AlbertSchool × DMSLOG.AI

Professional Cybersecurity Training

Session 01: Introduction to Cybersecurity - Build a clear, practical foundation in cybersecurity fundamentals. Learn threats, risks, and the essentials of protecting data and projects in real organizational contexts.

Course HUM0242 BAC3 - 1 ECTS Session 01/06
12
Course Sections
3h
Session Duration
25+
Key Topics Covered
10+
Practical Exercises

Course Overview & Planning

Build a clear, practical foundation in cybersecurity—threats, risks, and the essentials of protecting data and projects. Learn the basics you need to reason about security in real organizational contexts.

#cybersecurity fundamentals #threats and risk #NIST RM #digital hygiene #GDPR #OSINT #secure programming #cryptography basics #dependency management

Course Overview

This course introduces students to the crucial challenges of cybersecurity by providing them with an understanding of threats, vulnerabilities, and risks. Participants will learn to assess organizational risks, adopt good digital practices, and understand current data protection legislation. This program aims to develop essential theoretical and practical skills to navigate the cybersecurity landscape.

Why it matters

  • Understand how common cyberattacks and risk drivers affect organizations
  • Apply structured risk thinking with NIST RM to identify objectives and remediation measures
  • Improve everyday security behavior through digital hygiene and basic Internet security mechanisms
  • Recognize data protection obligations and key GDPR concepts
  • Integrate security considerations into software projects (secure coding, crypto basics, dependencies)

Learning Outcomes

  • Understand the cyber threat landscape and types of attacks
  • Explain the basic principles of networks and the Internet
  • Adopt effective digital hygiene practices
  • Apply the NIST RM method for risk analysis
  • Evaluate personal data and their protection under the GDPR
  • Integrate security into software development projects
  • Use OSINT techniques for information gathering
  • Identify remediation measures for security risks

Course Curriculum

Session 01
Introduction to Cybersecurity
2h
  • • Overview of the cyber threat landscape and types of cyberattacks
  • • Key concepts: threat, vulnerability, risk, and security needs
  • • Overview of the European Network and Information Security Agency (ENISA)
Session 02
How the Internet Works
2h
  • • Basics of networks, the Internet, the Web, and the Deep Web
  • • Internet protection mechanisms
  • • Principles of digital hygiene
  • • Introduction to Open Source Intelligence (OSINT) techniques
Session 03
Introduction to NIST Risk Management Framework
2h
  • • Overview of the NIST Risk Management Framework
  • • NIST Risk Management Framework: objectives, scope, and five-step process for risk analysis and management
  • • Roles and responsibilities within a NIST Risk Management Framework workshop and collaborative approach to identifying security risks
  • • Detailed walkthrough of the steps of the NIST Risk Management Framework
Session 04
Practical Application of NIST RM
2h
  • • Remaining NIST RM steps: Threat and Risk Analysis, Identification of Security Objectives, Determination of Remediation Measures
  • • Practical examples of NIST RM applied to real-world scenarios
  • • Discussion on challenges and benefits of implementing NIST RM in various organizational contexts
Session 05
Data Protection
2h
  • • Understanding personal data and its significance
  • • Overview of the General Data Protection Regulation (GDPR)
  • • Main requirement of GDPR and example of technological measure implementation
Session 06
Security Integration in Projects
2h
  • • Fundamentals of secure programming
  • • Introduction to cryptography basics
  • • Managing dependencies in software projects

Evaluation

Continuous assessment
30%

Group capstone project, MCQs, exercises

Written exam
70%

Case study + course questions

At a Glance

Semester
S2
Total Duration
12 hours
Credits
1 ECTS
Prerequisites
  • Understanding of cybersecurity concepts, threats, vulnerabilities, and risks
  • Knowledge of good digital hygiene practices and data protection
Breakdown
Course 8h
Practical Work 4h
Deliverables
  • NIST RM mini risk analysis for a hypothetical organization (context, assets, threats, objectives, remediation)
  • Cyber threat and attack-type mapping for a chosen scenario
  • Digital hygiene checklist tailored to common student/organization workflows
  • Short GDPR compliance notes for a simple data-processing use case
  • Secure project integration notes: dependency and basic crypto considerations

Why cybersecurity matters

Business impact and real-world relevance

Confidentiality Integrity Availability Risk Management Trust
Think like a manager

Your goal is not perfect security. Your goal is acceptable risk: reduce the chances of an incident and limit the damage if one happens.

What attackers usually want

  • Money (ransomware, fraud, extortion)
  • Access (steal accounts to move laterally)
  • Data (customer data, IP, pricing, strategy)
  • Disruption (downtime, sabotage, wiper malware)
  • Influence (information manipulation, deepfakes)

What "damage" looks like

  • Lost revenue from downtime
  • Operational chaos (manual workarounds)
  • Customer churn and reputation loss
  • Regulatory consequences and legal costs
  • Higher insurance premiums and vendor scrutiny
Mini case: ransomware is a business continuity problem

A retailer suffers a ransomware incident. The website is down for 48 hours, customer support is overloaded, and delivery schedules slip. Even if personal data is not leaked, the incident becomes a trust problem: customers wonder if the company is reliable.

