer systems
or networks.

Worms are responsible for some of the most devastating attacks on the Internet. In 2001, the
Code Red worm had infected over 300,000 servers in just 19 hours.
2.1.2 Symptoms of Malware

So now you know about the different kinds of malware. But what do you think their symptoms
might be?

Take a pause and see what you can come up with, and when you’re ready, select the image
to reveal some possible answers.

2.1.3 What Do You Think?

Match each of the descriptions to the correct malware type by selecting an answer from
each dropdown, then Submit.

1. Malware designed to track your online activity and capture your data
Ans=Spyware
2. Software that automatically delivers advertisements
Ans=Adware
3. Malware that holds a computer system captive until a payment is made to the attacker
Ans=Ransomware
4. Malicious code that attaches to legitimate programs and usually spreads by USB drives,
optical media, network shares or email
Ans=Virus
5. Malicious code that replicates itself independently by exploiting vulnerabilities in networks
Ans=Worms
2.2 Methods of Infiltration
2.2.1 Social Engineering

Social engineering is the manipulation of people into performing actions or divulging

confidential information. Social engineers often rely on people’s willingness to be helpful, but
they also prey on their weaknesses. For example, an attacker will call an authorized employee
with an urgent problem that requires immediate network access and appeal to the employee’s
vanity or greed or invoke authority by using name-dropping techniques in order to gain this
access.

Select the arrows to find out more about some common types of social engineering attacks.

Pretexting

This is when an attacker calls an individual and lies to them in an attempt to gain access to
privileged data.

For example, pretending to need a person’s personal or financial data in order to confirm their
identity.

Tailgating

This is when an attacker quickly follows an authorized person into a secure, physical location.

Something for something (quid pro quo)

This is when an attacker requests personal information from a person in exchange for something,
like a free gift.

2.2.2 Denial-of-Service
Denial-of-Service (DoS) attacks are a type of network attack that is relatively simple to carry out,
even by an unskilled attacker. A DoS attack results in some sort of interruption of network
service to users, devices or applications.

Select the images to find out more about the two main types of DoS attacks.

DoS attacks are considered a major risk because they can easily interrupt communication and
cause significant loss of time and money.
2.2.3 Distributed DoS

A Distributed DoS (DDoS) attack is similar to a DoS attack but originates from multiple,
coordinated sources. For example:

 An attacker builds a network (botnet) of infected hosts called zombies, which are
controlled by handler systems.
 The zombie computers will constantly scan and infect more hosts, creating more and
more zombies.
 When ready, the hacker will instruct the handler systems to make the botnet of zombies
carry out a DDoS attack.

2.2.4 Botnet
A bot computer is typically infected by visiting an unsafe website or opening an infected
email attachment or infected media file. A botnet is a group of bots, connected through
the Internet, that can be controlled by a malicious individual or group. It can have tens of
thousands, or even hundreds of thousands, of bots that are typically controlled through a
command and control server.
These bots can be activated to distribute malware, launch DDoS attacks, distribute spam
email, or execute brute-force password attacks. Cybercriminals will often rent out botnets
to third parties for nefarious purposes.
Many organizations. like Cisco, force network activities through botnet traffic filters to
identify any botnet locations.
Select the image to find out more.
2.2.5 on-Path Attacks

On-path attackers intercept or modify communications between two devices, such as a web
browser and a web server, either to collect information from or to impersonate one of the
devices.

This type of attack is also referred to as a man-in-the-middle or man-in-the-mobile attack.

Select the images to find out more about these.

There are a lot of ways for cybercriminals to infiltrate your systems and networks, but
it’s important that you know what these are.

Let’s keep going!

2.2.6 SEO Poisoning

You’ve probably heard of search engine optimization or SEO which, in simple terms, is about
improving an organization’s website so that it gains greater visibility in search engine results.

So what do you think SEO poisoning might be? Take a moment to consider this and when
you’re ready, select the image to find out if you were right!

2.2.7 Wi-Fi Password Cracking

You’re enjoying your lunch in the canteen when a colleague approaches you. They seem
distressed.

They explain that they can’t seem to connect to the public Wi-Fi on their phone and ask if you
have the private Wi-Fi password to hand so that they can check that their phone is working.

How would you respond?

Select the correct answer, and then Submit.

“Sure. It’s Xgff76dB.”

