SPLK-5001 The Cyber Landscape, Frameworks, and Standards

The Cyber Landscape, Frameworks, and Standards Detailed Explanation

1. The Cybersecurity Landscape

1.1 What is the Cybersecurity Landscape?

The cybersecurity landscape is the overall environment related to the security of digital systems. It includes:

• The threats (bad things that can happen),

• The vulnerabilities (weak points that attackers can use),

• The people involved (both attackers and defenders),

• And the technologies being used (both to attack and defend).

Why is it important?
Because understanding this landscape helps us predict risks, build better protections, and react more effectively when something goes wrong.

The cybersecurity world is not static — it changes every day. Attackers invent new tricks, defenders create new protections, and technologies evolve (like cloud computing, AI, IoT).
So, security professionals must always keep learning and adapting.

1.2 Key Aspects of the Cybersecurity Landscape

Let's now explain each key point you mentioned, one by one, in a beginner-friendly way:

Threat Actors (Who the attackers are)

Threat actors are the people, groups, or organizations that can cause harm in cyberspace.

Different types include:

• Hackers:

  • General term for people who gain unauthorized access to systems.

  • Not all hackers are bad — some are ethical (white hats) and help secure systems.

• Nation-States:

  • Governments that fund cyber operations to spy, sabotage, or influence other countries.

  • Example: Cyberattacks targeting another country’s power grid or stealing military secrets.

• Insiders:

  • Employees or contractors who intentionally or accidentally cause harm from within the organization.

  • Example: A disgruntled employee leaking sensitive files.

• Hacktivists:

  • Activists who use hacking to promote political or social causes.

  • Example: Attacking a government website to protest against a policy.

• Cybercriminal Groups:

  • Organized groups whose main goal is to make money through cybercrime.

  • Example: Groups that run ransomware operations or steal credit card data.

Summary Tip:
Threat actors = Who is trying to cause harm.

Threat Vectors (How the attackers deliver attacks)

Threat vectors are the methods or pathways attackers use to reach their targets.

Some common threat vectors:

• Email Phishing:

  • Fake emails that trick you into clicking a malicious link or sharing private information.

  • Example: An email pretending to be your bank asking for your password.

• Malware:

  • Malicious software like viruses, worms, trojans, and ransomware.

  • Example: Downloading an infected file that encrypts your computer.

• Zero-Day Vulnerabilities:

  • Software flaws that are unknown to the vendor and exploited before a fix is available.

  • Example: A hacker finds a bug in an app and uses it before the company can patch it.

• Social Engineering:

  • Tricking people into giving away confidential information.

  • Example: Calling someone pretending to be IT support and asking for their password.

• Insider Threats:

  • As mentioned, insiders (like employees) accidentally or deliberately cause damage.

  • Example: An employee clicking on a phishing link that compromises the network.

Summary Tip:
Threat vectors = How the bad guys reach you.

Vulnerabilities (Where the weaknesses are)

Vulnerabilities are weaknesses in systems, people, or processes that attackers can exploit.

Types of vulnerabilities:

• Software Bugs:

  • Programming errors that cause security problems.

  • Example: A web app that doesn't check user inputs properly, allowing SQL injection attacks.

• Misconfigurations:

  • Setting up software or systems incorrectly, leaving them exposed.

  • Example: A database that's open to the internet without a password.

• Human Error:

  • Mistakes made by people.

  • Example: An employee sends sensitive data to the wrong email address.

• Outdated Systems:

  • Systems that haven't been updated with the latest security patches.

  • Example: Running Windows XP (no longer supported) on important servers.

Summary Tip:
Vulnerabilities = Where you are weak.

Trends (How the cybersecurity world is changing)

Cybersecurity is always evolving, and some important current trends are:

• Increasing Sophistication of Attacks:

  • Attacks are getting smarter, more targeted, and harder to detect.

  • Example: Ransomware that knows how to find and encrypt backup files too.

• Use of AI/Automation by Attackers:

  • Attackers are using AI to make phishing emails more believable or automate attacks.

  • Example: Bots automatically scanning the internet for vulnerable systems.

• Rise of Ransomware-as-a-Service (RaaS):

  • Criminal groups offering ransomware tools to other criminals.

