Introduction to Cybersecurity
~60 minutes of structured interview prep, MCQs, and hands-on simulations aligned to the curriculum learning outcomes.
Learning Outcomes
- Understand the significance of cybersecurity in the digital age
- Identify various types of cyber threats and attack vectors
- Recognize the foundational domains within cybersecurity
Topics Covered
| # | Topic | Time | Type |
|---|---|---|---|
| 1 | Core Concepts (CIA Triad, Definitions) | 10 min | Reading |
| 2 | Interview Questions & Answers | 20 min | Q&A |
| 3 | MCQ Quiz (25 questions) | 15 min | Quiz |
| 4 | Phishing Email Simulation | 5 min | Simulation |
| 5 | CIA Triad Mapper | 4 min | Simulation |
| 6 | Threat Classifier | 3 min | Simulation |
| 7 | Password Strength Analyser | 3 min | Simulation |
Cybersecurity Fundamentals
Essential theory before tackling interview questions.
What is Cybersecurity?
Cybersecurity is the practice of protecting systems, networks, programs, and data from digital attacks, unauthorized access, damage, or destruction. It encompasses technologies, processes, and practices designed to defend against threats targeting information systems.
The CIA Triad — The Foundation
Ensuring data is accessible only to authorized parties. Tools: Encryption, Access Controls, MFA.
Ensuring data is accurate and unaltered. Tools: Hashing, Digital Signatures, Checksums.
Ensuring systems/data are accessible when needed. Tools: Redundancy, DDoS protection, Backups.
Key Terminology
| Term | Definition |
|---|---|
| Threat | Any potential danger that could exploit a vulnerability to harm a system or organization. |
| Vulnerability | A weakness in a system that can be exploited by a threat actor. |
| Risk | The likelihood that a threat will exploit a vulnerability × the impact. Risk = Threat × Vulnerability × Impact. |
| Asset | Anything of value that needs protection (data, hardware, software, reputation). |
| Attack Vector | The path or means by which an attacker gains unauthorized access. |
| Exploit | Code or technique used to take advantage of a vulnerability. |
| Payload | The component of malware that performs the malicious action. |
| Zero-Day | A vulnerability unknown to the vendor with no available patch. |
Common Threat Categories
| Category | Examples | Target |
|---|---|---|
| Malware | Virus, Worm, Trojan, Ransomware, Spyware, Adware, Rootkit | Devices, Data |
| Social Engineering | Phishing, Spear Phishing, Vishing, Smishing, Pretexting, Baiting | Humans |
| Network Attacks | DDoS, Man-in-the-Middle, DNS Spoofing, Packet Sniffing, ARP Poisoning | Network |
| Application Attacks | SQL Injection, XSS, CSRF, Buffer Overflow, Broken Authentication | Web Apps |
| Insider Threats | Malicious employees, Negligent users, Compromised credentials | Organization |
| Physical Attacks | Tailgating, Shoulder surfing, Hardware theft, USB drops | Physical assets |
Threat Actor Types
| Actor | Motivation | Skill Level |
|---|---|---|
| Script Kiddies | Fun, notoriety | Low |
| Hacktivists | Political/social agenda | Medium |
| Cybercriminals | Financial gain | Medium–High |
| Nation-State Actors | Espionage, disruption | Very High (APT) |
| Insider Threats | Revenge, money, negligence | Varies |
| White Hat Hackers | Authorized security testing | High |
Interview Questions & Model Answers
Click any question to reveal the model answer. Difficulty badges: Easy Medium Hard
- We live in a digitally connected world where sensitive data (financial, medical, personal) is stored online.
- Cyberattacks can cause massive financial losses — the average cost of a data breach in 2024 was $4.88 million.
- Critical infrastructure (power grids, hospitals, banking) depends on secure systems.
- Regulatory compliance (GDPR, HIPAA, IT Act) requires organizations to protect data.
- Reputational damage from breaches can be irreversible.