“Mmm... I’m not sure we’re allowed to use the private Wi-Fi network. Let me check with
my manager first.”

“Yes, of course. Give me your phone and I’ll put it in for you.”
That’s right!

This colleague could be carrying out a social engineering attack, manipulating you to provide the
password used to protect the organization’s private wireless network. You can never be too
careful – and, for answering correctly, you’ve earned some defender points. Well done!

Hackers have other techniques up their sleeves. Some use brute-force attacks, testing possible
password combinations to try and guess a password. Others are able to identify unencrypted
passwords by listening in and capturing packets sent on the network. This is called network
sniffing. If the password is encrypted, they may still be able to reveal it using a password
cracking tool.

2.2.8 Password Attacks

Entering a username and password is one of the most popular forms of authenticating to a web
site. Therefore, uncovering your password is an easy way for cybercriminals to gain access to
your most valuable information.

Select the headings to find out more about some of the common password security attacks.

Password spraying

This technique attempts to gain access to a system by ‘spraying’ a few commonly used
passwords across a large number of accounts. For example, a cybercriminal uses 'Password123'
with many usernames before trying again with a second commonly-used password, such as
‘qwerty.’

This technique allows the perpetrator to remain undetected as they avoid frequent account
lockouts.

Dictionary attacks

A hacker systematically tries every word in a dictionary or a list of commonly used words as a
password in an attempt to break into a password-protected account.
Brute-force attacks

The simplest and most commonly used way of gaining access to a password-protected site,
brute-force attacks see an attacker using all possible combinations of letters, numbers and
symbols in the password space until they get it right.

Rainbow attacks

Passwords in a computer system are not stored as plain text, but as hashed values (numerical
values that uniquely identify data). A rainbow table is a large dictionary of precomputed hashes
and the passwords from which they were calculated.

Unlike a brute-force attack that has to calculate each hash, a rainbow attack compares the hash of
a password with those stored in the rainbow table. When an attacker finds a match, they identify
the password used to create the hash.

Traffic interception

Plain text or unencrypted passwords can be easily read by other humans and machines by
intercepting communications.

If you store a password in clear, readable text, anyone who has access to your account or device,
whether authorized or unauthorized, can read it.

2.2.9 Cracking Times

It looks as if the hackers are trying everything to crack @Apollo’s private Wi-Fi password. We
have to make sure that the password is strong enough to withstand their attack!

Take a look at the following passwords. Click the numbers to put them in the correct order
according to how long you think it would take an attacker to crack each one using brute-force,
where 1 is the shortest amount of time and 4, the highest.
That’s right! You’ve secured the organization’s private Wi-Fi password and earned some
more defender points — great work!

Carrying out brute-force attacks involves the attacker trying several possible combinations in an
attempt to guess the password. These attacks usually involve a word-list file — a text file
containing a list of words from a dictionary. A program such as Ophcrack, L0phtCrack, THC
Hydra, Rainbow Crack or Medusa will then try each word and common combinations until it
finds a match.

Password

3trawberry

K4km9n2R

H$1gh#7iD@3

2.2.10 Advanced Persistent Threats

Attackers also achieve infiltration through advanced persistent threats (APTs) — a multi-phase,
long term, stealthy and advanced operation against a specific target. For these reasons, an
individual attacker often lacks the skill set, resources or persistence to perform APTs.

Due to the complexity and the skill level required to carry out such an attack, an APT is usually
well-funded and typically targets organizations or nations for business or political reasons.

Its main purpose is to deploy customized malware on one or more of the target’s systems and
remain there undetected.

2.2.11 it’s over to you.

Phew! That’s a lot to take in and hackers certainly have a lot of tools at their disposal. It is
important that you know what these are so that you can protect yourself and @Apollo.
You think back to some of the suspicious activities that you’ve seen recently in the organization.
Based on what you have learned in this topic, what type of attack could each of these scenarios
be? Take your time with this one. You have a chance to earn some much-needed defender points.

Select the correct answer from the dropdowns, then Submit.

On your way into the office, a person whom you have never seen before asks you to hold the
door — they forgot their access card
Social engineering
You have started getting an error message when accessing your computer: ‘Your connection was
interrupted. A network change was detected.’
DoS
You searched for @Apollo’s website on Google, but when you clicked on the top result, you
were redirected to page advertising antivirus software
SEO poisoning
.2.11 it’s over to you.

That’s right!

