GOALS OF CYBER SECURITY (CIA TRIAD)

The CIA Triad is the core model used in cybersecurity to protect information and systems.
It stands for:
 Confidentiality
 Integrity
 Availability
Each of these principles works together to keep data safe, accurate, and accessible.

1. Confidentiality – Protecting Sensitive Information

Only people with permission should be able to see or use certain information. It prevents
unauthorized access and data leakage.
Example in real life:
 Your Gmail account is private – only you should be able to log in.
 Hospitals must protect patient health records.
 Banks must keep your financial details secret.
Common Threats to Confidentiality:
 Hackers breaking into systems.
 Malicious insiders stealing data.
 Physical theft of devices like laptops or hard drives.
How organizations protect confidentiality:
 1. Encryption → Converts information into unreadable code, only decrypted with the
right key.
Example: WhatsApp messages are end-to-end encrypted.
2. Access Controls → Using usernames, passwords, biometrics, multi-factor
authentication to restrict access.
3. Employee Training → Teaching staff not to fall for phishing scams or leak sensitive
data.

2. Integrity – Ensuring Accuracy and Trustworthiness of Data

Data should always stay correct, whole, and reliable.

It must not be altered, deleted, or tampered with by unauthorized people.
Example in real life:
 If a student scores 95 marks, the result should not change to 59 because of a hacker or
system error.
 Online banking transactions must reflect the exact amount transferred.
What happens if integrity is lost?
 Wrong business decisions.
 Loss of customer trust.
 System failures.
How organizations protect integrity:
1. Hashing → Creates a unique digital fingerprint of data. If even 1 letter changes, the
hash changes, showing tampering.
2. Digital Signatures → Proves that data or a message really came from the sender and
hasn’t been changed.
3. Checksums → Mathematical values used to check if files got corrupted during
transfer.

3. Availability – Keeping
Information Accessible
Authorized users should be able to access data and systems whenever they need it. It ensures
smooth functioning of businesses.
Example in real life:
 You should be able to withdraw money from an ATM at any time.
 E-commerce websites (like Amazon) must be online 24/7.
Threats to Availability:
 System Failures → Hardware breakdowns, software crashes.
 Natural Disasters → Floods, fires, earthquakes damaging data centers.
 Cyberattacks → Ransomware, Denial-of-Service (DoS) attacks that make systems
unavailable.
How organizations protect availability:

1. Backups → Keeping copies of data in case the main one is lost.

2. Disaster Recovery Plans → Steps to quickly restore systems after an incident.
3. Redundancy → Extra servers, storage, or internet connections to take over if one fails.
4. Monitoring → Constantly watching for issues and fixing them quickly.

DIFFERENCE BETWEEN THREATS, VULNERABILITIES, AND RISKS.

Threat
A cyber threat is a malicious act that seeks to steal or damage data or discompose the digital
network or system. Threats can also be defined as the possibility of a successful Cyber attack
to get access to the sensitive data of a system unethically.
Examples of threats include computer viruses, Denial of Service (DoS) attacks, data
breaches, and even sometimes dishonest employees.
Types of Threat
Threats could be of three types, which are as follows:
1. Intentional: Malware, phishing, and accessing someone's account illegally, etc. are
examples of intentional threats.
2. Unintentional: Unintentional threats are considered human errors, for example,
forgetting to update the firewall or the anti-virus could make the system more
vulnerable.
3. Natural: Natural disasters can also damage the data, they are known as natural threats.

Vulnerability
In cybersecurity, a vulnerability is a flaw in a system's design, security procedures, internal
controls, etc., that can be exploited by cybercriminals. In some very rare cases, cyber
vulnerabilities are created as a result of cyberattacks, not because of network
misconfigurations. Even it can be caused if any employee anyhow downloads a virus or a
social engineering attack.
Types of Vulnerability
Vulnerabilities could be of many types, based on different criteria, some of them are:
1. Network: Network vulnerability is caused when there are some flaws in the network's
hardware or software.
2. Operating system: When an operating system designer designs an operating system
with a policy that grants every program/user to have full access to the computer, it
allows viruses and malware to make changes on behalf of the administrator.
3. Human: Users' negligence can cause vulnerabilities in the system.
4. Process: Specific process control can also cause vulnerabilities in the system.

Risk
Cyber risk is a potential consequence of the loss or damage of assets or data caused by a
cyber threat. Risk can never be completely removed, but it can be managed to a level that
satisfies an organization's tolerance for risk. So, our target is not to have a risk-free system,
but to keep the risk as low as possible.
Cyber risks can be defined with this simple formula- Risk = Threat + Vulnerability. Cyber
risks are generally determined by examining the threat actor and type of vulnerabilities that
the system has.
Types of Risks
There are two types of cyber risks, which are as follows:
1. External: External cyber risks are those which come from outside an organization, such as
cyberattacks, phishing, ransomware, DDoS attacks, etc.
2. Internal: Internal cyber risks come from insiders. These insiders could have malicious
intent or are just not be properly trained.

