This book on Cybersecurity is written for beginners. No college degree is required. Cybersecurity covers a broad spectrum of topics. This book intends to ease the initial learning curve using associable analogies in normal life and graphical and guided exercises. Completing the Cybersecurity study in this book can be accomplished in a self-paced learning manner outside of a classroom.

It is hoped that self-paced learning and/or the teaching of this book at various institutions will open the doors to a broader audience in their career development towards the job-rich cybersecurity industry. Further, it is hoped that by demystifying cybersecurity, people will build up their interests and confidence in transitioning into the cybersecurity industries from whatever field they are working in today.

Have you ever felt uneasy or even dreadful after losing a USB flash drive that might contain sensitive information or data about your business?

This presentation will give you a tool to put you at ease when backing up a large number of files and data to a USB flash drive or stick. The tool is relatively easy to use on a USB drive, is based on encryption technology, and protects your business data from the prying eyes.

Attendees will learn about the following topics:
- A brief introduction to data encryption.
- A few encryption tools for a novice user.
- Demonstration on how to use an encryption/decryption tool called VeraCrypt to protect the data on a USB
flash drive.
- Pros and cons of encryption/decryption technology.

The Payment Card Industry (PCI) has created an industry-wide digital security standard. All companies, large and small, that deal with customers’ credit card information, must comply with the PCI Digital Security Standard. What can small business owners do to manage the compliance risks, yet to be cost-effective?
 
Topics to be covered include:

- What is PCI/credit card data security?
- Why do small businesses need to plan for PCI security compliance?
- Tools and tips to check PCI compliance of your credit card payment processor or payment gateway provider
and website hosting service provider.
- IT audit requirements and stages for PCI compliance.
 
Presentation Time: 50 minutes plus 10 minutes Q&A.
Presentation Recording: Webinar recorded by SCORE (www.score.org). SCORE is a non-profit organization. URL link: https://drive.google.com/file/d/1HI7iFrTo8xX7o1C_OmmzybpSo6X2Op29/view?usp=drive_link

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that requires the creation of national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge. The US Department of Health and Human Services (HHS) issued the HIPAA Privacy Rule to implement the requirements of HIPAA. The HIPAA Security Rule protects a subset of information covered by the Privacy Rule (URL: https://www.cdc.gov/phlp/publications/topic/hipaa.html).

Small businesses that deal with healthcare information must comply with HIPAA. What can small business owners do to manage the compliance risks, yet to be cost-effective?
 
Topics to be covered include:
- What are the business requirements for HIPAA security?
- What stages of IT audit do small businesses need to plan for HIPAA security compliance?
- What technology and tools can be used to protect HIPAA-related data and to assure compliance?
 
Presentation Time: 50 minutes plus 10 minutes Q&A.

This course focuses on the fundamentals of information security that are used in protecting both the information present in computer storage as well as information traveling over computer networks. Upon successful completion of this course, the student will be able to: explain the challenges and scope of information security; explain such basic security concepts as confidentiality, integrity, and availability, which are used frequently in the field of information security; explain the importance of cryptographic algorithms used in information security in the context of the overall information technology (IT) industry; identify and explain symmetric algorithms for encryption-based security of information; identify and explain public key-based asymmetric algorithms for encryption-based security of information; describe the access control mechanism used for user authentication and authorization; describe Secure Sockets Layer (SSL) as a common solution enabling security of many applications, including all Internet-based commerce; describe securing Internet Protocol (IP) communications by using Internet Protocol Security (IPSec); explain the importance of physical security and discuss ways to improve physical security of an enterprise; explain the use of such security tools as firewalls and intrusion prevention systems; explain malicious software issues, such as those brought forth by software-based viruses and worms; explain common software security issues, such as buffer overflow; describe the basic process of risk assessment in the context of overall IT security management. (Computer Science 406)

Simply put, this is one of my most favorite topics when it comes to talking about computers. In this video we layout the order of this lesson, as well as give basic definitions of:
•Machine-Level Security
•Network Security
•Internet Security
•Social Engineering

The act of physically protecting the computers. The first rule of any type of computer safety is restricting physical access to it. If a bad guy can get their hands on the computer assume they will be able to gain access to all data contained within.