You were able to identify the potential attacks that could be happening right under your nose.
Remember, it’s important to stay alert and be mindful of all of the ways that attackers are trying
to catch you out. Bear in mind that many modern attacks involve a blend of these methods, with
cybercriminals often using multiple techniques to infiltrate and attack a system.

2.3.1 Security Vulnerabilities and Export

Before we get into the details, let’s start by outlining some key terms that you need to know.

Security vulnerabilities are any kind of software or hardware defect. A program written to take
advantage of a known vulnerability is referred to as an exploit. A cybercriminal can use an
exploit against a vulnerability to carry out an attack, the goal of which is to gain access to a
system, the data it hosts or a specific resource.
2.3.1 Hardware Vulnerabilities

Hardware vulnerabilities are most often the result of hardware design flaws. For example, the
type of memory called RAM basically consists of lots of capacitors (a component which can
hold an electrical charge) installed very close to one another. However, it was soon discovered
that, due to their close proximity, changes applied to one of these capacitors could influence
neighbor capacitors. Based on this design flaw, an exploit called Row hammer was created. By
repeatedly accessing (hammering) a row of memory, the Row hammer exploit triggers electrical
interferences that eventually corrupt the data stored inside the RAM.

Meltdown and Spectre

Google security researchers discovered Meltdown and Spectre, two hardware vulnerabilities that
affect almost all central processing units (CPUs) released since 1995 within desktops, laptops,
servers, smartphones, smart devices and cloud services.

Attackers exploiting these vulnerabilities can read all memory from a given system (Meltdown),
as well as data handled by other applications (Spectre). The Meltdown and Spectre vulnerability
exploitations are referred to as side-channel attacks (information is gained from the
implementation of a computer system). They have the ability to compromise large amounts of
memory data because the attacks can be run multiple times on a system with very little
possibility of a crash or other error.

Hardware vulnerabilities are specific to device models and are not generally exploited through
random compromising attempts. While hardware exploits are more common in highly targeted
attacks, traditional malware protection and good physical security are sufficient protection for
the everyday user.

2.3.2 Software Vulnerabilities

Software vulnerabilities are usually introduced by errors in the operating system or application
code.
Select the logo to find out more about the SYNful Knock vulnerability discovered in Cisco
Internetwork Operating System (IOS) in 2015.

2.3.3 Categorizing Software Vulnerabilities

Most software security vulnerabilities fall into several main categories.

Select the headings to find out what these are.

Buffer overflow

Buffers are memory areas allocated to an application. Vulnerability occurs when data is written
beyond the limits of a buffer. By changing data beyond the boundaries of a buffer, the
application can access memory allocated to other processes. This can lead to a system crash
or data compromise, or provide escalation of privileges.

Non-validated input

Programs often require data input, but this incoming data could have malicious content, designed
to force the program to behave in an unintended way.

For example, consider a program that receives an image for processing. A malicious user could
craft an image file with invalid image dimensions. The maliciously crafted dimensions could
force the program to allocate buffers of incorrect and unexpected sizes.

Race conditions
This vulnerability describes a situation where the output of an event depends on ordered or timed
outputs. A race condition becomes a source of vulnerability when the required ordered or timed
events do not occur in the correct order or at the proper time.

Weaknesses in security practices

Systems and sensitive data can be protected through techniques such as authentication,
authorization and encryption. Developers should stick to using security techniques and libraries
that have already been created, tested and verified and should not attempt to create their own
security algorithms. These will only likely introduce new vulnerabilities.

Access control problems

Access control is the process of controlling who does what and ranges from managing physical
access to equipment to dictating who has access to a resource, such as a file, and what they can
do with it, such as read or change the file. Many security vulnerabilities are created by the
improper use of access controls.

Nearly all access controls and security practices can be overcome if an attacker has physical
access to target equipment. For example, no matter the permission settings on a file, a hacker can
bypass the operating system and read the data directly off the disk. Therefore, to protect the
machine and the data it contains, physical access must be restricted, and encryption techniques
must be used to protect data from being stolen or corrupted.

2.3.4 Software Updates

The goal of software updates is to stay current and avoid exploitation of vulnerabilities.
Microsoft, Apple and other operating system producers release patches and updates almost every
day and applications such as web browsers, mobile apps and web servers are often updated by
the companies or organizations responsible for them.

