Module 01

Cybersecurity, or security, is the practice of ensuring confidentiality, integrity,

and availability of information by protecting networks, devices, people, and
data from unauthorized access or criminal exploitation.
Security analysts are responsible for monitoring and protecting information and
systems.
3 primary responsibilities of Security Analysts
a. Protect computer and network systems
b. Installing Prevention Software
c. Conducting periodic security audits

Compliance is the process of adhering to internal standards and external

regulations and enables organizations to avoid fines and security breaches.
Security frameworks are guidelines used for building plans to help mitigate
risks and threats to data and privacy.
Security controls are safeguards designed to reduce specific security risks.
They are used with security frameworks to establish a strong security posture.
Security posture is an organization’s ability to manage its defense of critical
assets and data and react to change. A strong security posture leads to lower risk
for the organization.
A threat actor, or malicious attacker, is any person or group who presents a
security risk. This risk can relate to computers, applications, networks, and data.
An internal threat can be a current or former employee, an external vendor, or
a trusted partner who poses a security risk. At times, an internal threat is
accidental. For example, an employee who accidentally clicks on a malicious
email link would be considered an accidental threat. Other times, the internal
threat actor intentionally engages in risky activities, such as unauthorized data
access.
Network security is the practice of keeping an organization's network
infrastructure secure from unauthorized access. This includes data, services,
systems, and devices that are stored in an organization’s network.
Cloud security is the process of ensuring that assets stored in the cloud are
properly configured, or set up correctly, and access to those assets is limited to
authorized users. The cloud is a network made up of a collection of servers or
computers that store resources and data in remote physical locations known as
data centers that can be accessed via the internet. Cloud security is a growing
subfield of cybersecurity that specifically focuses on the protection of data,
applications, and infrastructure in the cloud.

Programming is a process that can be used to create a specific set of

instructions for a computer to execute tasks. These tasks can include:
a. Automation of repetitive tasks (e.g., searching a list of malicious
domains)
b. Reviewing web traffic
c. Alerting suspicious activity

Transferable Skills
a. Communication
b. Problem-Solving
c. Time Management
d. Growth Mindset
e. Diverse Perspective

Technical Skills
a. Programming Languages
b. Security Information and Event Management Tools (SIEM): SIEM tools
collect and analyze log data, or records of events such as unusual login
behavior, and support analysts’ ability to monitor critical activities in an
organization.
c. Intrusion Detection Systems (IDSs): Cybersecurity analysts use IDSs to
monitor system activity and alerts for possible intrusions.
d. Threat Landscape Knowledge
e. Incident Response
Personally Identifiable Information (PII): Any information used to infer an
individual’s identity like Full Name, DOB, Address, Phone Numbers, Emails,
etc.
Sensitive Personally Identifiable Information (SPII): A specific type of PII that
falls under stricter handling guidelines like medical data, social security
numbers, financial data, Biometric Data like Facial Recognitions.

Summary
Terms and definitions from Course 1, Module 1
Cybersecurity (or security): The practice of ensuring confidentiality, integrity,
and availability of information by protecting networks, devices, people, and
data from unauthorized access or criminal exploitation
Cloud security: The process of ensuring that assets stored in the cloud are
properly configured and access to those assets is limited to authorized users
Internal threat: A current or former employee, external vendor, or trusted
partner who poses a security risk
Network security: The practice of keeping an organization's network
infrastructure secure from unauthorized access
Personally identifiable information (PII): Any information used to infer an
individual’s identity
Security Posture: An organization’s ability to manage its defense of critical
assets and data and react to change
Sensitive personally identifiable information (SPII): A specific type of PII
that falls under stricter handling guidelines
Technical skills: Skills that require knowledge of specific tools, procedures,
and policies
Threat: Any circumstance or event that can negatively impact assets
Threat Actor: Any person or group who presents a security risk
Transferable Skills: Skills from other areas that can apply to different careers

Module 02
Computer Virus: Malicious code written to interfere with computer operations
and cause damage to data and software
Malware: Software designed to harm devices or networks.

Example:
Brain Virus created by Alvi Brothers: Track legal copies of Medical Software
and prevent pirated Licenses
Morris Worm by Robert Morris in 1988: A program to assess the size of the
internet; This continued to re-install which made a chaos. This made computer
run out of memory which led to the crash of the system. 6k computer estimated
to be 10% internet users were affected by this malware.
Later these events Computer Emergency Response Teams (CERTs) were
established.

