Cyber Security Fundamentals – Comprehensive Study Notes

Definition of “Cyber” & “Cyber Security”

• “Cyber” = any domain that involves computers, digital technologies, networks, or the Internet.

• “Cyber Security” = application of technologies, processes, & controls to protect systems, networks, programs, devices, and data from cyber-attacks.

  • Comprehensive approach embracing prevention, detection, response, and recovery.

  • Goals: confidentiality, integrity, availability, authentication, non-repudiation.

Objectives of the Session

• Understand the definition & primary aim of cyber security.

• Identify & describe common cyber security risks.

• Explain the importance of managing cyber risks in an organisation.

• Describe the step-by-step cyber-risk-management process.

• Recognise the role of policy, procedure, & user awareness in a holistic defence.

Cyber Security Strategy – Core Objectives

• Protect privacy of customer data (survey response: 66\%).

• Minimise disruption to ongoing operations (58\%).

• Demonstrate trust to external stakeholders (50\%).

• Maintain regulatory compliance (49\%).

• Ensure workforce productivity (44\%).

  • Highlights the multi-stakeholder value proposition: customer, regulator, employee, shareholder.

Forces Driving Cyber Security Investment

• Growing number of cyber-criminals (48\% cite growth).

• Rising privacy concerns / trust deficit (47\%).

• Expanding variety & sophistication of attacks (45\%).

• Larger potential attack surface & scale (44\%).

• Increased reliance on data as core asset (38\%).

• Difficulty in quantifying security issues (33\%).

• Widely dispersed skill requirements (28\%).

• Pressure of regulatory compliance (ties with 44\% above).

  • Practical implication: budget allocation must align to these perceived pain points.

Expanded Definition & Scope

• Prevent, protect, and restore computers & electronic communication systems/services.

• Safeguard information’s:

  • Confidentiality – no unauthorised disclosure.

  • Integrity – unaltered & trustworthy.

  • Availability – usable on demand by authorised entities.

  • Authentication – verifiable identity.

  • Non-repudiation – action accountability cannot be denied.

• Implements security protocols, specialised software, strong access controls, and continual monitoring.

CIA Triad (Foundational Model)

• Confidentiality → only intended recipients can read data.

  • Eg: end-to-end encryption of chat apps.

• Integrity → data cannot be changed without detection.

  • Eg: digital signatures or file checksums.

• Availability → resources must be accessible when needed.

  • Eg: redundant servers & DDoS mitigation.

  • Ethical angle: Denial of service on a hospital system can endanger human life.

Broad Aims of Cyber Security Program

• Reduce likelihood & impact of cyber-attacks.

• Protect systems, networks, and emerging technologies from exploitation.

• Preserve Confidentiality, maintain Integrity, guarantee Availability ("CIA").

Levels of Cyber Security Responsibility

• Personal Level

  • Safeguard identity, data, devices.

  • Use strong & unique passwords, MFA, updated software.

• Organisational Level

  • Every employee has a duty to protect brand reputation, customer data, & IP.

  • Requires formal security policies & awareness training.

• Government / National Level

  • Protect national security, economy, citizen safety.

  • Enact & enforce laws, build resilient critical-infrastructure.

  • Real-world link: GDPR in EU, CISA in US, NIS2 directive.

Traditional Data Types within Organisations

• Transactional Data

  • Sales, procurement, HR transactions, daily operations.

• Intellectual Property (IP)

  • Patents, trademarks, R&D blueprints; loss undermines competitive advantage.

• Financial Data

  • Income statement, balance sheet, cash-flow; essential for investor confidence.

  • Attack example: alteration of numbers could mislead markets (integrity breach).

Common Cyber Security Risks

• Data breaches (external or insider).

• Malware infections (viruses, ransomware, spyware).

• Insider threats (malicious or careless employees).

• Phishing & social engineering.

• Lack of security awareness across staff.

• Weak / stolen passwords.

  • Practical tip: implement password managers & MFA.

Why Adopt a Risk-Oriented Approach?

• Risk assessment = most critical cyber-security function.

• Enables informed decisions, prioritisation, and resource optimisation.

• Aligns technical controls with business objectives & risk appetite.

Categories of Cyber Security Controls

• Physical Controls – tangible security (guards, CCTV, locks, biometrics, fire-suppressant, secure disposal).

• Virtual Controls – logical/technical (firewalls, AV, encryption, MFA, access control lists, patching).

• Administrative Controls – policies, procedures, training, background checks.

• Technical Controls – overlaps with virtual; includes IDS/IPS, EDR, SIEM.

Physical Risk Controls (Examples & Rationale)

• Security guards & surveillance → deter & detect intruders.

• Locked doors, access cards → restrict entry.

• Biometric scanners → stronger authentication, non-transferable.

• Fire-alarm & environmental sensors → protect availability by preventing hardware loss.

• Secure disposal → mitigates dumpster-diving & data remanence.

Virtual / Technical Risk Controls

• Firewalls (network & host-based) → enforce traffic rules.

• Antivirus / anti-malware → detect & quarantine malicious code.

• Encryption in transit (TLS), at rest (AES) → preserve confidentiality.

• Multi-factor authentication (password + token/biometric).

• Access-control lists (ACL) & role-based permissions.

• Timely security patches & updates → close known vulnerabilities.

Five-Function Cyber Security Process (NIST-inspired)

1. Identify – catalogue assets, processes, data, threats.

2. Protect – implement safeguards.

3. Detect – discover incidents through monitoring.

4. Respond – contain & eradicate.

5. Recover – restore capabilities & services.

   • Cyclical & continuous improvement loop.