Despite the fact that organizations put a lot of effort into finding and patching software
vulnerabilities, new vulnerabilities are discovered regularly. That’s why some organizations use
third party security researchers who specialize in finding vulnerabilities in software, or actually
invest in their own penetration testing teams dedicated to search, find and patch software
vulnerabilities before they can get exploited.

Google’s Project Zero is a great example of this practice. After discovering a number of
vulnerabilities in various software used by end users, Google formed a permanent team dedicated
to finding software vulnerabilities. You can find out more about Google’s security research here.

2.3.5 What Do You Think?

This has made you think about some of the vulnerabilities that may exist at @Apollo. After some
investigation you’ve noted some potential issues.

Can you identify what category each of these vulnerabilities falls into? You have a chance to
earn some defender points here and further safeguard @Apollo, so take your time.

Choose the correct answer from each of the dropdowns, then Submit. On starting at
@Apollo, your network password was emailed to you in plain text and you were not prompted to
change it

Ans=Weakness in security practice

Past employees still have access to @Apollo’s customer database
Ans=Access control problem
New users can log into their @Apollo account, even if they have signed up with an incorrectly
formatted email address
Ans=Non-validated input

That’s right! Great work!

You’ve correctly identified the potential security issues and have taken a step closer to
safeguarding @Apollo from attack. Remember:

 Emailing sensitive information such as passwords in plain text is extremely risky and is a
weakness in security practice. This information should at the very least be encrypted.
  Past employees should not have access to customer information when leaving a company.
This is a serious access control problem.
 New users need to be validated before anything else can be done with their data. Using an
incorrectly formatted email address to log on is a non-validated input error.

Check your progress by clicking on the shield icon in the top right hand corner of your screen.

2.4. The Cyber Security Landscape

2.4.1 Cryptocurrency

Cryptocurrency is digital money that can be used to buy goods and services, using strong
encryption techniques to secure online transactions. Banks, governments and even companies
like Microsoft and AT&T are very aware of its importance and are jumping on the
cryptocurrency bandwagon!

Select the pins to find out more about how cryptocurrency transactions work.

Approximately every ten minutes, special computers collect data about the latest cryptocurrency
transactions, turning them into mathematical puzzles to maintain confidentiality.

These transactions are then verified through a technical and highly complex process known as
‘mining.’ This step typically involves an army of ‘miners’ working on high-end PCs to solve
mathematical puzzles and authenticate transactions.

Once verified, the ledger is updated and electronically copied and disseminated worldwide to
anyone belonging to the block chain network, effectively completing a transaction.

Cryptocurrency owners keep their money in encrypted, virtual ‘wallets.’ When a transaction
takes place between the owners of two digital wallets, the details are recorded in a decentralized,
electronic ledger or block chain system. This means it is carried out with a degree of anonymity
and is self-managed, with no interference from third parties such as central banks or government
entities.

2.4.2 Crypto jacking

Crypto jacking is an emerging threat that hides on a user’s computer, mobile phone, tablet,
laptop or server, using that machine’s resources to 'mine’ cryptocurrencies without the
user's consent or knowledge.

Many victims of crypto jacking didn’t even know they’d been hacked until it was too late!

3.1 protecting your device and networking

3.1.2 Protecting Your Computing Devices

Your computing devices are the portal to your online life, storing a lot of your personal data.
Therefore, it’s important to protect the security of your devices.

Select the headings for some top tips on how to do this.

Turn the firewall on

You should use at least one type of firewall (either a software firewall or a hardware firewall on
a router) to protect your device from unauthorized access. The firewall should be turned on and
constantly updated to prevent hackers from accessing your personal or organization data.

You can click here to learn how to turn on the firewall in Windows 10, or click here for Mac OS
X devices.

Install antivirus and antispyware

Malicious software, such as viruses and spyware, are designed to gain unauthorized access to
your computer and your data. Once installed, viruses can destroy your data and slow down your
computer. They can even take over your computer and broadcast spam emails using your
account. Spyware can monitor your online activities, collect your personal information or
produce unwanted pop-up ads on your web browser while you are online.

To prevent this, you should only ever download software from trusted websites. However, you
should always use antivirus software to provide another layer of protection. This software, which
often includes antispyware, is designed to scan your computer and incoming email for viruses
and delete them. Keeping your software up to date will protect your computer from any new
malicious software that emerges.

