Craigs-Classroom

02 – Cyber Security Concepts

What we cover in this Module

Why cyber security matters

Aim: Understand why security is everyone’s job.
Summary: Cyber attacks can stop work, leak data, cost money, and damage reputation. It isn’t only “hackers vs tech”—mistakes, weak passwords, lost devices, and phishing are common causes. UK organisations must also meet legal and regulatory duties (e.g., data protection), so good security is part of doing business well.

Core concepts

Aim: Get the basic vocabulary you’ll use all year.
Summary:

  • CIA Triad: keep information secret (Confidentiality), correct (Integrity), and available when needed (Availability).
  • Asset • Threat • Vulnerability • Risk: what we protect, what could hurt it, the weakness, and the chance/impact.
  • People • Process • Technology: security works when all three align.
  • Controls: things we do to reduce risk (e.g., policies, training, MFA, firewalls).
  • AuthN vs AuthZ: logging in (authentication) vs what you’re allowed to do (authorisation); least privilege keeps access tight.

Assurance & trust

Aim: Know how we gain confidence that controls actually work.
Summary: Assurance is evidence (tests, reviews, audits) that our controls are effective. We prefer trustworthy systems (built and operated well) and use trusted paths (e.g., secure log-on screens, HTTPS) to reduce tampering. Hardware roots of trust (e.g., a secure chip) and code-signing help us verify software and updates.

Testing & vulnerability management

Aim: See how we find and fix weaknesses safely.
Summary: Vulnerability scanning looks for known issues; penetration testing safely simulates attacks; configuration reviews check if systems are set up sensibly. We track issues (often by CVE ID), score/prioritise them (e.g., by severity and business impact), patch or mitigate, and record what changed. Scanners can miss unknown issues and produce false positives—human judgement matters.

Computing technology primer (for newcomers)

Aim: Demystify the kit and the networks it uses.
Summary: A computer has a CPU, memory (RAM), storage, and an operating system (Windows, Linux, etc.). It runs processes/services and stores files in folders with permissions. Networks connect devices (LAN at home/work; WAN/Internet globally). Data moves in packets using protocols (TCP/UDP) and ports (e.g., web on 80/443). Names (like example.com) resolve via DNS. Good basics: strong passwords, MFA, updates, firewalls, and backups.

Recent Posts
Categories
Study Guide: Understanding Cryptography in Cyber Security
03 – Programming, Scripting and AI
05 – A – Networking Part 02
Tags