1.2.1 What is Cybersecurity?

Cybersecurity is the practice of protecting systems, networks, programs, devices, and data from digital attacks, damage, or unauthorized access. It encompasses technologies, processes, and practices designed to safeguard all components of cyberspace from threats.

1.2.2 Why Cybersecurity Matters

• Digital Transformation: As organizations and society become increasingly digitized, attack surfaces expand
• Financial Impact: The average cost of a data breach in 2024 exceeds $4.5 million
• Regulatory Requirements: Growing legal and compliance mandates around data protection
• Reputation: Security incidents can cause lasting damage to organizational trust
• Critical Infrastructure: Cyber attacks can impact essential services and public safety
• Personal Impact: Individual privacy and financial security are at stake

1.2.3 Key Concepts and Terminology

• Asset: Anything of value that needs protection (data, systems, etc.)
• Vulnerability: A weakness that can be exploited by threats
• Threat: A potential danger to assets
• Risk: The potential for loss or damage when a threat exploits a vulnerability
• Control: A safeguard or countermeasure to mitigate risk
• Exploit: A method of leveraging a vulnerability
• Attack Vector: The path or means by which an attacker gains access
• Attack Surface: The sum of all points where an attacker could attempt to enter
• Security Posture: The overall security status of an organization

1.3.1 Categories of Cyber Threats

1.3.2 Threat Actors

1.3.3 Attack Lifecycle

The Cyber Kill Chain model developed by Lockheed Martin describes the stages of a cyber attack:

1. Reconnaissance: Gathering information about the target
2. Weaponization: Preparing malware or attack vectors
3. Delivery: Transmitting the weapon to the target
4. Exploitation: Triggering the malicious code
5. Installation: Installing malware on the target system
6. Command & Control: Establishing persistent remote access
7. Actions on Objectives: Achieving the ultimate goal (data theft, destruction, etc.)

1.4.1 The CIA Triad

The CIA Triad forms the foundation of information security:

• Confidentiality: Ensuring that information is accessible only to those authorized to have access
• Integrity: Maintaining and assuring the accuracy and completeness of data
• Availability: Ensuring that authorized users have access to information when needed

1.4.2 Additional Security Principles

• Defense in Depth: Multiple layers of security controls
• Least Privilege: Providing minimal access rights needed for functions
• Separation of Duties: Dividing critical functions among different individuals
• Need to Know: Restricting access to the minimum necessary information
• Zero Trust: “Never trust, always verify” approach to security
• Fail Secure: Systems should default to secure state when failures occur

1.5.1 The Risk Equation

Risk = Threat × Vulnerability × Impact

1.5.2 Risk Management Process

1. Risk Identification: Determining what risks exist
2. Risk Assessment: Evaluating the significance of risks
3. Risk Treatment: Deciding how to handle identified risks
   • Accept: Acknowledge the risk without action
   • Mitigate: Implement controls to reduce risk
   • Transfer: Shift risk to another party (e.g., insurance)
   • Avoid: Eliminate the activity causing the risk

1.5.3 Security Controls Categories

• Preventive: Stop attacks before they occur
• Detective: Identify attacks in progress
• Corrective: Minimize impact after an incident
• Deterrent: Discourage attackers from targeting
• Recovery: Restore operations after an incident

1.6.1 Characteristics of Security Thinking

• Adversarial Thinking: Considering how systems might be attacked
• Holistic Perspective: Looking at the big picture of security
• Questioning Assumptions: Challenging “secure by default” claims
• Proactive Approach: Anticipating problems before they arise
• Continuous Learning: Keeping up with evolving threats

1.6.2 Building Your Security Awareness

• Stay Informed: Follow security news and advisories
• Practice Skepticism: Question unexpected communications
• Apply Updates: Keep systems and applications patched
• Use Strong Authentication: Implement multi-factor authentication
• Segment Information: Avoid sharing sensitive data unnecessarily

1.7.1 Exercise 1: Threat Identification

1. Consider a common system (e.g., email, cloud storage, smartphone)
2. Identify at least five potential threats to that system
3. For each threat:
   • Describe the potential attack vector
   • Identify the security principle(s) that would be violated
   • Suggest a control that could mitigate the threat

1.7.2 Exercise 2: Security Incident Analysis

Review the following scenario:

A company employee received an email appearing to be from the IT department requesting they update their password by clicking a link. After following the link and entering their current credentials, they began experiencing unusual behavior on their computer, and colleagues reported receiving strange emails from their account.

Answer the following questions: 1. What type of attack likely occurred? 2. What were the attack vectors? 3. What security principles were violated? 4. What could have prevented this attack? 5. What immediate steps should be taken to respond?