Sign up to save your podcasts
Or
Share Course 7 - Secure SDLC (Software Development Life Cycle) | Episode 2: Malware, Social Engineering, GRC, and Secure Development Practices
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Course 7 - Secure SDLC (Software Development Life Cycle) | Episode 2: Malware, Social Engineering, GRC, and Secure Development Practices
In this lesson, you’ll learn about: Security Awareness Training — Secure SDLC Phase 1 1. Security Awareness Training (SAT) Fundamentals
You can listen and download our episodes for free on more than 10 different platforms:
https://linktr.ee/cybercode_academy
- SAT is the education process that teaches employees and users about cybersecurity, IT best practices, and regulatory compliance.
- Human error is the biggest factor in breaches: 95% of breaches are caused by human error.
- SAT reduces human mistakes, protects sensitive PII, prevents data breaches, and engages developers, network teams, and business users.
- Password policy and secure authentication
- PII management
- Phishing and phone scams
- Physical security
- BYOD (Bring Your Own Device) threats
- Public Wi-Fi protection
- New employee onboarding
- Online self-paced modules
- Club-based training portals
- Interactive video training
- Training with certification exams
- Virus: Infects other files by modifying legitimate hosts (the only malware that infects files).
- Adware: Exposes users to unwanted or malicious advertising.
- Rootkit: Grants stealthy, unauthorized access and hides its presence; may require OS reinstallation to remove.
- Spyware: Logs keystrokes to steal passwords or intellectual property.
- Ransomware: Encrypts data and demands cryptocurrency payments, usually spread via Trojans.
- Trojans: Malicious programs disguised as legitimate files or software.
- RAT (Remote Access Trojan): Allows long-term remote control of systems without the user’s knowledge.
- Worms: Self-replicating malware that spreads without user action.
- Keyloggers: Capture keystrokes to steal credentials or financial information.
- Social engineering = manipulating people to obtain confidential information.
Attackers target trust because it is easier to exploit than software.
- Phishing: Most common attack; uses fraudulent links, urgency, and fake messages.
- 93% of successful breaches start with phishing.
- Baiting: Offers something attractive (free downloads/USBs) to trick users into installing malware or revealing credentials.
- Pretexting: Creates a false scenario to build trust and steal information.
- Distrust Attacks: Creates conflict or threatens exposure to extort money or access.
- Tailgating/Piggybacking: Attacker physically follows an authorized employee into a restricted area.
- Understanding the difference between phishing and spear phishing.
- Recognizing that 53% of all attacks are phishing-based.
- Using 10 email verification steps, including:
- Check sender display name
- Look for spelling errors
- Be skeptical of urgency/threats
- Inspect URLs before clicking
- Governance: Board-level processes to lead the organization and achieve business goals.
- Risk Management: Predicting, assessing, and managing uncertainty and security risks.
- Compliance: Ensuring adherence to laws, regulations, and internal policies.
- HIPAA — Healthcare data protection
- SOX — Corporate financial reporting integrity
- FISMA — Federal information system standards
- PCI-DSS — Secure cardholder data; employees must acknowledge policies in writing
- ISO/IEC 27001 — International information security standard
- GDPR — EU data privacy
- CCPA — California privacy law
- OWASP Top 10 — Most critical web application security risks
- SANS CWE Top 25 — Most dangerous software weaknesses
- OWASP ASVS — Security verification requirements for secure development
- BSIMM — Framework for building and assessing software security programs
- OWASP Mobile Top 10 — Mobile application security risks
- API and IoT security guidelines
- Security awareness must be continuously updated to address new threats.
- Security Operations Center (SOC):
- Monitors systems
- Detects and analyzes threats
- Coordinates defense and response
- Information Security Communication:
- Acts as the bridge between business units and IT security
- Ensures employees remain informed and educated
You can listen and download our episodes for free on more than 10 different platforms:
https://linktr.ee/cybercode_academy
View all episodes
By CyberCode AcademyIn this lesson, you’ll learn about: Security Awareness Training — Secure SDLC Phase 1 1. Security Awareness Training (SAT) Fundamentals
You can listen and download our episodes for free on more than 10 different platforms:
https://linktr.ee/cybercode_academy
- SAT is the education process that teaches employees and users about cybersecurity, IT best practices, and regulatory compliance.
- Human error is the biggest factor in breaches: 95% of breaches are caused by human error.
- SAT reduces human mistakes, protects sensitive PII, prevents data breaches, and engages developers, network teams, and business users.
- Password policy and secure authentication
- PII management
- Phishing and phone scams
- Physical security
- BYOD (Bring Your Own Device) threats
- Public Wi-Fi protection
- New employee onboarding
- Online self-paced modules
- Club-based training portals
- Interactive video training
- Training with certification exams
- Virus: Infects other files by modifying legitimate hosts (the only malware that infects files).
- Adware: Exposes users to unwanted or malicious advertising.
- Rootkit: Grants stealthy, unauthorized access and hides its presence; may require OS reinstallation to remove.
- Spyware: Logs keystrokes to steal passwords or intellectual property.
- Ransomware: Encrypts data and demands cryptocurrency payments, usually spread via Trojans.
- Trojans: Malicious programs disguised as legitimate files or software.
- RAT (Remote Access Trojan): Allows long-term remote control of systems without the user’s knowledge.
- Worms: Self-replicating malware that spreads without user action.
- Keyloggers: Capture keystrokes to steal credentials or financial information.
- Social engineering = manipulating people to obtain confidential information.
Attackers target trust because it is easier to exploit than software.
- Phishing: Most common attack; uses fraudulent links, urgency, and fake messages.
- 93% of successful breaches start with phishing.
- Baiting: Offers something attractive (free downloads/USBs) to trick users into installing malware or revealing credentials.
- Pretexting: Creates a false scenario to build trust and steal information.
- Distrust Attacks: Creates conflict or threatens exposure to extort money or access.
- Tailgating/Piggybacking: Attacker physically follows an authorized employee into a restricted area.
- Understanding the difference between phishing and spear phishing.
- Recognizing that 53% of all attacks are phishing-based.
- Using 10 email verification steps, including:
- Check sender display name
- Look for spelling errors
- Be skeptical of urgency/threats
- Inspect URLs before clicking
- Governance: Board-level processes to lead the organization and achieve business goals.
- Risk Management: Predicting, assessing, and managing uncertainty and security risks.
- Compliance: Ensuring adherence to laws, regulations, and internal policies.
- HIPAA — Healthcare data protection
- SOX — Corporate financial reporting integrity
- FISMA — Federal information system standards
- PCI-DSS — Secure cardholder data; employees must acknowledge policies in writing
- ISO/IEC 27001 — International information security standard
- GDPR — EU data privacy
- CCPA — California privacy law
- OWASP Top 10 — Most critical web application security risks
- SANS CWE Top 25 — Most dangerous software weaknesses
- OWASP ASVS — Security verification requirements for secure development
- BSIMM — Framework for building and assessing software security programs
- OWASP Mobile Top 10 — Mobile application security risks
- API and IoT security guidelines
- Security awareness must be continuously updated to address new threats.
- Security Operations Center (SOC):
- Monitors systems
- Detects and analyzes threats
- Coordinates defense and response
- Information Security Communication:
- Acts as the bridge between business units and IT security
- Ensures employees remain informed and educated
You can listen and download our episodes for free on more than 10 different platforms:
https://linktr.ee/cybercode_academy