📚 Module Overview
Course version: S71 (latest at recording time) – applicable to future versions
(≈95% overlap).
Total modules: 16, each covered in a dedicated video.
Objectives for Module 1:
1. Summarize information security concepts.
2. Compare and contrast security control types.
3. Describe security roles, goals, and responsibilities.
Agenda:
Security Concepts (focus of this guide).
Security Controls (to be covered later in the module).
🔐 Information Security – CIA Triad
Definition: The CIA Triad is the foundational model for information security, consisting
of Confidentiality, Integrity, and Availability.
Element Primary Goal Typical Controls
Confidentiality Ensure data is seen only by Encryption, access
authorized parties. controls, physical security
(e.g., sealed envelopes).
Integrity Guarantee data is Digital signatures,
authentic and unaltered. certificates, checksums,
version control.
Availability Keep data accessible Redundant servers, backup
whenever needed by power, failover networks,
authorized users. regular backups.
🛡️ Confidentiality
Data must be readable only by those with explicit permission.
Real‑world analogies: sealed envelope, private medical records, payroll slips.
Technical methods: encryption (e.g., BitLocker), access‑control lists, role‑based
permissions.
🪪 Integrity
, Data must remain original and tamper‑free.
Example concerns: email spoofing, compromised accounts, intercepted
messages.
Digital signatures and certificates verify authenticity (similar to handwritten
signatures on contracts).
If a document’s signature is missing or altered, integrity is broken.
⏱️ Availability
Authorized users must retrieve information whenever required.
Strategies:
Redundant servers (high‑availability clusters).
Multiple internet connections.
Regular backups of hard drives and databases.
Downtime that prevents access can be disastrous for business operations.
🔄 Overlapping Controls
Some solutions provide multiple CIA benefits simultaneously.
BitLocker encryption (full‑disk encryption) →
Confidentiality: protects data from unauthorized viewing.
Integrity: prevents undetected tampering of the drive’s contents.
🛡️ Cybersecurity Framework – Defense vs. Attack
Principle: Effective security is a continuous battle between defenders (white‑hat) and
attackers (black‑hat).
Defensive focus:
Protect networks, infrastructure, and data.
Act as a white‑hat hacker—anticipate and mitigate threats before
they succeed.
Offensive perspective:
Understand attacker tactics, techniques, and procedures (TTPs).
Use this knowledge to strengthen defenses.
Roles:
White‑hat hacker: Ethical security professional who secures
environments.
Black‑hat hacker: Malicious actor seeking to exploit vulnerabilities.
, Key takeaway: To “catch a criminal,” organizations may need to think like a
criminal—employing ethical hacking to uncover and remediate weaknesses.
⚙️ Security Controls (preview)
The module will later explore types of security controls (e.g., preventive,
detective, corrective).
Understanding how these controls map to the CIA Triad is essential for aligning
🔍
technical measures with security goals. ## Identify
Purpose: Understand potential threats, evaluate risks, and develop security
policies.
Activities:
1. Conduct risk assessments to pinpoint threats and vulnerabilities.
2. Recommend security controls (e.g., firewalls, access policies).
3. Document findings in a security policy for the organization or client.
“Identify … develop security policies, evaluate risks, and recommend controls to mitigate
them.”
Challenges:
Clients may limit your ability to implement changes, leaving you only
with recommendations.
Simple solutions are often overlooked by non‑technical stakeholders.
🛡️ Protect
Scope: Procurement, development, installation, operation, and
decommissioning of hardware and software with security embedded at every
lifecycle stage.
Typical Implementations:
Asset Type Example Typical Environment
Network Physical firewall Medium‑to‑large
(router‑level) enterprises
Course version: S71 (latest at recording time) – applicable to future versions
(≈95% overlap).
Total modules: 16, each covered in a dedicated video.
Objectives for Module 1:
1. Summarize information security concepts.
2. Compare and contrast security control types.
3. Describe security roles, goals, and responsibilities.
Agenda:
Security Concepts (focus of this guide).
Security Controls (to be covered later in the module).
🔐 Information Security – CIA Triad
Definition: The CIA Triad is the foundational model for information security, consisting
of Confidentiality, Integrity, and Availability.
Element Primary Goal Typical Controls
Confidentiality Ensure data is seen only by Encryption, access
authorized parties. controls, physical security
(e.g., sealed envelopes).
Integrity Guarantee data is Digital signatures,
authentic and unaltered. certificates, checksums,
version control.
Availability Keep data accessible Redundant servers, backup
whenever needed by power, failover networks,
authorized users. regular backups.
🛡️ Confidentiality
Data must be readable only by those with explicit permission.
Real‑world analogies: sealed envelope, private medical records, payroll slips.
Technical methods: encryption (e.g., BitLocker), access‑control lists, role‑based
permissions.
🪪 Integrity
, Data must remain original and tamper‑free.
Example concerns: email spoofing, compromised accounts, intercepted
messages.
Digital signatures and certificates verify authenticity (similar to handwritten
signatures on contracts).
If a document’s signature is missing or altered, integrity is broken.
⏱️ Availability
Authorized users must retrieve information whenever required.
Strategies:
Redundant servers (high‑availability clusters).
Multiple internet connections.
Regular backups of hard drives and databases.
Downtime that prevents access can be disastrous for business operations.
🔄 Overlapping Controls
Some solutions provide multiple CIA benefits simultaneously.
BitLocker encryption (full‑disk encryption) →
Confidentiality: protects data from unauthorized viewing.
Integrity: prevents undetected tampering of the drive’s contents.
🛡️ Cybersecurity Framework – Defense vs. Attack
Principle: Effective security is a continuous battle between defenders (white‑hat) and
attackers (black‑hat).
Defensive focus:
Protect networks, infrastructure, and data.
Act as a white‑hat hacker—anticipate and mitigate threats before
they succeed.
Offensive perspective:
Understand attacker tactics, techniques, and procedures (TTPs).
Use this knowledge to strengthen defenses.
Roles:
White‑hat hacker: Ethical security professional who secures
environments.
Black‑hat hacker: Malicious actor seeking to exploit vulnerabilities.
, Key takeaway: To “catch a criminal,” organizations may need to think like a
criminal—employing ethical hacking to uncover and remediate weaknesses.
⚙️ Security Controls (preview)
The module will later explore types of security controls (e.g., preventive,
detective, corrective).
Understanding how these controls map to the CIA Triad is essential for aligning
🔍
technical measures with security goals. ## Identify
Purpose: Understand potential threats, evaluate risks, and develop security
policies.
Activities:
1. Conduct risk assessments to pinpoint threats and vulnerabilities.
2. Recommend security controls (e.g., firewalls, access policies).
3. Document findings in a security policy for the organization or client.
“Identify … develop security policies, evaluate risks, and recommend controls to mitigate
them.”
Challenges:
Clients may limit your ability to implement changes, leaving you only
with recommendations.
Simple solutions are often overlooked by non‑technical stakeholders.
🛡️ Protect
Scope: Procurement, development, installation, operation, and
decommissioning of hardware and software with security embedded at every
lifecycle stage.
Typical Implementations:
Asset Type Example Typical Environment
Network Physical firewall Medium‑to‑large
(router‑level) enterprises