- Confidentiality: Only authorized users can access the data. Enforced via encryption, access controls, MFA. Violated by: data breaches, eavesdropping.
- Integrity: Data is accurate and has not been tampered with. Enforced via hashing (SHA-256), digital signatures, checksums. Violated by: man-in-the-middle attacks, unauthorized modifications.
- Availability: Systems and data are accessible when authorized users need them. Enforced via redundancy, failover, DDoS protection. Violated by: DoS/DDoS attacks, ransomware, hardware failure.
- Threat: Any potential event or action that could cause harm. (e.g., a hacker trying to break into a system, a hurricane, a disgruntled employee).
- Vulnerability: A weakness or gap in protection that a threat can exploit. (e.g., unpatched software, weak passwords, open ports).
- Risk: The probability that a specific threat will exploit a specific vulnerability and the resulting impact.
Risk = Threat × Vulnerability × Impact
- Phishing: Mass email campaign targeting many users.
- Spear Phishing: Targeted phishing directed at a specific person/organization using personal details.
- Whaling: Spear phishing targeting executives (CEO, CFO).
- Vishing (Voice): Phone-based phishing pretending to be IT support or banks.
- Smishing (SMS): Phishing via text messages.
- Clone Phishing: Duplicating a legitimate email, replacing links with malicious ones.
| Type | Needs Host? | Self-Replicates? | Spreads? | User Action? |
|---|---|---|---|---|
| Virus | Yes (file) | Yes | Via infected files | Yes (run infected file) |
| Worm | No | Yes | Over networks autonomously | No |
| Trojan | No | No | Via deception | Yes (install fake software) |
- Volumetric attacks: Flood bandwidth (UDP floods, ICMP floods).
- Protocol attacks: Exploit weaknesses in protocols (SYN flood, Ping of Death).
- Application layer attacks: Target web application resources (HTTP floods).
It is effective because:
- Humans are the weakest link — technical controls can be bypassed if the human is tricked.
- Attackers exploit emotions: fear, urgency, curiosity, greed, authority, trust.
- No software patch can fix human behavior.
- Social context is trusted — impersonating IT, HR, or management is easy to believe.
Response steps (NIST IR framework):
- Isolate: Immediately disconnect affected systems from the network.
- Identify: Determine the ransomware variant using tools like ID Ransomware.
- Notify: Alert management, legal, and law enforcement (FBI, CERT-In).
- Restore: Restore from clean, offline backups.
- Do not pay the ransom — paying funds criminal activity and does not guarantee data recovery.
- Post-incident: Patch the entry point, update policies, conduct training.
- ARP Spoofing: Attacker sends fake ARP messages to link their MAC to a legitimate IP.
- DNS Spoofing: Attacker corrupts DNS cache to redirect users to fake sites.
- SSL Stripping: Downgrading HTTPS to HTTP to intercept traffic.
- Wi-Fi Eavesdropping: Fake hotspots (Evil Twin) capture traffic.
- Authentication (AuthN): Verifying who you are. Proving identity. Methods: passwords, biometrics, tokens, MFA. "Are you who you say you are?"
- Authorization (AuthZ): Determining what you are allowed to do. Permissions and access control. "What are you allowed to do?"
- Nation-state actors and APT groups hoard zero-days for strategic use.
- They are traded on dark web markets for hundreds of thousands of dollars.
- Examples: EternalBlue (used in WannaCry), Log4Shell (Log4j, 2021).
- Something you know: Password, PIN, security question.
- Something you have: OTP token, authenticator app, smart card, hardware key.
- Something you are: Fingerprint, face scan, retina scan (biometrics).
- Somewhere you are: Geographic location / IP-based.
- Limits blast radius if credentials are compromised.
- Reduces insider threat impact.
- Constrains malware propagation.
- Email: Phishing, malicious attachments, embedded links.
- Web: Drive-by downloads, watering hole attacks, malicious ads (malvertising).
- Network: Exploiting open ports, unencrypted traffic, rogue Wi-Fi.
- Removable media: Infected USB drives dropped in car parks (USB baiting).