Vulnerability
Aspect Threat (Danger) Risk (Impact)
(Weakness)
Anything that can A weakness in hardware,
The chance of loss/damage
Definition cause harm to a software, or design that
when a threat uses a
system or data. threats can exploit. vulnerability.
Nature The danger itself. The weak point. The resulting harm.
Hackers, viruses, Weak passwords, Data theft, account hacking,
Example phishing emails, outdated software, open
money loss, service
natural disasters. Wi-Fi, no antivirus. downtime.
May or may not be Always intentional (causes
Intentional? Generally unintentional.
intentional. loss/damage).
Can be controlled by
Cannot be controlled Can be reduced by security
Control fixing/patching
directly. measures and monitoring.
weaknesses.
Detected by antivirus, Detected by penetration Detected by unusual signs
Detection threat logs, monitoring testing and vulnerability (weird emails, slow system,
systems. scanners. strange login attempts).
Reduced by safe practices
Managed through
Blocked by managing (updates, trusted downloads,
Management identifying, prioritizing,
vulnerabilities. cybersecurity team, incident
and fixing weaknesses.
plan).

SECURITY CONCEPTS AND TERMINOLOGY:

1. Firewall:
A firewall is a network security device or software that monitors and filters incoming and
outgoing network traffic based on an organization's previously established security policies. It
is essentially a barrier between a trusted, secure internal network (like your home Wi-Fi) and
an untrusted external network (the internet).

How It Works:
Firewalls operate primarily by inspecting data "packets"—the formatted units of data
transmitted over a network. They make decisions based on a set of pre-configured rules:

 Packet Filtering: The most basic type. It checks each packet's:

o Source and Destination IP Addresses: Where is it coming from and going to?
(e.g., "Block all packets from IP [Link]")
o Port Numbers: Ports are like doors to specific services. Web traffic uses port
80/443, email uses port 25, etc. (e.g., "Allow traffic only on port 443 for
secure web browsing").
o Protocol: The type of communication (e.g., TCP, UDP, ICMP).
 Stateful Inspection (Dynamic Packet Filtering): A more advanced method. It doesn't
just look at individual packets; it tracks the state of active connections. For example,
if an internal computer requests a webpage, the firewall expects returning packets for
that specific request and will allow them through. Unsolicited incoming packets are
blocked.
 Next-Generation Firewalls (NGFW): Modern firewalls include deeper inspection
capabilities:
 o Deep Packet Inspection (DPI): Looks inside the data part of the packet, not
just the headers, to check for malware, specific content, or malicious code.
o Application-Level Gateway (Proxy Firewall): Acts as an intermediary. Your
computer talks to the firewall, and the firewall makes a new connection to the
internet on your behalf, masking your internal network.
o Integrated Intrusion Prevention Systems (IPS): Actively block attacks by
detecting and preventing known exploit patterns.

2. Antivirus (AV):
Antivirus software is a program designed to prevent, detect, and remove malicious software
(malware) on an endpoint-a single device like a computer, server, or phone.

How It Works:
Antivirus software employs a multi-layered approach to find and neutralize threats:
1. Signature-Based Detection: This is the foundational method. The AV software maintains a
vast database of unique code patterns ("signatures") that identify known malware. It scans
files and compares them to this database. If there's a match, the file is quarantined or deleted.
Limitation: Useless against zero-day attacks(brand new malware that has no known signature
yet).

2. Heuristic Analysis: To overcome the limitation of signatures, heuristic analysis examines a

file's behaviour and structure for suspicious properties. It looks for code that behaves like
malware (e.g., instructions to modify system files or hide itself). This allows it to detect new
variants of known malware families or entirely new threats.

3. Behavioural Blocking (Real-Time Protection): This monitors programs as they run (in
real-time). If a program starts acting maliciously-for example, if a word processor suddenly
tries to format your hard drive or encrypt all your documents-the behavioural blocker will
halt the program and alert the user.

4. Sandboxing: Some advanced AV solutions will execute suspicious files in an isolated,

virtual environment (a "sandbox") to observe their behaviour without risking the host system.
If the file acts maliciously in the sandbox, it is blocked from running on the real system.

3. Malware:
Malware (a portmanteau of malicious software) is any software intentionally designed to
cause disruption, damage, or gain unauthorized access to a computer, server, client, or
computer network.

Types of Malware :
1. Virus: The most well-known type. A virus attaches itself to a clean file and spreads,
infecting other files. It requires human action to propagate (e.g., a user must execute an
infected program). Its primary function is to corrupt, destroy, or modify data.

