Episoder
-
Cyber Essentials
In this second part of the cyber essentials scheme we examine what the scope of it is, how you define your scope, and what is not in scope.
Further reading:
NCSC website: https://www.ncsc.gov.uk/cyberessentials/overview
IASME (NCSC partner): https://iasme.co.uk/cyber-essentials/
Music by Jahzzar and used under CC BY-SA 4.0 license: creativecommons.org/licenses/by-sa/4.0/ -
Cyber Essentials
The UK has a certification scheme called Cyber Essentials to help improve cyber security. In this podcast we help you understand what the cyber essentials and cyber essentials plus schemes are, and why you should follow the advice contained in the essentials. This podcast provides and overview of the scheme, and later podcasts will go into the detail of them.
Further reading:
NCSC website: https://www.ncsc.gov.uk/cyberessentials/overview
IASME (NCSC partner): https://iasme.co.uk/cyber-essentials/
Music by Jahzzar and used under CC BY-SA 4.0 license: creativecommons.org/licenses/by-sa/4.0/ -
Manglende episoder?
-
Honeypots and Deception
Ever wondered what honeypots have to do with cyber security and how to use them to give high quality alerts about an attack? Listen to understand.
Music by Jahzzar and used under CC BY-SA 4.0 license: creativecommons.org/licenses/by-sa/4.0/ -
Episode 25 - OT / Operational Technology
We understand: What is OT, what is the difference between OT and IT, why this difference matters, and why you need to think differently when securing OT.
Read more about OT:
https://en.wikipedia.org/wiki/Operational_technology
Black energy OT attack that Tom described:
https://en.wikipedia.org/wiki/BlackEnergy
Music by Jahzzar and used under CC BY-SA 4.0 license: creativecommons.org/licenses/by-sa/4.0/ -
Episode 25 - Cryptography 2
We continue to understand: What is cryptography, this time focussing on asymmetric crypto, how how it is a fundemental part of the internet and security - all without any maths!
Key exchange colours - in video!
https://www.youtube.com/watch?v=d_FU9tZIo10
Wikipedia on public key crypto:
https://en.wikipedia.org/wiki/Public-key_cryptography
Music by Jahzzar and used under CC BY-SA 4.0 license: creativecommons.org/licenses/by-sa/4.0/ -
Episode 24 - Cryptography 1
We understand: What is cryptography, why is it important, and what are its applications - all without any maths!
Music by Jahzzar and used under CC BY-SA 4.0 license: creativecommons.org/licenses/by-sa/4.0/ -
Episode 23 - Understanding Apps and Web Apps
We understand: What is an App? When did they start being called apps? How do they work? Whats a web app and why are apps much more reliant on the internet today? How might an app be compromised?
Further reading:
https://en.wikipedia.org/wiki/Mobile_app
https://edu.gcfglobal.org/en/computerbasics/understanding-applications/1/
https://www.consumer.ftc.gov/articles/0018-understanding-mobile-apps
Music by Jahzzar and used under CC BY-SA 4.0 license: creativecommons.org/licenses/by-sa/4.0/ -
Episode 22 - AI
We understand: What is AI, how does it work, its history and future, use cases, and potential vulnerabilities
Further reading:
Wikipedia: https://en.wikipedia.org/wiki/Artificial_intelligence
Oxford uni paper: http://www.fhi.ox.ac.uk/Reports/2008-3.pdf
Code bullet youtube: https://www.youtube.com/c/CodeBullet/
ZDNet: https://www.zdnet.com/article/what-is-ai-everything-you-need-to-know-about-artificial-intelligence/
Music by Jahzzar and used under CC BY-SA 4.0 license: creativecommons.org/licenses/by-sa/4.0/ -
Episode 20 - The Ransomware
We understand what ransomware is, how it works, some notable examples and what to do it you suffer it.
Further reading here:
NCSC
https://www.ncsc.gov.uk/guidance/mitigating-malware-and-ransomware-attacks
NCA
https://www.nationalcrimeagency.gov.uk/what-we-do/crime-threats/cyber-crime
Action fraud
https://www.actionfraud.police.uk/
US Cert
https://www.us-cert.gov/
FBI
https://www.fbi.gov/scams-and-safety/common-scams-and-crimes/ransomware
No more ransom
https://www.nomoreransom.org/
Music by Jahzzar and used under CC BY-SA 4.0 license: creativecommons.org/licenses/by-sa/4.0/ -
Episode 20 - The Darkweb
We explore what the Darkweb is, who uses it, how to access it, and why you should be careful of it.
Further reading here:
https://en.wikipedia.org/wiki/Dark_web
https://us.norton.com/internetsecurity-how-to-how-can-i-access-the-deep-web.html
Music by Jahzzar and used under CC BY-SA 4.0 license: creativecommons.org/licenses/by-sa/4.0/ -
Episode 19 - Question and Answer - Q&A
We cover a large number of questions that you are asked in this episode, including:
Whats more secure Android or iPhone?
Do I need AV on my phone?
Why is hacking illegal?
How do I know if a wifi network is safe?
What is End to End Encryption?
What is the blockchain?
and more.