Two most important online attacks:

a. LoveLetter Attack: Created by Onel De Guzman in 2000, which stole
internet login credentials:
This contained an email which contained an attachment labeled “Love letter
for you”, when this attachment was opened the malware scanned a user’s
address book, then this mail was sent to each person on the list and get
installed to collect user information and passwords. Affected 45 Million
computers worldwide, example of Social Engineering.

Social Engineering: A manipulation technique that exploits human error to

gain private information, access, or valuables.

Phishing: Use of Digital Communications to trick people into revealing

sensitive data or deploying Malicious Software.
b. Equifax Breach: Infiltrated the credit reporting agency Equifax. One of
the largest data breaches to be known.
Affected over 143 Million Customers, 40% of America’s Population.
Common attacks and their effectiveness
Previously, you learned about past and present attacks that helped shape the
cybersecurity industry. These included the LoveLetter attack, also called the
ILOVEYOU virus, and the Morris worm. One outcome was the establishment
of response teams, which are now commonly referred to as computer security
incident response teams (CSIRTs). In this reading, you will learn more about
common methods of attack. Becoming familiar with different attack methods,
and the evolving tactics and techniques threat actors use, will help you better
protect organizations and people.

Phishing
Phishing is the use of digital communications to trick people into revealing
sensitive data or deploying malicious software.

Some of the most common types of phishing attacks today include:

Business Email Compromise (BEC): A threat actor sends an email message

that seems to be from a known source to make a seemingly legitimate request
for information, in order to obtain a financial advantage.
Spear phishing: A malicious email attack that targets a specific user or group
of users. The email seems to originate from a trusted source.
Whaling: A form of spear phishing. Threat actors target company executives to
gain access to sensitive data.
Vishing: The exploitation of electronic voice communication to obtain sensitive
information or to impersonate a known source.
Smishing: The use of text messages to trick users, in order to obtain sensitive
information or to impersonate a known source.
Malware
Malware is software designed to harm devices or networks. There are many
types of malware. The primary purpose of malware is to obtain money, or in
some cases, an intelligence advantage that can be used against a person, an
organization, or a territory.
Some of the most common types of malware attacks today include:

Viruses: Malicious code written to interfere with computer operations and

cause damage to data and software. A virus needs to be initiated by a user (i.e.,
a threat actor), who transmits the virus via a malicious attachment or file
download. When someone opens the malicious attachment or download, the
virus hides itself in other files in the now infected system. When the infected
files are opened, it allows the virus to insert its own code to damage and/or
destroy data in the system.
Worms: Malware that can duplicate and spread itself across systems on its own.
In contrast to a virus, a worm does not need to be downloaded by a user.
Instead, it self-replicates and spreads from an already infected computer to other
devices on the same network.
Ransomware: A malicious attack where threat actors encrypt an organization's
data and demand payment to restore access.
Spyware: Malware that’s used to gather and sell information without consent.
Spyware can be used to access devices. This allows threat actors to collect
personal data, such as private emails, texts, voice and image recordings, and
locations.

Social Engineering
Social engineering is a manipulation technique that exploits human error to gain
private information, access, or valuables. Human error is usually a result of
trusting someone without question. It’s the mission of a threat actor, acting as a
social engineer, to create an environment of false trust and lies to exploit as
many people as possible.

Some of the most common types of social engineering attacks today include:

Social media phishing: A threat actor collects detailed information about their
target from social media sites. Then, they initiate an attack.
Watering hole attack: A threat actor attacks a website frequently visited by a
specific group of users.
USB Baiting: A threat actor strategically leaves a malware USB stick for an
employee to find and install, to unknowingly infect a network.
Physical Social Engineering: A threat actor impersonates an employee,
customer, or vendor to obtain unauthorized access to a physical location.

Social engineering principles

Social engineering is incredibly effective. This is because people are generally
trusting and conditioned to respect authority. The number of social engineering
attacks is increasing with every new social media application that allows public
access to people's data. Although sharing personal data—such as your location
or photos—can be convenient, it’s also a risk.