2. Worm: Similar to a virus but more dangerous because it can self-replicate and spread
without any human interaction. It exploits vulnerabilities in operating systems or software to
travel across networks, often causing massive disruption by consuming bandwidth.
3. Trojan Horse (Trojan): Disguises itself as legitimate, useful software to trick users into
downloading and installing it. Once inside, it does not replicate but creates a backdoor, giving
attackers remote control over the victim's device. It is a delivery mechanism for other
malware.

4. Ransomware: A particularly devastating form of malware that encrypts the victim's files,
making them inaccessible. The attacker then demands a ransom payment (usually in
cryptocurrency) in exchange for the decryption key.

5. Spyware: Designed to secretly gather information about a person or organization without

their knowledge. This can include:
o Keyloggers: Recording every keystroke to steal passwords and credit card numbers.
o Info-stealers Harvesting browser history, documents, and installed applications.

6. Adware: Automatically delivers advertisements to generate revenue for its author. While
often just annoying, it can degrade system performance and sometimes include spyware
components.

7. Rootkit: A stealthy type of malware designed to hide the existence of certain processes or
programs from normal methods of detection. It gains deep, administrator-level control ("root"
access) of a system and is extremely difficult to remove

4. Hacking:
Hacking is the broader practice of identifying and exploiting weaknesses in computer systems
and networks. The goal is not always malicious; it is the act of engaging with a system in a
way that goes beyond its intended use.

A successful malicious hack (cyberattack) often follows a pattern:

1. Reconnaissance: The attacker researches the target (e.g., identifying employee emails on
LinkedIn, finding public IP addresses, scanning for open ports).
2. Weaponization: Pairing a remote access tool (a "payload," which is malware) with an
exploit into a deliverable package (e.g., creating a malicious PDF document).
3. Delivery: Transmitting the weaponized bundle to the target (e.g., via phishing email,
malicious website, or USB drop).
4. Exploitation: The code is executed, exploiting a vulnerability in the system (e.g., an
outdated piece of software) to gain a foothold.
5. Installation: The malware (e.g., a Trojan) is installed on the target system, establishing a
persistent presence.
6. Command & Control (C2): The infected system calls back to the attacker's server to
receive further instructions.
7. Actions on Objectives: The attacker achieves their goal, which could be data theft,
destruction, encryption for ransom, or using the system as a hop-point for further attacks.

Types of Hackers:
 Black-Hat Hackers: The "villains." They break into systems with malicious intent for
personal or financial gain, espionage, or to cause damage.
 White-Hat Hackers (Ethical Hackers): The "heroes." They are security professionals
hired to find vulnerabilities in systems with permission to help organizations fix them
before black-hats can exploit them.
 Grey-Hat Hackers Operate in a moral grey area. They may hack without permission
but without malicious intent, often to expose vulnerabilities publicly or to bring
attention to an issue.

SAFE INTERNET PRACTICES

Responsible Digital Behaviour

This is about the conscious choices you make that affect your own security and the broader
digital ecosystem.
1. Password Hygiene:
 Strong and Unique Passwords: Use long, complex passwords (a minimum of 12
characters mixing upper/lower case letters, numbers, and symbols). Never reuse
passwords across different sites. If one site is breached, hackers will try that same
email/password combination on every other popular service (called "credential
stuffing").
 Password Manager: Use a reputable password manager (like Bit warden, Password, or
LastPass). It creates, stores, and auto-fills strong, unique passwords for all your
accounts. You only need to remember one master password.
 Multi-Factor Authentication (MFA/2FA): Enable this everywhere it is offered. It adds
a second step to logging in (e.g. a code from an app like Authy or Google
Authenticator, or a physical security key). Even if someone steals your password, they
can't log in without this second factor.

2. Software Updates: Keep everything updated. This includes your operating system
(Windows, macOS), web browsers (Chrome, Firefox), and all applications. Updates often
contain critical security patches that fix vulnerabilities hackers are actively exploiting. Enable
automatic updates where possible.

3. Sharing Information Mindfully:

 Social media: Be extremely cautious about what you share publicly. Information like
your birthdate, pet's name, mother's maiden name, and school are answers to common
 security questions. Sharing vacation photos in real-time announces your home is
empty.
 Oversharing: Only provide necessary information on websites and forms. If a field is
optional, consider leaving it blank.

4. Downloading Software: Only download software and apps from official sourceslike the
Apple App Store, Google Play Store, or the official website of the developer. Avoid pirated
software and third-party download sites, which often bundle their "free" software with hidden
malware.

Secure Browsing & Identifying Fake/Unsafe Websites

Your web browser is your main window to the internet; keeping your browsing secure is
paramount.