Cyber Security Risk Management – Four Core Processes

1. Risk Identification – list threats, vulnerabilities, assets.

2. Risk Assessment – analyse likelihood & impact.

3. Risk Treatment – choose strategy (avoid, reduce, transfer, accept).

4. Risk Monitoring – continuous oversight, adapt to new threats.

Detailed Risk-Management Procedure

1. Identify Risks

   • Asset inventory → hardware, software, data.

   • Threat enumeration → malware, insiders, APTs.

   • Vulnerability scanning & gap analysis.

2. Analyse Risks

   • Likelihood scoring (qualitative or quantitative).

   • Impact analysis (financial, reputational, operational, legal).

   • Risk rating (heat-map, Low\rightarrowHigh).

3. Evaluate Risks

   • Compare against risk appetite / tolerance.

   • Prioritise mitigation.

4. Treat Risks

   • Apply controls; decide strategy:
     • Avoid (stop risky activity)
     • Reduce (implement safeguards)
     • Transfer (cyber-insurance, outsourcing)
     • Accept (monitor, contingency plan).

5. Monitor & Review

   • Scheduled audits, vulnerability scans, threat-intel feeds.

   • Update procedures as landscape evolves.

Governance via Policies

• Policy = high-level statement of management intent & expectations.

• Cyber security policy communicates commitment to protect CIA of assets.

• Guides implementation of principles, technologies, and behaviour.

Major Policy Types & Focus Areas

• Access Control Policy – least-privilege, NDAK (need-to-know), segregation of duties.

• Information Transfer Policy – secure email, encryption, data-labeling, transfer logs.

• Secure Configuration & Endpoint Security Policy – device hardening, patch cadence, storage encryption.

• Network Security Policy – firewall rules, IDS/IPS, segmentation, traffic logging.

• Incident Management Policy – classification, escalation paths, forensic evidence handling.

• Backup & Data Recovery Policy – RPO/RTO targets, encryption, off-site storage.

• Cryptography & Key-Management Policy – key lifecycles, HSM usage, algorithm standards.

• Information Classification & Handling Policy – sensitivity labels, permitted storage & sharing channels.

Risk Fundamentals – Formulae & Matrix

• Risk = Threats \times Vulnerabilities \times Impact

• Alternative IT-centric: Risk = Threat \times Vulnerability \times Asset\ Value

• Two Factors: probability of occurrence × consequence of event.

• Example Probability-Impact Matrix (simplified):

  • Very High probability (81\text{--}100\%) & Severe impact → Extreme risk.

  • Low probability (21\text{--}40\%) & Minor impact → Low risk.

  • Matrix supports visual prioritisation.

Phases of an Organisational Risk-Management Program

1. Risk Identification.

2. Risk Assessment.

3. Risk Treatment (control selection & implementation).

4. Risk Tracking (verify controls, watch for emerging risks).

5. Risk Review (evaluate program effectiveness, continuous improvement).

Incident Management Essentials

• Goal: restore normal operations rapidly & prevent recurrence.

• Processes include reporting, detection, triage, containment, eradication, recovery, post-incident review.

• Additional services: vulnerability handling, artifact analysis, public announcements.

Cyber Risk Incident Lifecycle

1. Detection & Identification – sensors, SIEM alerts, user reports.

2. Containment – isolate network segments, disable compromised accounts.

3. Eradication – remove malware, patch vulnerabilities, cleanse artifacts.

4. Recovery – rebuild servers, validate integrity, gradual return to production.

5. Post-Incident Review – root-cause analysis, lessons learned, policy updates.

   • Real-world example: Target 2013 breach led to stricter vendor-access controls.

Cyber Security Framework (e.g., NIST CSF)

• Provides common language & best practices to manage risk.

• Core Functions: Identify, Protect, Detect, Respond, Recover.

• Sub-categories (illustrative):

  • Asset Management, Governance, Risk Assessment/Management Strategy.

  • Data Security, Access Control, Awareness & Training, Maintenance.

  • Anomalies & Events, Continuous Monitoring, Detection Processes.

  • Response Planning, Communications, Analysis, Mitigation.

  • Recovery Planning, Improvements, External Communications.

Why Use a Framework?

• Prioritises resource allocation & budgeting.

• Improves decision-making & risk posture.

• Simplifies regulatory alignment (GDPR, HIPAA, PCI-DSS).

• Promotes enterprise-wide cyber-security culture & shared terminology.

Tools Supporting Risk Management

• Antivirus / Endpoint Protection Platforms.

• Firewalls (Next-Gen, Web-App, Cloud-native).

• Encryption utilities (PGP, TLS, disk-encryptors).

• Vulnerability Scanners (Nessus, OpenVAS, Qualys).

• Incident-response platforms & ticketing (Siemplify, TheHive, JIRA-SecOps).

Key Benefits of Robust Cyber Risk Management

• Protects sensitive data & reduces probability of breaches.

• Minimises financial loss (fines, downtime, ransom, litigation).

• Ensures legal & regulatory compliance – averts penalties.

• Enhances brand reputation & customer trust.

• Enables quicker detection, response, and recovery → business continuity.

Ethical, Philosophical & Practical Considerations

• Duty of care: organisations bear moral responsibility to safeguard stakeholder information.

• Privacy vs. surveillance trade-off: balance monitoring with employee rights.

• Resource equity: small firms must innovate (cloud security, MSSPs) to achieve comparable protection levels.

• Sustainability: energy-efficient data centres & green IT practices align with availability & environmental ethics.

• Continuous learning culture: empower users; human layer remains weakest link.

Summary / Final Takeaways

• Cyber security safeguards the digital fabric of modern society.

• Risk-based, policy-driven approach harmonises technical, human, and procedural defences.

• CIA triad underpins every control & decision.

• Structured frameworks & incident-response lifecycles convert chaos into repeatable workflows.

• Continuous monitoring, education, and improvement are non-negotiable for resilient security posture.