Music by Jahzzar and used under CC BY-SA 4.0 license: creativecommons.org/licenses/by-sa/4.0/ -
Episode 18 - working from home
We cover the basics of security when working from home, specifically: protecting yourself from scams, protecting your network, how to securely access the office, and what happens if something goes wrong.
Further reading:
Resources
SANS guide
https://www.sans.org/security-awareness-training/sans-security-awareness-work-home-deployment-kit
NCSC Guide
https://www.ncsc.gov.uk/guidance/home-working
Music by Jahzzar and used under CC BY-SA 4.0 license: creativecommons.org/licenses/by-sa/4.0/ -
Episode 17 - Employee Identity and Access Management
Dicko returns to chat to us about Employee and Identity Access Management. He explains how this technology can make life significantly easier and more secure for the business and IT departments, but why you want to carefully plan and test any rollout before going live.
Further reading:
NCSC Identity and Access Management:
https://www.ncsc.gov.uk/guidance/introduction-identity-and-access-management
Music by Jahzzar and used under CC BY-SA 4.0 license: creativecommons.org/licenses/by-sa/4.0/ -
Episode 16 - Have I been hacked?
Have you been hacked? How do you know? What to do if you have been? We address these questions and more in this episode.
Further reading:
NCSC small business recovery:
https://www.ncsc.gov.uk/collection/small-business-guidance--response-and-recovery
Music by Jahzzar and used under CC BY-SA 4.0 license: creativecommons.org/licenses/by-sa/4.0/ -
Episode 15 - Cloud
What is the cloud? We have all heard of it, but what exactly is it and what are the options? We look at what cloud is, public vs private cloud, and the different levels of service you can have. We also discuss the benefits and drawbacks of the cloud.
Further reading:
What is cloud - by Cloudflare:
https://www.cloudflare.com/learning/cloud/what-is-the-cloud/
NCSC Cloud Security:
https://www.ncsc.gov.uk/collection/cloud-security?curPage=/collection/cloud-security/implementing-the-cloud-security-principles
Music by Jahzzar and used under CC BY-SA 4.0 license: creativecommons.org/licenses/by-sa/4.0/ -
Episode 14 - Phishing
We will cover - What is Phishing, Spear Phishing, Whaling, Vishing and Business Email Compromise and how to defend yourself from these attacks.
Further reading:
Example of a Vishing phone call:
https://www.youtube.com/watch?v=uv4s_ltHzFw
NCSC guidance:
https://www.ncsc.gov.uk/guidance/phishing
https://www.ncsc.gov.uk/guidance/suspicious-email-actions
https://www.ncsc.gov.uk/collection/top-tips-for-staying-secure-online
Music by Jahzzar and used under CC BY-SA 4.0 license: creativecommons.org/licenses/by-sa/4.0/ -
Episode 13 - SIEM / Security Information Event Management
A slight change - we have a guest! Our friend Dicko joins the show to explain what SIEM is, how it works, and when you might want one. Pretty business cyber security focused rather than home user. We went a bit longer than normal as Dicko had so much great material.
Other resources + NCSC guidance:
How to build a free (NCSC logger / SIEM) https://www.ncsc.gov.uk/blog-post/logging-made-easy
NCSC managed security service guidance: https://www.ncsc.gov.uk/guidance/security-operations-centre-soc-buyers-guide
CSO online: what is SIEM: https://www.csoonline.com/article/2124604/what-is-siem-software-how-it-works-and-how-to-choose-the-right-tool.html
Music by Jahzzar and used under CC BY-SA 4.0 license: creativecommons.org/licenses/by-sa/4.0/ -
Episode 12 - Email
We will cover - What email is and how it works, email vulnerabilities, how to secure email, when email is not the best option, and top tips for using email.
Further reading:
NCSC guidance:
https://www.ncsc.gov.uk/guidance/email-security-and-anti-spoofing
https://www.ncsc.gov.uk/blog-post/improving-email-security
https://www.ncsc.gov.uk/information/mailcheck
Music by Jahzzar and used under CC BY-SA 4.0 license: creativecommons.org/licenses/by-sa/4.0/ -
Episode 11 - Web Browsing
We will cover - The difference between the internet and the world wide web (WWW), how a web browser works, what the padlock means, what cookies are, and how to stay safe online.
Further reading:
Get safe online (UK Gov):
https://www.getsafeonline.org/protecting-your-computer/safe-internet-use/
Music by Jahzzar and used under CC BY-SA 4.0 license: creativecommons.org/licenses/by-sa/4.0/ -
Episode 10 - Testing cyber security: Pentests and cyber exercises
We will cover - Why you want to test your cyber security. How to do test your security. Different types of test / engagement, and when to use them.
Further reading:
NCSC pentesting guidance:
https://www.ncsc.gov.uk/guidance/penetration-testing
Cyber exercises:
https://clearcutcyber.com/exercising-overview/
Info on bug bounties vs pentests:
https://soroush.secproject.com/blog/2018/02/bug-bounty-vs-penetration-testing-simple-unbiased-comparison/
Music by Jahzzar and used under CC BY-SA 4.0 license: creativecommons.org/licenses/by-sa/4.0/ - Vis mere