Our third video in our Information Security series (part of the Introduction to Computer course) focuses on Authentication. Authentication is basically proving you are who you say you are

There are three forms of authentication
•Something you know
•Something you have
•Something about you

This video focuses on date protection. We look at how to migrate your data from old to new devices, the importance of data backup AND how to make sure no one can steal your data off a discarded hard drive.

Data is always priceless

Three topics:
-Data migration
-Data backup
-Data disposal

Steps taken to protect computer networks. We cover permissions, user policies (especially how they can get you fired), expectations of privacy, and wireless security.

Links from Video:
-The System Administrator Song http://youtu.be/OpGN3oT1thA

Our 6 video in the Information Security series (part of Introduction to Computers). We introduce students to the concept of Internet Security.

Specifically we look at defining the players: hackers, crackers, and script kiddies. We also look at steps the home user should take to harden the computer: keep their computer updates, run anti-malware software, and have a firewall.

Video 7 of our information security series (part of Introduction to Computers) we examine malware. Malware is a blanket term that means malicious code, it includes things like viruses, Trojans, worms and spyware.

Links from Video:
-AVG by Grisoft: http://free.avg.com/us-en/homepage
-AVAST: http://www.avast.com
-ClamWin: http://www.clamwin.com/
-Microsoft Security Essentials: http://windows.microsoft.com/en-us/windows/security-essentials-download

Our last video in the Information Security lesson covers my favorite topic, social engineering. In this video we look at: Dumpster Diving, Shoulder Surfing, Tailgating, and Spam & Phishing.

I also tell the story about how I used tailgating to get access to a classroom at the FBI Academy.

Links from Video:
•Internet Storm Center: https://isc.sans.edu/
•SNORT: https://www.snort.org/
•Security Now: http://twit.tv/sn
•Internet Crime Complaint Center: http://www.ic3.gov/default.aspx
•Hak5: http://hak5.org/
•Facecrooks (facebook.com/Facecrooks)

This single instrumental qualitative case study explores and thickly describes job performance outcomes based upon the manner in which self-directed learning activities of a purposefully selected sample of 3 construction managers are conducted, mediated by the use of Web 2.0 technology. The data collected revealed that construction managers are concerned with the performance expected of them, in addition to how well they perform their work-related activities (orientation to learning), indicating that organizations should provide guidelines on the use and expected outcomes of self-directed learning in addition to providing the tools, resources, and time (environmental factors) to match performance needs; construction managers feel that work-related activities expected of them, how well the work-related activities are performed, and consequences for poor performance at work are determining factors in selecting Web 2.0 technologies; while construction managers understand the need for rules restricting the use of Web 2.0 technologies in performing their jobs, they feel these rules do hinder their performance because access to specific information they need to answer a question, solve a problem, or research to learn something new is sometimes restricted; and successful performance outcomes are determined by compliance to expected performance behaviors of others, such as answering a question or solving a problem an architect or superintendent have presented, as well as expectations construction managers have set for themselves. The following are appended: (1) Call for Participation--Web 2.0 Technology Project; (2) Informed Consent Letter and Form/Template; (3) Semistructured Interview Guide; and (4) Permission to Conduct Research Study.

Semester 1 - Information & Network Security
* Motivation (Vulnerabilities, Exploits, Threat Actors, Case Studies)
* Security Goals (Confidentiality, Integrity, Availability)
* Malware (Viruses, Worms, Trojans, Botnets, Ransomware, Cryptojackers)
* Network Security (VPN, Wireless Security, Firewalls/IDS/IPS/WAF)
* Encryption (WEP/WPA2, SSL/TLS, PGP, Disk Encryption)
* Security Management & Organization
* Threat Modeling
* Penetration Testing

Semester 2 - Application Security & SDLC
* Open Web Application Security Project (OWASP)
* Cross-Site Scripting (XSS)
* Injection
* Authentication Flaws
* Authorization Flaws
* Sensitive Data
* Insecure Dependencies & Configuration
* XXE & Deserialization
* Secure Development Lifecycle