WEEK_1 · DAY_04 · 1 HOUR

Security Fundamentals

CIA triad, AAA, defense in depth, threat vs vulnerability vs risk

Learning Objectives

Confidentiality — only authorized parties read data (encryption, access control).

Integrity — data is accurate and unaltered (hashing, signing, version control).

Availability — systems are reachable when needed (HA, DDoS protection, backups).

Every security control maps back to one or more of these three.

Authentication — proving who you are (password, MFA, biometric).

Authorization — what you're allowed to do (RBAC, ABAC).

Accounting — what you actually did (audit logs — the SOC's lifeblood).

Threat — potential cause of harm (a ransomware crew).

Vulnerability — weakness (unpatched Exchange CVE).

Exploit — code that uses the vulnerability.

Risk = Likelihood × Impact. SOCs reduce likelihood through detection.

Layered controls: Perimeter → Network → Host → Application → Data → Identity → Physical → Human.

When one layer fails, others compensate. The SOC monitors signals from every layer.

Splunk ES dashboards align to the same domains: Access, Endpoint, Network, Identity, Threat.

Everything an attacker can touch: external IPs, public web apps, email, SaaS, employee laptops, USB ports, vendors.

Attack surface management = enumerate it, monitor it, shrink it.

Pick 5 fictional assets at a fintech (DB, internal portal, public website, email, AD).
For each, score Likelihood (1-5) and Impact (1-5) of a breach.
Tag each with which CIA pillar(s) would be violated.
Identify the top 3 to monitor in Splunk.