Cybersecurity Resources

Educational and reference material

What an MSSP Does
A Managed Security Service Provider monitors, analyzes, and responds to security events across networks, endpoints, and systems. Services typically include log monitoring, alert triage, and threat analysis.

MSSP vs Internal Security Teams
Internal teams focus on daily operational security tasks. MSSP services commonly supplement coverage, monitoring hours, or specialized capabilities.

Endpoint Protection Explained
Endpoint protection focuses on devices such as laptops, desktops, and servers. Controls may include malware detection, behavioral monitoring, and access restriction.

Identity and Access Management
Identity and access management controls determine who can access systems and data. Proper configuration reduces unauthorized access and privilege misuse.

Network Segmentation
Network segmentation separates systems into controlled zones. This limits lateral movement during a security event.

Firewall Rule Design
Firewall rules define permitted and denied traffic. Minimal and documented rule sets reduce attack exposure.

IDS vs IPS
Intrusion Detection Systems generate alerts when suspicious activity is observed. Intrusion Prevention Systems actively block identified threats.

Zero Trust Overview
Zero Trust models treat all access attempts as untrusted by default. Access decisions rely on identity, device state, and context.

Cybersecurity Readiness
Readiness reflects visibility into assets, patch levels, access controls, and monitoring coverage.

Common Attack Vectors
Frequently observed entry points include phishing, exposed services, weak credentials, and outdated software.

Asset Inventory Importance
Maintaining an asset inventory supports patching, monitoring, and incident response activities.

Backup Fundamentals
Backups provide recovery options following system failure or data corruption. Offline or immutable backups reduce risk.

Security Incident Overview
A security incident involves unauthorized access, misuse, or disruption of systems or data.

Incident Response Phases
Common phases include identification, containment, eradication, recovery, and review.

Containment vs Eradication
Containment limits impact. Eradication removes the root cause.

Post-Incident Review
Reviews identify lessons learned and improvement opportunities.

NIST Cybersecurity Framework
The NIST CSF provides structured guidance across identify, protect, detect, respond, and recover functions.

PCI-DSS Overview
PCI-DSS applies to organizations handling payment card data and outlines technical and administrative safeguards.

HIPAA Security Rule
HIPAA defines safeguards for protecting electronic protected health information.

SOC 2 Overview
SOC 2 focuses on controls related to security, availability, and confidentiality.

Acceptable Use Policy
Defines permitted and prohibited use of systems and resources.

Password Policy
Establishes requirements for password length, rotation, and protection.

BYOD Policy
Outlines security expectations for personally owned devices accessing organizational resources.

Incident Response Plan
Documents roles, communication paths, and procedures during security events.

Phishing Indicators
Indicators include unexpected attachments, urgent language, and mismatched sender addresses.

Social Engineering
Social engineering relies on manipulation rather than technical exploits.

Password Management
Password managers reduce reuse and exposure.

Physical Security
Physical access controls limit unauthorized entry to systems and facilities.