  • Example: "You pay me a small fee, and I give you a ready-to-use ransomware toolkit."

Summary Tip:
Trends = How the world is changing.

2. Cybersecurity Frameworks

2.1 What are Cybersecurity Frameworks?

A cybersecurity framework is a structured set of guidelines, best practices, and standards that help organizations:

• Manage their cybersecurity risks

• Protect critical data and systems

• Detect and respond to cyber threats

• Recover after an attack

Think of a framework like a blueprint or roadmap.
It does not tell you exactly every small action to take, but it gives you the structure to build a strong cybersecurity program.

Frameworks are important because:

• They provide a common language across industries and teams.

• They help standardize cybersecurity practices.

• They are often used to meet legal and compliance requirements.

2.2 Important Cybersecurity Frameworks

Now, let’s explain the major frameworks, one by one:

NIST Cybersecurity Framework (CSF)

What is it:
Developed by the U.S. National Institute of Standards and Technology (NIST), the CSF is a voluntary framework that helps organizations manage and reduce cybersecurity risk.

Who uses it:
Companies of all sizes, governments, and critical infrastructure sectors such as energy, finance, and healthcare.

The 5 Core Functions:
The NIST CSF organizes security activities into five main areas:

• Identify: Understand what you need to protect (assets, people, data)

• Protect: Put safeguards in place (firewalls, access controls, encryption)

• Detect: Spot problems when they happen (monitoring, alerts)

• Respond: Take action to stop and fix problems (incident response plans)

• Recover: Restore normal operations and learn from the incident (backups, improvements)

Summary Tip:
NIST CSF represents the five pillars (Identify, Protect, Detect, Respond, Recover) and covers the full lifecycle of cybersecurity.

MITRE ATT&CK Framework

What is it:
MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) is a knowledge base that describes how real-world attackers behave.

Why is it important:
It helps defenders understand:

• What attackers want to do (Tactics - the reason)

• How attackers do it (Techniques - the method)

Structure of MITRE ATT&CK:

• Tactics: The high-level goals attackers have, such as gaining access or escalating privileges.

• Techniques: Specific actions they take to achieve those goals, such as spear phishing or credential dumping.

Example:

• Tactic: Initial Access

• Technique: Phishing email with malicious attachment

Summary Tip:
MITRE ATT&CK organizes attacker behaviors to help organizations detect and defend smarter.

CIS Controls (Center for Internet Security Controls)

What is it:
A prioritized list of cybersecurity actions developed by the Center for Internet Security (CIS).

Why is it useful:
It provides a clear, simple starting point even for small organizations or beginners.

Examples of the 18 Critical Controls:

• Inventory of Authorized Devices: Knowing which computers, phones, and servers you have.

• Inventory of Authorized Software: Knowing what programs should and should not be running.

• Continuous Vulnerability Management: Regularly checking for and fixing security weaknesses.

• Secure Configuration for Hardware and Software: Setting up systems securely from the beginning.

• Email and Web Browser Protections: Defending against phishing and malicious websites.

How they are organized:

• Basic Controls (the first steps you should take)

• Foundational Controls (the next level of protection)

• Organizational Controls (wider security policies and governance)

Summary Tip:
CIS Controls focus on the top 18 basic things to greatly reduce cybersecurity risk.

ISO/IEC 27001

What is it:
An international standard for Information Security Management Systems (ISMS).

Who uses it:
Organizations that want formal, certified proof that they manage information securely.

Key Concepts:

• Requires building an ISMS, a formal system for managing sensitive information.

• Focuses on risk management: identifying, assessing, and addressing risks.

• Organizations must document security policies, perform internal audits, and continually improve their systems.

Certification:
Companies can get certified by external auditors to prove they meet ISO/IEC 27001 standards, which is important for customer trust and legal compliance.

Summary Tip:
ISO/IEC 27001 is the global standard for building and proving strong information security practices.

COBIT (Control Objectives for Information and Related Technologies)

What is it:
A framework focused on governance and management of enterprise IT environments.

Who uses it:
Organizations that want to:

• Align IT with business goals

• Meet regulatory requirements

• Improve IT risk management

Key Focus Areas:

• Governance: Making sure IT investments support business objectives.

• Management: Ensuring IT services are delivered effectively and securely.