Manage your operating system and browser

Hackers are always trying to take advantage of vulnerabilities that may exist in your operating
system (such as Microsoft Windows or macOS) or web browser (such as Google Chrome or
Apple Safari).

Therefore, to protect your computer and your data, you should set the security settings on your
computer and browser to medium level or higher. You should also regularly update your
computer’s operating system, including your web browser, and download and install the latest
software patches and security updates from the vendors.

Set up password protection

All of your computing devices, including PCs, laptops, tablets and smartphones, should be
password protected to prevent unauthorized access. Any stored information, especially sensitive
or confidential data, should be encrypted. You should only store necessary information on your
mobile device, in case it is stolen or lost.

Remember, if any one of your devices is compromised, the criminals may be able to access all of
your data through your cloud storage service provider, such as iCloud or Google Drive.

IoT devices pose an even greater risk than your other computing devices. While desktop, laptop
and mobile platforms receive frequent software updates, most IoT devices have their original
software. If vulnerabilities are found in the software, the IoT device is likely to be vulnerable.
And to make the problem worse, IoT devices require Internet access, most often relying on your
local network. The result is that when IoT devices are compromised, they allow hackers access
to your local network and data. The best way to protect you from this scenario is to set up any
IoT devices on an isolated network.
Check out Shodan, a web-based IoT device scanner that helps you identify any vulnerable
devices on the Internet.

3.1.3 Wireless Network Security at Home

Wireless networks allow Wi-Fi enabled devices, such as laptops and tablets, to connect to the
network by way of a preset network identifier, known as the service set identifier (SSID).
Although a wireless router can be configured so that it doesn’t broadcast the SSID, this should
not be considered adequate security for a wireless network.

Hackers will be aware of the preset SSID and default password. Therefore, these details should
be changed to prevent intruders from entering your home wireless network. Furthermore, you
should encrypt wireless communication by enabling wireless security and the WPA2 encryption
feature on your wireless router. But be aware, even with WPA2 encryption enabled, a wireless
network can still be vulnerable.

Select the image to find out more about the discovery of a security flaw in the WPA2
protocol in 2017.

3.1.4 Public Wi-Fi Risks

When you are away from home, you can access your online information and surf the Internet via
public wireless networks or Wi-Fi hotspots. However, there are some risks involved, which mean
that it is best not to access or send any personal information when using public Wi-Fi.

You should always verify that your device isn’t configured with file and media sharing and that
it requires user authentication with encryption.

You should also use an encrypted VPN service to prevent others from intercepting your
information (known as ‘eavesdropping’) over a public wireless network. This service gives you
secure access to the Internet, by encrypting the connection between your device and the VPN
server. Even if hackers intercept a data transmission in an encrypted VPN tunnel, they will not be
able to decipher it.

3.1.5 Password Security

You’ve logged into your new laptop and it has prompted you to change your network password.
You already struggle to remember the few passwords you use for your personal accounts online.

You ask one of your colleagues for their advice. They tell you to use one of the passwords you
use for your personal accounts — that are what they do! They keep their personal passwords
written down at the back of their diary, just in case they forget them.

How would you rate your colleague’s attitude to password security on a scale of 1 (bad practice)
to 5 (good practice)?

Make your choice by sliding the marker on the scale, then Submit.

3.1.6 A Strong Password

Here are a few simple tips to help you when choosing a strong password.

3.1.7 Using a Passphrase

In order to prevent unauthorized access to your devices, you should consider using passphrases
instead of passwords. A passphrase generally takes the form of a sentence (‘Acat
th@tlov3sd0gs.’), making it easier for you to remember. And because it’s longer than a typical
password, it’s less vulnerable to dictionary or brute-force attacks.

Here are a few tips for creating a good passphrase.

3.1.8 Password Guidelines

The United States National Institute of Standards and Technology (NIST) has published
improved password requirements. NIST standards are intended for government applications but
can serve as a standard for other sectors as well.

Select the image for a summary of these guidelines.

3.1.9 Password Check

Based on all this information, you’re ready to update your network password. You are
considering several potential options.

Take a look at each of the passwords and decide if you think it’s a strong or weak option. Get
this right and you’ll improve your privacy settings.
3.2 Data Maintenance

3.2.1 What Is Encryption?

Encryption is the process of converting information into a form in which unauthorized

parties cannot read it. Only a trusted, authorized person with the secret key or password can
decrypt the data and access it in its original form.

