The Yak Online Governance Primer
Based on the Amazon reviews, I decided to go with the second of these, even though the instructors indicated that they were not going to be following it closely.
The instructors are recommending an A+ or Networking+ certification before this. I don’t have that, so we’ll have to see how well I do.
The test itself is (up to) 90 question that are a mix of multiple-choice, drag-and-drop, and simulation. Passing score is 750/900 (so, ~75 questions correct). It’s currently $381 to take.
Social engineering is an attack against people: “Bad people tricking authorized users.” Generally the social engineer (threat) tries to leverage (attack) common psychological traits (vulnerabilities) in order to gain access to a system, obtain sensitive information, or forward some other objective.
Types of phishing:
There’s also spam and “spim” (instant messaging spam), which can be phishing, but can also just be annoying.
Phishing may not always involve credential harvesting; it can also be about installing malware, or even just getting someone to perform an action on behalf of the attacker (so, I guess gift card scams are actually a form of phishing…).
Basically, this role is all about monitoring and triage. Maybe some application configuration.
This is what you want a Security+ certification for (oh, hi there).
Security Operations Centers (SOCs) are typically divided into three tiers:
Interesting shout-out to Feedly as a threat monitoring tool. I periodically return to Feedly, but can’t help shake the feeling that I’m missing something that would help me use it more effectively…