- Supply chain: Compromising software updates or third-party vendors (SolarWinds, 2020).
- Physical: Tailgating, dumpster diving, shoulder surfing.
- Insider: Malicious or negligent employees with legitimate access.
| Feature | Symmetric | Asymmetric |
|---|---|---|
| Keys | Same key for encrypt/decrypt | Public key + Private key pair |
| Speed | Fast | Slower |
| Key sharing | Key sharing problem | Public key freely shareable |
| Algorithms | AES-256, DES, 3DES | RSA, ECC, Diffie-Hellman |
| Use case | Bulk data encryption | Key exchange, digital signatures |
- Packet Filtering: Inspects packet headers (IP, port, protocol) — fastest but basic.
- Stateful Inspection: Tracks connection states — understands context.
- Application Layer (WAF): Inspects HTTP/HTTPS traffic for web attacks.
- Next-Generation Firewall (NGFW): Deep packet inspection, IDS/IPS, SSL inspection.
- Network Security: Protecting network infrastructure (firewalls, IDS/IPS, VPNs).
- Application Security: Securing software and APIs against vulnerabilities (OWASP).
- Endpoint Security: Protecting devices (AV, EDR, MDM).
- Identity & Access Management (IAM): Managing who can access what.
- Cloud Security: Securing cloud infrastructure (IAM, CSPM, encryption).
- Cryptography: Encryption, hashing, PKI.
- Security Operations (SOC): Monitoring, detection, incident response.
- Governance, Risk & Compliance (GRC): Policies, standards, regulations.
- Physical Security: Access control to facilities.
- Digital Forensics & Incident Response (DFIR): Investigating and recovering from incidents.
Layers (outside → inside):
- Perimeter (firewall, DMZ)
- Network (IDS/IPS, segmentation, VLANs)
- Host (endpoint AV, patching, host firewall)
- Application (input validation, WAF, secure coding)
- Data (encryption, DLP, access controls)
- Human (security awareness training)
- Broken Access Control
- Cryptographic Failures
- Injection (SQL, NoSQL, OS, LDAP)
- Insecure Design
- Security Misconfiguration
- Vulnerable and Outdated Components
- Identification and Authentication Failures
- Software and Data Integrity Failures
- Security Logging and Monitoring Failures
- Server-Side Request Forgery (SSRF)
"Think of our digital systems like a physical office building. Cybersecurity is the combination of locks on the doors, security cameras, ID badge readers, security guards, and safes for valuables. Cyber threats are like criminals trying to break in, tailgate through a door, or steal documents. We invest in cybersecurity the same way we invest in building security — to protect our people, data, and reputation, and to avoid the massive costs of a break-in."
Key points to make:
- Frame it as business risk, not a technical problem.
- Quantify: "A breach costs on average $4.88M and takes 194 days to detect."
- Connect to regulation and legal liability.
- Emphasize that cybersecurity enables the business to operate safely.
Multiple Choice Questions
Select an answer then click Check. Explanations are shown after each submission.
Phishing Email Detector
Examine each email carefully and classify it as Phishing or Legitimate. There are 5 emails.
CIA Triad Scenario Mapper
Drag each scenario chip into the correct CIA Triad category it primarily violates.
🔐 Confidentiality
Unauthorized disclosure of data
✔️ Integrity
Data tampered or corrupted
🟢 Availability
System/data inaccessible
Threat Type Classifier
Classify each scenario into the correct threat category using the dropdown.
Password Strength Analyser
Type a password to see its strength, time-to-crack estimate, and criteria breakdown.
Purple$Rain!Falls7) — long, memorable, mixed-character strings are harder to crack than short complex passwords. Consider a password manager.Cybersecurity Domains
Click any domain card to expand details. Aligned to the Cyberspace Tech Solutions Cybersecurity Curriculum.
Session Complete!
You've completed 1 hour of Introduction to Cybersecurity content.
Review any section using the sidebar. Your MCQ score is in the bottom-left.