Reasons why social engineering attacks are effective include:

Authority: Threat actors impersonate individuals with power. This is because

people, in general, have been conditioned to respect and follow authority
figures.
Intimidation: Threat actors use bullying tactics. This includes persuading and
intimidating victims into doing what they’re told.
Consensus/Social proof: Because people sometimes do things that they believe
many others are doing, threat actors use others’ trust to pretend they are
legitimate. For example, a threat actor might try to gain access to private data by
telling an employee that other people at the company have given them access to
that data in the past.
Scarcity: A tactic used to imply that goods or services are in limited supply.
Familiarity: Threat actors establish a fake emotional connection with users that
can be exploited.
Trust: Threat actors establish an emotional relationship with users that can be
exploited over time. They use this relationship to develop trust and gain
personal information.
Urgency: A threat actor persuades others to respond quickly and without
questioning.
CISSP defines 8 domains:

1. Security and Risk Management: Defines security goals and objectives,

risk mitigation, compliance, business continuity, and the law.
2. Asset Security: Secures digital and physical assets. It’s also related to the
storage, maintenance, retention, and destruction of data.
3. Security Architecture and Engineering: Optimizes data security by
ensuring effective tools, systems, and processes are in place. (Building of
Firewall)
4. Communication and Network Security: Manage and secure physical
networks and wireless communications.
5. Identity and Access Management: Keeps data secure, by ensuring users
follow established policies to control and manage physical assets, like
office spaces, and logical assets, such as networks and applications.
 6. Security Assessment and Testing: Conducting security control testing,
collecting and analyzing data, and conducting security audits to monitor
for risks, threats, and vulnerabilities.
7. Security Operations: Conducting investigations and implementing
preventive measures.
8. Software Development Security: Uses secure coding practices, which are
a set of recommended guidelines that are used to create secure
applications and services.

Threat Actors:
a. Advanced Persistent Threats (APTs): Advanced persistent threats (APTs)
have significant expertise accessing an organization's network without
authorization. APTs tend to research their targets (e.g., large corporations
or government entities) in advance and can remain undetected for an
extended period of time. Their intentions and motivations can include:
1. Damaging critical infrastructure, such as the power grid and natural
resources
2. Gaining access to intellectual property, such as trade secrets or patents

b. Insider Threats: Insider threats abuse their authorized access to obtain

data that may harm an organization. Their intentions and motivations can
include:
1. Sabotage
2. Corruption
3. Espionage
4. Unauthorized data Access or Leaks

c. Hacktivists: Hacktivists are threat actors that are driven by a political

agenda. They abuse digital technology to accomplish their goals, which
may include:
1. Demonstrations
2. Propaganda
3. Social Change Campaigns
4. Fame

Hacker Types:
A hacker is any person who uses computers to gain access to computer systems,
networks, or data. They can be beginner or advanced technology professionals
who use their skills for a variety of reasons. There are three main categories of
hackers:
a. Authorized Hackers aka Ethical Hackers
b. Semi-authorized Hackers also considered as Researchers
c. Unauthorized Hackers aka Unethical hackers
Note: Hackers who themselves consider as Vigilantes. Their main goal is to
protect the world from unethical hacking.

Summary
Terms and definitions from Course 1, Module 2
Adversarial artificial intelligence (AI): A technique that manipulates artificial
intelligence (AI) and machine learning (ML) technology to conduct attacks
more efficiently
Business Email Compromise (BEC): A type of phishing attack where a threat
actor impersonates a known source to obtain financial advantage
Computer virus: Malicious code written to interfere with computer operations
and cause damage to data and software
Cryptographic attack: An attack that affects secure forms of communication
between a sender and intended recipient
Hacker: Any person who uses computers to gain access to computer systems,
networks, or data
Malware: Software designed to harm devices or networks
Password attack: An attempt to access password secured devices, systems,
networks, or data
Phishing: The use of digital communications to trick people into revealing
sensitive data or deploying malicious software
Physical attack: A security incident that affects not only digital but also physical
environments where the incident is deployed
Physical social engineering: An attack in which a threat actor impersonates an
employee, customer, or vendor to obtain unauthorized access to a physical
location
Social engineering: A manipulation technique that exploits human error to gain
private information, access, or valuables
Social media phishing: A type of attack where a threat actor collects detailed
information about their target on social media sites before initiating the attack
Spear phishing: A malicious email attack targeting a specific user or group of
users, appearing to originate from a trusted source
Supply-chain attack: An attack that targets systems, applications, hardware,
and/or software to locate a vulnerability where malware can be deployed
USB baiting: An attack in which a threat actor strategically leaves a malware
USB stick for an employee to find and install to unknowingly infect a network
Virus: refer to “computer virus”
Vishing: The exploitation of electronic voice communication to obtain sensitive
information or to impersonate a known source
Watering hole attack: A type of attack when a threat actor compromises a
website frequently visited by a specific group of users

Module 03
Security Frameworks: Guidelines used for building plans to help mitigate risks
and threats to data and privacy.

