Chapter 1

1.1 The CIA Triad

The CIA Triad stands for Confidentiality, Integrity, and
Availability, which are the core principles of cybersecurity.
 Confidentiality ensures that sensitive data is accessed only
by authorized users (e.g., encryption, passwords).
 Integrity ensures data is accurate and not altered (e.g.,
hashing, checksums).
 Availability ensures systems and data are accessible when
needed (e.g., backups, redundancy).
These three together help protect information systems from
unauthorized access, modification, and disruption.
1.2 Authentication, Authorization, and Accounting (AAA)
AAA is a framework used for controlling access to systems:
 Authentication verifies identity (e.g., passwords,
biometrics, OTP).
 Authorization decides what permissions a user has (e.g.,
admin vs user access).
 Accounting tracks user activities (logs, audit trails).
Example: When logging into a system, first you enter a
password (authentication), then you access allowed
resources (authorization), and your actions are recorded
(accounting).
AAA ensures secure and controlled system usage.
1.3 Vulnerabilities, Threats, and Risks
 Vulnerability: A weakness in a system (e.g., outdated
software).
  Threat: A potential danger exploiting a vulnerability (e.g.,
malware attack).
 Risk: The impact or loss when a threat exploits a
vulnerability.
Formula (important for exams):
Risk = Threat × Vulnerability × Impact
Example: Weak password (vulnerability) + hacker attempt (threat)
= risk of account compromise.
1.4 Types of Proxy Server & Need of Private Proxy
Types of Proxy Servers:
 Forward Proxy: Acts on behalf of client
 Reverse Proxy: Protects servers
 Transparent Proxy: No modification to request
 Anonymous Proxy: Hides user identity
 High Anonymity Proxy: Fully hides identity
Need of Private Proxy:
Private proxies are used for better security, faster speed, and
exclusive access. They reduce chances of blacklisting, improve
privacy, and are useful in business, web scraping, and secure
browsing.
1.5 Seven Layers of Cyber Security (Functions & Controls)
Cybersecurity can be divided into layers for better protection:
1. Physical Layer – Protect hardware (locks, CCTV)
2. Network Layer – Secure network (firewalls, IDS)
3. Endpoint Layer – Protect devices (antivirus)
4. Application Layer – Secure apps (patching, testing)
5. Data Layer – Protect data (encryption, backup)
 6. User Layer – User awareness (training)
7. Mission-Critical Layer – Protect core operations
Each layer has controls to prevent attacks, ensuring strong overall
security.

Chapter 2
2.1 Threats and Countermeasures Concepts (Definitions
Only)
Malware:
 Virus: Malicious code that attaches to files and spreads
when executed.
 Worm: Self-replicating malware that spreads automatically
over networks.
 Trojan Horse: Malware disguised as legitimate software to
trick users.
 Ransomware: Malware that locks/encrypts data and
demands payment.
System & Program Vulnerabilities:
 Buffer Overflow: Occurs when excess data overwrites
memory, allowing code execution.
 Privilege Escalation: Gaining higher access rights than
permitted (e.g., user to admin).
2.2 Security Purpose Role of OSI Model Layers
Each layer of the OSI model has a role in security:
 Physical – Data transmission; threats: tampering; control:
locks
 Data Link – Frame transfer; protocols: Ethernet; threats:
MAC spoofing
  Network – Routing; protocols: IP; threats: IP spoofing
 Transport – End-to-end delivery; protocols: TCP/UDP;
threats: port attacks
 Session – Session management; threats: session hijacking
 Presentation – Data format/encryption; threats: data
manipulation
 Application – User interface; protocols: HTTP, FTP; threats:
phishing, malware
Each layer adds security controls like encryption, authentication,
and monitoring.
2.3 Overview & Types of Operational Technology (OT)
Attacks
Operational Technology (OT) includes systems controlling
industrial processes (power plants, factories). OT attacks target
these systems to disrupt operations.
Types of OT Attacks:
 SCADA Attacks – Target industrial control systems
 Ransomware Attacks – Lock industrial systems
 Supply Chain Attacks – Compromise vendors/software
 Insider Threats – Employees misuse access
 Denial of Service (DoS) – Disrupt system availability
These attacks can cause physical damage, production loss, and
safety risks.
2.4 Overview & Types of IoT Attacks
IoT (Internet of Things) devices include smart home gadgets,
sensors, etc. They are vulnerable due to weak security.
Types of IoT Attacks:
  Botnet Attacks – Devices used in large-scale attacks (e.g.,
DDoS)
 Device Hijacking – Unauthorized control of devices
 Data Theft – Stealing sensitive information
 Man-in-the-Middle (MITM) – Intercepting communication
 Firmware Attacks – Exploiting outdated software
IoT attacks can lead to privacy loss, data breaches, and system
compromise.
2.2 Security Purpose Role of OSI Model Layers (Detailed)