COBIT Domains:

• Evaluate, Direct, Monitor (Governance)

• Align, Plan, Organize (Management)

• Build, Acquire, Implement

• Deliver, Service, Support

• Monitor, Evaluate, Assess

Summary Tip:
COBIT is a framework for managing and governing IT to ensure it supports business success.

3. Cybersecurity Standards

3.1 What are Cybersecurity Standards?

Cybersecurity standards are formalized documents that define specific rules, guidelines, or specifications that organizations must follow to:

• Protect sensitive information

• Ensure the security and privacy of digital systems

• Meet legal and regulatory obligations

• Maintain consistency and efficiency across operations

Standards are often mandatory in regulated industries, such as healthcare, finance, and payment processing.
They help organizations demonstrate that they are taking cybersecurity seriously and are following best practices recognized internationally or nationally.

Standards are different from frameworks.

• Frameworks offer general guidance and structure.

• Standards define specific rules and sometimes have legal force.

3.2 Important Cybersecurity Standards

PCI DSS (Payment Card Industry Data Security Standard)

What is it:
PCI DSS is a standard developed by major credit card companies (Visa, MasterCard, American Express, Discover, and JCB) to secure credit card transactions.

Who must comply:
Any organization that processes, stores, or transmits credit card data.

Key Requirements:

• Build and maintain a secure network (firewalls, secure configurations)

• Protect cardholder data (encryption, masking sensitive data)

• Maintain a vulnerability management program (antivirus, patches)

• Implement strong access control measures (need-to-know basis)

• Regularly monitor and test networks (log management, penetration testing)

• Maintain an information security policy (staff awareness and policies)

Why it matters:
Non-compliance can result in heavy fines, loss of ability to process credit cards, and severe reputation damage.

Summary Tip:
PCI DSS ensures that organizations handling credit cards protect customer data properly.

HIPAA (Health Insurance Portability and Accountability Act)

What is it:
HIPAA is a U.S. federal law that protects sensitive patient health information.

Who must comply:
Healthcare providers, health plans, healthcare clearinghouses, and business associates handling protected health information (PHI).

Key Components:

• Privacy Rule: Defines how PHI should be protected and under what circumstances it can be disclosed.

• Security Rule: Sets standards for securing electronic PHI (ePHI), including administrative, physical, and technical safeguards.

• Breach Notification Rule: Requires organizations to notify affected individuals, regulators, and sometimes the media if a data breach occurs.

Why it matters:
HIPAA violations can lead to severe fines and damage to patient trust.

Summary Tip:
HIPAA ensures that healthcare organizations keep patient information secure and private.

GDPR (General Data Protection Regulation)

What is it:
GDPR is a European Union regulation that governs the collection, storage, and processing of personal data of individuals within the EU.

Who must comply:
Any organization worldwide that handles the personal data of EU citizens, not just EU-based companies.

Key Principles:

• Lawfulness, fairness, and transparency

• Purpose limitation (collect only for specific purposes)

• Data minimization (collect only the data needed)

• Accuracy (keep data up-to-date)

• Storage limitation (keep data only as long as necessary)

• Integrity and confidentiality (secure processing)

Key Requirements:

• Obtain clear consent before collecting data

• Provide individuals with access to their data

• Allow individuals to request deletion of their data ("Right to be forgotten")

• Notify authorities and affected individuals about data breaches within 72 hours

Why it matters:
GDPR non-compliance can lead to extremely high fines (up to 20 million euros or 4 percent of annual global turnover, whichever is greater).

Summary Tip:
GDPR protects the personal data and privacy rights of EU individuals, even for companies outside the EU.

SOX (Sarbanes-Oxley Act)

What is it:
SOX is a U.S. federal law aimed at improving the accuracy and reliability of corporate financial reporting.

Who must comply:
Publicly traded companies in the United States and their IT departments.

Key Sections Relevant to Cybersecurity:

• Section 302: Corporate Responsibility for Financial Reports, requiring senior management to certify the accuracy of financial statements.

• Section 404: Management Assessment of Internal Controls, including IT systems that manage financial data.

Impact on Cybersecurity:

• Organizations must ensure that the IT systems processing financial data are secure, reliable, and properly controlled.

