Intro Playlist Concepts

Professor's Introduction to CyberSecurity (videos 1–9)

Mission tie-in: Covers CIA, security layers, threats, and Sec-SDLC from the professor's intro lectures — so you can skip re-watching all 9 videos before the exam.

CIA triad + security layers

CIA Triad Confidentiality Integrity Availability Protected by layers: Physical Personal Operations Comms Network Info McCumber Cube: CIA × data states × (policy, education, technology)
Confidentiality
Only authorized users access data (secrecy).
Integrity
No unauthorized modification of data.
Availability
Systems and data accessible when needed.
Asset
Anything of value to protect (data, systems, hardware).
Threat
Any source of danger (hackers, malware, disasters).
Vulnerability
Weakness an attacker can exploit.
Subject vs Object
Subject = active (user/program); Object = passive (file, database).

Video-by-video map

V1 — Information Security

InfoSec = risk management balancing threats vs security controls. Evolved from physical computer security (protecting mainframes).

V2 — Securing Accounts

Authentication
Prove identity (username + password).
Authorization
What you're allowed to do after auth.
Brute force
Try every password combination.
Dictionary attack
Try common/leaked passwords from a word list.
Security vs usability
Stronger passwords = harder for users (trade-off).

V3 — Security Layers

Defense in depth: Physical → Personal → Operations → Communications → Network → Information security.

V4 — Sec-SDLC

Information system
Hardware, software, data, people, procedures.
Bottom-up approach
Admins act alone — fast but no management support; often fails.
Top-down approach
Management-driven policies, funding, responsibilities — succeeds.
Sec-SDLC
Security integrated into system development life cycle.

V5–V6 — Attack demos

Brute force on zipped files; dictionary attack with pattern templates (crunch tool).

V7 — Security Roles

CIO, CISO, data owner (sets access), data custodian (stores/maintains), security as art + science + social science.

V8–V9 — Threats

Malware
Virus (needs user), worm (self-spreads), trojan (backdoor).
Shoulder surfing
Spy on screen/keyboard for passwords.
Hacker vs cracker
Hacker explores; cracker destroys or steals.
Human error
Employees = biggest threat to sensitive data.
Information extortion
Steal data, demand ransom.
Cut for 2-day cram (not in playlist): Classical ciphers, 3DES, block modes, ECC, MACs, birthday attack — textbook only unless professor adds them.

Retrieval practice

Which layer protects data in transit (email, phone)?

Retrieval practice

Authentication proves identity; authorization decides what?

Stuck? Ask: "Quiz me on CIA vs security layers" or "Explain top-down vs bottom-up."