Security Attacks /
Layer Functions Protocols
Threats

Transmits raw bits over Ethernet Wire tapping, physical

Physical
medium cable, USB damage

Frame delivery, MAC Ethernet, MAC spoofing, ARP

Data Link
addressing ARP poisoning

Routing and logical IP spoofing, routing

Network IP, ICMP
addressing attacks

Transport End-to-end TCP, UDP

communication, Port scanning, SYN
reliability flood

Manages sessions NetBIOS,

Session Session hijacking
between systems RPC

Presentati Data formatting, SSL/TLS Data interception,

 Security Attacks /
Layer Functions Protocols
Threats

on encryption encryption attacks

Applicatio User interface, network HTTP, FTP, Phishing, malware,

n services SMTP SQL injection

Chapter 3
3.1 What is Cybercrime & Classification of Cyber Criminals
Cybercrime refers to any unlawful activity carried out using
computers, digital devices, or the internet as a tool, target, or
both. It includes offences such as hacking, identity theft, phishing,
online fraud, cyberbullying, and data breaches. Cybercrime can
affect individuals, organizations, and even governments, leading
to financial losses, privacy violations, and threats to national
security. The growth of digital technology has increased the scope
and complexity of such crimes.
Classification of Cyber Criminals:
 Hackers – Skilled individuals who exploit system
vulnerabilities
 Script Kiddies – Unskilled attackers using pre-made tools
 Insiders – Employees misusing authorized access
 Cyber Terrorists – Target critical infrastructure and security
 Organized Criminals – Professional groups conducting
large-scale cyber fraud

Chapter 4
4.1 Concept of Hacking and Types of Hackers
Hacking is the process of identifying weaknesses in computer
systems, networks, or applications and exploiting them to gain
access or control. It can be performed for ethical purposes
(security testing) or malicious intentions (data theft, disruption).
Ethical hacking is legal and helps organizations strengthen their
security by identifying vulnerabilities before attackers exploit
them.
Types of Hackers:
 White Hat Hackers – Ethical professionals who test and
secure systems
 Black Hat Hackers – Malicious attackers seeking financial
or personal gain
 Grey Hat Hackers – May violate rules but not always with
harmful intent
 Script Kiddies – Beginners using ready-made hacking tools
 Hacktivists – Hackers motivated by political or social
causes
Hacking plays a crucial role in improving cybersecurity when used
responsibly.

Chapter 5
5.1 Introduction to Digital Forensics
Digital Forensics is a branch of forensic science that deals with
the identification, collection, preservation, analysis, and
presentation of digital evidence from electronic devices. It is
mainly used in investigating cybercrimes such as hacking, fraud,
data breaches, and cyber terrorism. The primary objective is to
maintain the integrity and authenticity of evidence so that it can
be used in legal proceedings.
Digital forensics involves examining computers, mobile phones,
networks, storage devices, and even cloud systems to recover
hidden, deleted, or encrypted data. It follows a structured process
and uses specialized tools to ensure accuracy. This field helps
investigators reconstruct events, identify attackers, and provide
reliable proof in court.