CYB 201: Introduction to Cybersecurity and Strategy (2 Units C: LH 30)
Week 1 Lecture Notes – Foundations and Core Concepts
Introduction: Defining Cyberspace and Security
In this week, we will establish the essential language and foundational concepts necessary to
study cybersecurity. Understanding these terms allows us to analyse attacks, threats, and
defence strategies effectively.
Term
Simple Definition
Cyber
The domain created by computer systems, networks, and the data that flows
through them. It encompasses the digital environment.
Security
The state of being free from danger or threat. In a digital context, it is the
measures taken to protect data and systems.
Threat
A potential danger or a possible negative action that could exploit a
vulnerability. (e.g., a hacker, malware, or a natural disaster).
Attack
An actual attempt to exploit a vulnerability, compromise security controls, or
gain unauthorized access. (e.g., a phishing campaign, a denial-of-service
event).
Defence
The combination of physical, technical, and administrative controls
implemented to resist an attack or threat.
Operations The actions taken to manage, monitor, and maintain the security posture of an
organization or system on a day-to-day basis.
The Core Principles: The CIA Triad
The CIA Triad is the universally accepted model for developing security policy and defining
the fundamental goals of any security system. Every security control or defence measure aims
to uphold at least one of these three principles.
Figure 1.1: The CIA Triad
A. Confidentiality
Confidentiality ensures that data is accessible only to authorized parties. It is the protection of
secrets.
✓ Goal: Preventing unauthorized disclosure of information.
✓ Common Controls: Encryption, strong passwords, access control lists (ACLs).
B. Integrity
Integrity ensures that data is accurate, complete, and trustworthy, and that it has not been altered
or destroyed in an unauthorized manner.
✓ Goal: Preventing unauthorized modification or destruction of information.
✓ Common Controls: Hashing algorithms (checksums), digital signatures, file
permissions.
C. Availability
Availability ensures that systems, services, and data are functional and accessible when
authorized users need them.
✓ Goal: Ensuring reliable access to resources by authorized users.
✓ Common Controls: Redundancy, fault tolerance, disaster recovery plans, backup
power supplies.
Foundational Security Controls
These controls are mechanisms used to enforce the CIA Triad.
Authentication and Access Control
✓ Authentication: The process of verifying the identity of a user, process, or device (e.g.,
username/password, biometric scan).
✓ Access Control (Basic Overview): Once authenticated, this is the mechanism that
restricts the rights and permissions of the user to specific resources (e.g., a user can read
a file but not write to it).
Non-Repudiation
Non-repudiation ensures that a party to a contract or communication cannot deny the
authenticity of their signature or the fact that they sent a message. It is critical for legal evidence
in digital transactions.
✓ Goal: Providing undeniable proof of origin or delivery.
✓ Common Controls: Digital certificates, robust logging, digital signatures.
Reliability: Fault-Tolerant Methodologies
To ensure Availability (part of the CIA Triad), systems must be designed to withstand failures
without halting operations. This is known as fault tolerance.
✓ Concept: Building redundancy into systems so that if one component fails (a "fault"), a
backup component can immediately take over, preventing a system-wide failure.
✓ Examples: Redundant hard drives (RAID), dual power supplies, mirrored servers, or
load-balanced network connections.
Knowledge Check Quiz
1. Which element of the CIA Triad ensures that data is not modified by unauthorized parties?
a) Confidentiality
b) Integrity
c) Availability
d) Authentication
2. What is the primary purpose of non-repudiation?
a) To prevent data loss
b) To prove that an action was performed by a specific party
c) To encrypt sensitive data
d) To block unauthorized access
3. Which security principle verifies that a user is who they claim to be?
a) Authorization
b) Authentication
c) Accounting
d) Access Control
4. A DDoS attack primarily targets which element of the CIA Triad?
a) Confidentiality
b) Integrity
c) Availability
d) All of the above
Exercise 1: CIA Triad Analysis
Scenario:
A hospital uses an electronic health records (EHR) system to store patient information. Identify
which element of the CIA Triad would be violated in each scenario below:
Scenario 1: A hacker gains access to patient medical records and posts them online
Scenario 2: A ransomware attack encrypts all patient records, making them inaccessible to
doctors
Scenario 3: An unauthorized person modifies a patient's medication dosage in the system
Scenario 4: A database backup fails and patient records are permanently lost
Exercise 2: Password Strength Evaluation
Task: Evaluate the following passwords and identify their weaknesses. Then suggest a stronger
alternative.
Password: password123
Password: john1990
Password: 12345678
Password: qwerty
Strong Password Guidelines:
✓
✓
✓
✓
At least 12 characters long
Mix of uppercase, lowercase, numbers, and symbols
Avoid dictionary words, personal information, and patterns
Use passphrases: "C0ffee&Blu3Sky$2024!"
0