Note that the encryption itself does not prevent someone from intercepting the data. It can only
prevent an unauthorized person from viewing or accessing the content. In fact, some criminals
may decide to simply encrypt your data and make it unusable until you pay a ransom.

3.2.2 How Do You Encrypt Your Data?

Software programs are used to encrypt files, folders and even entire drives.

Encrypting File System (EFS) is a Windows feature that can encrypt data. It is directly linked to
a specific user account and only the user that encrypts the data will be able to access it after it has
been encrypted using EFS.

Select the headings to discover how to encrypt data using EFS in all Windows versions.

3.2.3 Back Up Your Data

Having a backup may prevent the loss of irreplaceable data. To back up data properly, you will
need an additional storage location for the data and you must copy the data to that location
regularly.

Select the pins to explore some of these additional storage locations.

Home network

Storing your data locally means that you have total control of it.

Secondary location
You could copy all of your data to a network attached storage device (NAS), a simple external
hard drive or maybe even back up important folders on thumb drives, CDs, DVDs or tapes. In
this scenario, you are the owner of the data and you are totally responsible for the cost and
maintenance of the storage device equipment.

The cloud

You could subscribe to a cloud storage service, like Amazon Web Services (AWS). The cost of
this service will depend on the amount of storage space you need, so you may need to be more
selective about what data you back up. You will have access to your backup data as long as you
have access to your account.

3.2.4 Are They Really Gone?

You’ve logged into your laptop but it contains some photos belonging to the previous user, who
no longer works at @Apollo. Your line manager asks you to delete them. You drag the photos
into the recycle bin, open the recycle bin, select them and click ‘Delete’ once again. That should
do it!

Do you think the photos are really gone from the laptop?

Select the correct answer, and then Submit.

No, the photos are just inaccessible from the operating system

3.2.5 How Do You Delete Your Data Permanently?

Have you ever had to delete data or get rid of a hard drive? If so, did you take any precautions to
safeguard the data to keep it from falling into the wrong hands?

Select the images to find out what you should do to ensure you delete your files securely and
permanently.
3.3 Who Owns Your Data
3.3.1 Terms of Service

You have been asked to set up an online photo storage and sharing account to be used for
creative collaboration with the design department and other teams at @Apollo.

When signing up, you are prompted to sign a service agreement with the provider. You don’t
think too much about it and agree to all the terms without reading them.

3.3.2 Understand the Terms

The Terms of Service will include a number of sections, from user rights and responsibilities to
disclaimers and account modification terms.

Select the arrows to find out more.

The data use policy outlines how the service provider will collect, use and share your data.

The privacy settings allow you to control who sees information about you and who can access
your profile or account data.

The security policy outlines what the company is doing to secure the data it obtains from you.

3.3.3 What Are You Agreeing To?

You have successfully created the @Apollo account and agreed to the Terms of Service of the
online photo sharing company. But do you really know what you have signed up for?

3.3.4 The Data Use Policy

The data use policy of the company you used to set up the account states that for any content you
publish: “you grant us a non-exclusive, transferable, sub-licensable, royalty-free, and worldwide
license to host, use, distribute, modify, run, copy, publicly perform or display, translate, and
create derivative works of your content (consistent with your privacy and application settings)”.

3.4. Safeguarding Your Online Privacy

3.4.1 Two Factor Authentication

Popular online services, such as Google, Facebook, Twitter, LinkedIn, Apple and Microsoft, use
two factor authentications to add an extra layer of security for account logins.

Besides your username and password or personal identification number (PIN), two factor
authentications require a second token to verify your identity. This may be a:

 physical object such as a credit card, mobile phone or fob

 biometric scan such as a fingerprint or facial and voice recognition
 Verification code sent via SMS or email.

3.4.2 Open Authorization

  Open authorization (OAuth) is an open standard protocol that allows you to use your
credentials to access third-party applications without exposing your password.
 Select the arrows to see what this means in practice.

You are looking forward to registering for Cisco’s ‘Cybersecurity Essentials,’ the next course in
this series, to help you develop your career. But you must be logged into the eLearning portal to
do so.

You can’t remember your login details, but that’s OK. The portal gives you the option of logging
in using your credentials from a social media website such as Facebook or via another account
such as Google.

So instead of having to reset your login details, you log into the eLearning portal using your
existing social media accounts and register for your next course with ease. You can’t wait to get
started!