Components of Security Frameworks:

1. Identifying documenting security goals
2. Setting guidelines to achieve security goals
3. Implementing strong security processes
4. Monitoring and Communicating results
Security Controls: Safeguards designed to reduce specific security risks.

CIA Triad: A foundational model that helps inform how organizations consider
risk when setting up systems and security policies.
a. Confidentiality: Only authorized users can access specific assets or data
 b. Integrity: Data is correct, authentic and reliable
c. Availability: Data is accessible to those who are authorized to access it
Asset: An item perceived as having value to an organization.

Examples of Frameworks:
1. NIST Cybersecurity Framework (CSF): A voluntary framework that
consists of standards, guidelines, and best practices to manage
cybersecurity risk. NIST: National Institute of Standards and Technology
2. NIST Risk Management Framework (RMF)
Compliance is the process of adhering to internal standards and external
regulations.

The Federal Energy Regulatory Commission - North American Electric

Reliability Corporation (FERC-NERC)
FERC-NERC is a regulation that applies to organizations that work with
electricity or that are involved with the U.S. and North American power grid.
These types of organizations have an obligation to prepare for, mitigate, and
report any potential security incident that can negatively affect the power grid.
They are also legally required to adhere to the Critical Infrastructure Protection
(CIP) Reliability Standards defined by the FERC.

The Federal Risk and Authorization Management Program (FedRAMP®)

FedRAMP is a U.S. federal government program that standardizes security
assessment, authorization, monitoring, and handling of cloud services and
product offerings. Its purpose is to provide consistency across the government
sector and third-party cloud providers.

Center for Internet Security (CIS®)

CIS is a nonprofit with multiple areas of emphasis. It provides a set of controls
that can be used to safeguard systems and networks against attacks. Its purpose
is to help organizations establish a better plan of defense. CIS also provides
actionable controls that security professionals may follow if a security incident
occurs.
General Data Protection Regulation (GDPR)
GDPR is a European Union (E.U.) general data regulation that protects the
processing of E.U. residents’ data and their right to privacy in and out of E.U.
territory. For example, if an organization is not being transparent about the data
they are holding about an E.U. citizen and why they are holding that data, this is
an infringement that can result in a fine to the organization. Additionally, if a
breach occurs and an E.U. citizen’s data is compromised, they must be
informed. The affected organization has 72 hours to notify the E.U. citizen
about the breach.

Payment Card Industry Data Security Standard (PCI DSS)

PCI DSS is an international security standard meant to ensure that organizations
storing, accepting, processing, and transmitting credit card information do so in
a secure environment. The objective of this compliance standard is to reduce
credit card fraud.

The Health Insurance Portability and Accountability Act (HIPAA)

HIPAA is a U.S. federal law established in 1996 to protect patients' health
information. This law prohibits patient information from being shared without
their consent. It is governed by three rules:
1. Privacy
2. Security
3. Breach notification

Organizations that store patient data have a legal obligation to inform patients of
a breach because if patients' Protected Health Information (PHI) is exposed, it
can lead to identity theft and insurance fraud. PHI relates to the past, present, or
future physical or mental health or condition of an individual, whether it’s a
plan of care or payments for care. Along with understanding HIPAA as a law,
security professionals also need to be familiar with the Health Information Trust
Alliance (HITRUST®), which is a security framework and assurance program
that helps institutions meet HIPAA compliance.
International Organization for Standardization (ISO)
ISO was created to establish international standards related to technology,
manufacturing, and management across borders. It helps organizations improve
their processes and procedures for staff retention, planning, waste, and services.