• Logs of access and changes to financial systems must be maintained and reviewed.

Why it matters:
Failure to comply can result in criminal penalties, financial penalties, and loss of investor trust.

Summary Tip:
SOX requires that financial data, including the IT systems behind it, are secure, trustworthy, and auditable.

3.3 Quick Recap

• PCI DSS protects payment card data.

• HIPAA protects health information.

• GDPR protects personal data and privacy rights.

• SOX protects the integrity of financial reporting systems.

Each standard focuses on different types of sensitive information but all aim to enforce better cybersecurity practices and reduce risk.

The Cyber Landscape, Frameworks, and Standards (Additional Content)

1. Assets in the Cybersecurity Landscape

Assets are critical components within the cybersecurity landscape.
An asset can be anything of value to an organization that needs protection from cyber threats.

Assets are typically categorized as:

• Data: Sensitive information such as customer records, financial documents, intellectual property, and confidential communications.

• Infrastructure: Physical and virtual resources like servers, networking equipment, cloud services, and endpoints.

• Identities: User accounts, authentication credentials, digital certificates, and authorization tokens.

In the context of cybersecurity, assets are the primary targets for attackers. Protecting these assets is a core objective of all cybersecurity efforts.

Summary:
Assets (including data, infrastructure, and identities) must be properly identified, classified, and protected to defend against cyber threats effectively.

2. Script Kiddies as Threat Actors

Script Kiddies represent a distinct category of threat actors.
They are individuals who lack advanced technical skills but still engage in cyberattacks.

Key characteristics:

• They use pre-written scripts, tools, and exploits created by more sophisticated hackers.

• Their attacks are often opportunistic rather than strategic.

• Common motivations include curiosity, desire for recognition, or simple disruption, rather than financial gain or political objectives.

• They pose risks primarily because automated tools can still cause significant harm even when used without deep understanding.

Summary:
Script Kiddies are low-skilled attackers who rely on publicly available hacking tools and are typically driven by personal amusement rather than professional agendas.

3. MITRE ATT&CK Matrices

The MITRE ATT&CK Framework provides a structured way to describe and categorize attacker behaviors.

The framework maintains different matrices to model attack techniques across various environments:

• Enterprise Matrix: Focuses on traditional enterprise IT systems and is further divided into subcategories:

  • Windows environments

  • Linux environments

  • Cloud platforms

• Mobile Matrix: Focuses on techniques targeting mobile operating systems such as Android and iOS.

Each matrix contains tactics (objectives) and techniques (methods) specific to the operating environment.

Summary:
MITRE ATT&CK differentiates between Enterprise (Windows, Linux, Cloud) and Mobile environments, providing a comprehensive view of attacker behaviors across platforms.

4. CIS Controls Versioning

The Center for Internet Security (CIS) maintains a set of prioritized cybersecurity actions known as the CIS Critical Security Controls.

The latest version, as of now, is Version 8 (CIS v8), which includes significant updates to reflect changes in the IT environment:

• Increased focus on cloud security and remote workforce challenges.

• Consolidation and modernization of previous controls.

• Alignment with current cybersecurity frameworks and regulations.

In most modern cybersecurity examinations and practices, including SPLK-5001, CIS v8 is the assumed standard unless otherwise specified.

Summary:
CIS Critical Security Controls Version 8 emphasizes securing modern IT environments, including cloud platforms and remote work infrastructures.

5. Additional Cybersecurity Standards: FISMA and FedRAMP

In addition to well-known standards like PCI DSS, HIPAA, GDPR, and SOX, professionals should be aware of these two important U.S. federal cybersecurity standards:

• FISMA (Federal Information Security Management Act):
  A U.S. law that requires federal agencies to develop, document, and implement an information security program to protect government information, operations, and assets.

• FedRAMP (Federal Risk and Authorization Management Program):
  A standardized approach for assessing, authorizing, and continuously monitoring the security of cloud services used by U.S. government agencies.
  It ensures that cloud providers meet strict security requirements before offering services to federal customers.

These standards are crucial for any organization dealing with U.S. government systems or sensitive federal data.

Summary:
FISMA governs the cybersecurity requirements for federal agencies, while FedRAMP sets security standards for cloud service providers contracting with the U.S. government.