1. HTTPS Everywhere:
Look for the Padlock: Before entering any personal or payment information, ensure the
website's URL begins with `[Link] (not `[Link] and that there is a padlock icon in the
address bar.
HTTPS indicates the connection between your browser and the website is encrypted. This
prevents anyone on the same network (like public Wi-Fi) from eavesdropping on the data you
send. Modern browsers often mark HTTP sites as "Not Secure."

2. Inspecting the URL:

 Scammers often use typo squatting: They register domains that are slight misspellings
of popular websites (e.g., `[Link]`, `[Link]`, `[Link]`). Always
double-check the URL carefully.
 Check the domain name: For `[Link]`, the real domain is
`[Link]`, not Facebook. The important part is always just before the top-level
domain (.com, .org, .net).

3. Website Design and Content:

 Poor Quality: Be sceptical of sites filled with spelling and grammatical errors, low-
resolution images, and overly flashy or cluttered designs. Legitimate companies invest
in professional web design.
 Too Good to Be True: Massive discounts on luxury goods (e.g., a new iPhone for $50)
are almost always a scam to steal your credit card info or personal details.

4. Use a Browser with Safety Features:

Modern browsers like Google Chrome and Mozilla Firefox have built-in safe browsing
features that warn you when you attempt to navigate to a known phishing or malicious site.

5. Browser Extensions:
Consider using reputable extensions like u Block Origin (an ad-blocker). Malicious ads
("malvertising") can infect your computer just by displaying on a legitimate website. An ad-
blocker prevents these ads from loading.

Email Safety: Detecting Phishing and Spam

Email is the primary vector for cyberattacks. Learning to identify malicious emails is a
critical skill.
What is Phishing?
A cyberattack that uses disguised email as a weapon. The goal is to trick the email recipient
into believing the message is something they want or need (e.g., a request from their bank, a
note from a colleague, an invoice) and to click a link or download an attachment that installs
malware or steals credentials.

How to Detect Phishing & Spam:

 Check the Sender's Address: This is the #1 giveaway. Hover your mouse over the
"from" name to reveal the actual email address. Does it match the company it claims
to be from? Be wary of addresses from public domains (e.g., `...@[Link]`)
pretending to be your bank or a large corporation.
 Look for Generic Greetings: Phishing emails often use generic greetings like "Dear
Valued Customer" or "Dear User" instead of your actual name.
 Sense of Urgency or Fear: Phishing emails create panic to make you act without
thinking. "Your account will be suspended in 24 hours!" or "Unusual login attempt
detected!" are classic tactics.
 Hover Over Links: NEVER click a link immediately. Hover your mouse over the link
(without clicking) to see the actual destination URL in the bottom corner of your
browser. Does it match the text and the company it claims to be from? If it looks
suspicious, don't click.
 Scrutinize Attachments: Be extremely wary of unexpected attachments, especially ZIP
files or PDFs. They are a common method for delivering malware. If you weren't
expecting it, contact the sender via a different method (e.g., phone) to verify.
 Poor Grammar and Spelling: While some scams are sophisticated, many still contain
obvious spelling mistakes and awkward phrasing.

Use of Public Wi-Fi and Avoiding Data Leaks

Public Wi-Fi networks (coffee shops, airports, hotels) are inherently **insecure** because
they are often unencrypted, allowing anyone on the same network to potentially see your
internet traffic.
 The Risks of Public Wi-Fi:
o Man-in-the-Middle (MitM) Attacks: A hacker on the same network can
intercept the data traveling between your device and the Wi-Fi router.
o Evil Twin Attacks: A hacker sets up a malicious Wi-Fi hotspot with a
legitimate-sounding name (e.g., "Free Airport Wi-Fi" or "Starbucks Public").
When you connect, all your data passes through their equipment.
 Safe Practices on Public Wi-Fi:
 o Use a Virtual Private Network (VPN): This is the single most effective
protection. A VPN creates an encrypted "tunnel" between your device and a
server run by the VPN company. All your internet traffic travels through this
tunnel, making it unreadable to anyone on the public Wi-Fi network.
o Only Browse HTTPS Websites: Ensure the padlock is present for any site
where you log in or enter information.
o Avoid Sensitive Transactions: Never do online banking, shopping (entering
credit card details), or access sensitive accounts on public Wi-Fi without a
VPN.
o Turn Off Sharing: Disable file and printer sharing in your operating system's
network settings when on a public network.
o Forget the Network: Tell your device to forget the network after you use it so
it doesn't automatically reconnect next time you're in range.

 Avoiding Data Leaks More Broadly:

o Check App Permissions: On your phone, regularly review which apps have
access to your location, contacts, microphone, and camera. Revoke
permissions that aren't necessary.
o Use Privacy-Focused Search Engines/Browsers: Consider alternatives like
DuckDuckGo, which don't track your searches.
o Read Privacy Policies: Understand how a service plans to use your data before
you sign up.