System and Organizations Controls (SOC type 1, SOC type 2)

The American Institute of Certified Public Accountants® (AICPA) auditing
standards board developed this standard. The SOC1 and SOC2 are a series of
reports that focus on an organization's user access policies at different
organizational levels such as:

1. Associate
2. Supervisor
3. Manager
4. Executive
5. Vendor
6. Others

They are used to assess an organization’s financial compliance and levels of

risk. They also cover confidentiality, privacy, integrity, availability, security,
and overall data safety. Control failures in these areas can lead to fraud.

Pro tip: There are a number of regulations that are frequently revised. You are
encouraged to keep up-to-date with changes and explore more frameworks,
controls, and compliance. Two suggestions to research: the Gramm-Leach-
Bliley Act and the Sarbanes-Oxley Act.

United States Presidential Executive Order 14028

On May 12, 2021, President Joe Biden released an executive order related to
improving the nation’s cybersecurity to remediate the increase in threat actor
activity. Remediation efforts are directed toward federal agencies and third
parties with ties to U.S. critical infrastructure
Security Ethics: Guidelines for making appropriate decisions as a security
professional.

Terms and definitions from Course 1, Module 3

Asset: An item perceived as having value to an organization
Availability: The idea that data is accessible to those who are authorized to
access it
Compliance: The process of adhering to internal standards and external
regulations
Confidentiality: The idea that only authorized users can access specific assets or
data
Confidentiality, integrity, availability (CIA) triad: A model that helps inform
how organizations consider risk when setting up systems and security policies
Hacktivist: A person who uses hacking to achieve a political goal
Health Insurance Portability and Accountability Act (HIPAA): A U.S. federal
law established to protect patients' health information
Integrity: The idea that the data is correct, authentic, and reliable
National Institute of Standards and Technology (NIST) Cyber Security
Framework (CSF): A voluntary framework that consists of standards,
guidelines, and best practices to manage cybersecurity risk
Privacy protection: The act of safeguarding personal information from
unauthorized use
Protected health information (PHI): Information that relates to the past, present,
or future physical or mental health or condition of an individual
Security architecture: A type of security design composed of multiple
components, such as tools and processes, that are used to protect an
organization from risks and external threats
Security controls: Safeguards designed to reduce specific security risks
Security ethics: Guidelines for making appropriate decisions as a security
professional
Security frameworks: Guidelines used for building plans to help mitigate risk
and threats to data and privacy
Security governance: Practices that help support, define, and direct security
efforts of an organization
Sensitive personally identifiable information (SPII): A specific type of PII that
falls under stricter handling guidelines

Module 04
Log: A record of events that occur within an organization’s system.

SIEM: Security Information and Event Management Tool: An application that

collects and analyzes log data to monitor critical activities in an organization.
Commonly used SIEM Tools:
1. Splunk: Data Analysis Platform & Splunk Enterprise provides SIEM
Solutions. Splunk Enterprise is a self-hosted tool used to retain, analyze,
and search an organization's log data.
2. Chronicle by Google: Cloud Native SIEM tool that store security data for
search and analysis.
Other Key Security Tools:
1. Playbooks: A Manual that provides details about any operational action.
2. Network Protocol Analyzers aka Packet Sniffers: A tool designed to
capture and analyze data traffic within a network. Commonly used:
TCPDump and Wireshark
Security information and event management (SIEM) tools

A SIEM tool is an application that collects and analyzes log data to monitor
critical activities in an organization. A log is a record of events that occur within
an organization’s systems. Depending on the amount of data you’re working
with, it could take hours or days to filter through log data on your own. SIEM
tools reduce the amount of data an analyst must review by providing alerts for
specific types of threats, risks, and vulnerabilities.
SIEM tools provide a series of dashboards that visually organize data into
categories, allowing users to select the data they wish to analyze. Different
SIEM tools have different dashboard types that display the information you
have access to.

SIEM tools also come with different hosting options, including on-premise and
cloud. Organizations may choose one hosting option over another based on a
security team member’s expertise. For example, because a cloud-hosted version
tends to be easier to set up, use, and maintain than an on-premise version, a less
experienced security team may choose this option for their organization.

Network protocol analyzers (packet sniffers)

A network protocol analyzer, also known as a packet sniffer, is a tool designed
to capture and analyze data traffic in a network. This means that the tool keeps a
record of all the data that a computer within an organization's network
encounters. Later in the program, you’ll have an opportunity to practice using
some common network protocol analyzer (packet sniffer) tools.

Playbooks
A playbook is a manual that provides details about any operational action, such
as how to respond to a security incident. Organizations usually have multiple
playbooks documenting processes and procedures for their teams to follow.
Playbooks vary from one organization to the next, but they all have a similar
purpose: To guide analysts through a series of steps to complete specific
security-related tasks.

For example, consider the following scenario: You are working as a security
analyst for an incident response firm. You are given a case involving a small
medical practice that has suffered a security breach. Your job is to help with the
forensic investigation and provide evidence to a cybersecurity insurance
company. They will then use your investigative findings to determine whether
the medical practice will receive their insurance payout.
In this scenario, playbooks would outline the specific actions you need to take
to conduct the investigation. Playbooks also help ensure that you are following
proper protocols and procedures. When working on a forensic case, there are
two playbooks you might follow:

The first type of playbook you might consult is called the chain of custody
playbook. Chain of custody is the process of documenting evidence possession
and control during an incident lifecycle. As a security analyst involved in a
forensic analysis, you will work with the computer data that was breached. You
and the forensic team will also need to document who, what, where, and why
you have the collected evidence. The evidence is your responsibility while it is
in your possession. Evidence must be kept safe and tracked. Every time
evidence is moved, it should be reported. This allows all parties involved to
know exactly where the evidence is at all times.

The second playbook your team might use is called the protecting and
preserving evidence playbook. Protecting and preserving evidence is the process
of properly working with fragile and volatile digital evidence. As a security
analyst, understanding what fragile and volatile digital evidence is, along with
why there is a procedure, is critical. As you follow this playbook, you will
consult the order of volatility, which is a sequence outlining the order of data
that must be preserved from first to last. It prioritizes volatile data, which is data
that may be lost if the device in question powers off, regardless of the reason.
While conducting an investigation, improper management of digital evidence
can compromise and alter that evidence. When evidence is improperly managed
during an investigation, it can no longer be used. For this reason, the first
priority in any investigation is to properly preserve the data. You can preserve
the data by making copies and conducting your investigation using those copies.

Programming: Used to create a specific set of instructions for a computer to

execute tasks.
Linux: Relies on a command line as the primary user interface. A command-line
interface is a text-based user interface that uses commands to interact with the
computer.
SQL: Structured Query Language: A programming language used to create,
interact with, and request information from database.
A database is an organized collection of information or data. There can be
millions of data points in a database. A data point is a specific piece of
information.
Python: Used to perform tasks that are repetitive and time-consuming, and that
require a high level of detail and accuracy.
A web vulnerability is a unique flaw in a web application that a threat actor
could exploit by using malicious code or behavior, to allow unauthorized
access, data theft, and malware deployment.
Antivirus software is a software program used to prevent, detect, and eliminate
malware and viruses. It is also called anti-malware.
An intrusion detection system (IDS) is an application that monitors system
activity and alerts on possible intrusions. The system scans and analyzes
network packets, which carry small amounts of data through a network. The
small amount of data makes the detection process easier for an IDS to identify
potential threats to sensitive data. Other occurrences an IDS might detect can
include theft and unauthorized access.
Encryption is the process of converting data from a readable format to a
cryptographically encoded format. Cryptographic encoding means converting
plaintext into secure ciphertext. Plaintext is unencrypted information and secure
ciphertext is the result of encryption.
Penetration testing, also called pen testing, is the act of participating in a
simulated attack that helps identify vulnerabilities in systems, networks,
websites, applications, and processes.

Terms and definitions from Course 1, Module 4

Antivirus software: A software program used to prevent, detect, and eliminate
malware and viruses
Database: An organized collection of information or data
Data point: A specific piece of information
Intrusion detection system (IDS): An application that monitors system activity
and alerts on possible intrusions
Linux: An open-source operating system
Log: A record of events that occur within an organization’s systems
Network protocol analyzer (packet sniffer): A tool designed to capture and
analyze data traffic within a network
Order of volatility: A sequence outlining the order of data that must be
preserved from first to last
Programming: A process that can be used to create a specific set of instructions
for a computer to execute tasks
Protecting and preserving evidence: The process of properly working with
fragile and volatile digital evidence
Security information and event management (SIEM): An application that
collects and analyzes log data to monitor critical activities in an organization
SQL (Structured Query Language): A programming language used to create,
interact with, and request information from a database