Manager takeaway: the most important question is not "Can we stop every attack?" It is:

  • What could realistically happen?
  • How bad would it be for the business?
  • Which controls reduce risk the most for the effort?
Reduce Likelihood
Reduce Impact
Detect Faster
Recover Faster
A simple model for "good security"
Reduce likelihood
patch, MFA, least privilege, secure configuration
Reduce impact
backups, segmentation, incident response plans, crisis comms
Detect faster
logging, monitoring, alerting, incident drills
Recover faster
tested restore, clear ownership, rehearsed playbooks
Common misconceptions (click)
  • "Cybersecurity is an IT topic."
    Reality it is a business risk topic that needs leadership decisions.
  • "We are too small to be a target."
    Reality most attacks are automated and scan everyone.
  • "Buying a tool makes us secure."
    Reality tools help, but processes and people matter.
  • "Compliance means security."
    Reality compliance is a baseline; real security requires continuous work.

Security vs reliability (quick distinction)

Reliability
"Will the system keep working under expected conditions?"

Security
"Will the system keep working under adversarial conditions?"

Who owns cybersecurity?

Everyone owns part of it, but accountability must be clear:

  • Leadership sets risk appetite and priorities.
  • IT/Security builds and runs controls.
  • Business teams own processes (payments, access, vendor onboarding).
Security vs privacy (quick)

Security protects systems and data from unauthorized access and disruption. Privacy is about how personal data is collected, used, and shared. They overlap (good security supports privacy), but they are not the same.

Core vocabulary

Threat, vulnerability, risk

Threat Vulnerability Risk Control CIA Triad

Threat

A potential cause of harm (criminal groups, malware campaigns, insiders, accidents).

Example

"A phishing campaign targeting employee inboxes."

Vulnerability

A weakness in technology, process, or people that could be exploited.

Example

"No MFA on email accounts" or "an unpatched VPN appliance."

Risk

The combination of likelihood and impact if a threat exploits a vulnerability.

Example

"Credential theft could lead to invoice fraud and a €200k loss."

Control

A measure that reduces risk (technology, process, or behavior).

Control types

Prevent (MFA), Detect (monitoring), Respond/Recover (backups, incident plan).

CIA in one sentence

Confidentiality = keep it private. Integrity = keep it correct. Availability = keep it running.

Try it: write a risk statement

Use this template in meetings. It turns "security talk" into a decision:

There is a risk that threat exploits vulnerability, causing impact.

Tip: add a time horizon (next 6 months) and a business metric (downtime hours, € loss, customers affected).

Risk statement builder
There is a risk that a phishing campaign exploits weak authentication (no MFA), causing service downtime and lost revenue.
Show an example "manager-ready" risk statement

There is a risk that a phishing campaign exploits weak authentication (no MFA), causing invoice fraud and financial losses.

Why it works: it names the scenario, the weakness, and the business impact in one sentence.

Also useful
  • Incident: a security event with impact (or high potential impact).
  • Breach: a confirmed compromise of data confidentiality (often personal data).
  • Attack surface: all the places an attacker can try to get in (people, accounts, devices, apps, suppliers).
  • Residual risk: risk that remains after controls are applied.
Inherent risk vs residual risk

Inherent risk is the risk level before controls. Residual risk is what remains after controls. Managers typically decide whether residual risk is acceptable or whether more investment is needed.

Control effectiveness (simple)

  • Coverage: is the control deployed everywhere it should be?
  • Quality: is it configured correctly?
  • Adoption: do people follow the process?
  • Testing: do you verify it works (restore tests, drills)?

Vocabulary you will see in reports

  • MTTD: Mean Time To Detect
  • MTTR: Mean Time To Respond/Recover
  • Attack surface: exposed systems + accounts + suppliers
  • Blast radius: how far damage can spread

Threat landscape

Attack patterns and vectors

Entry Points Attack Outcomes Boring Controls Threat Intelligence MITRE ATT&CK
Good news for managers

"Boring" controls (MFA, patching, backups, least privilege, monitoring) stop a surprisingly large share of incidents.

Common entry points

  • Email (phishing, malicious attachments, fake login pages)
  • Remote access (VPN, RDP, exposed admin panels)
  • Web applications (SQLi, auth bugs, insecure APIs)
  • Cloud misconfiguration (public buckets, overly broad permissions)
  • Suppliers (software supply chain, managed service providers)

Common "attacker outcomes"

  • Account takeover
  • Data theft / extortion
  • Fraud (invoice redirection, payroll diversion)
  • Service disruption (DDoS, ransomware)
  • Espionage / long-term access
How to read headlines
  • Vulnerability = a weakness (e.g., CVE) that may or may not be exploited.
  • Exploit = a technique/code that uses the weakness.
  • Incident = what happened to a real organization.
Threat explorer

Click a threat type to see how it typically works and which controls reduce risk.

Phishing, BEC, and social engineering

Attackers impersonate trusted entities (a manager, supplier, bank, or IT) to steal credentials, redirect payments, or convince someone to bypass process. Increasingly supported by AI (better language, deepfake voice, faster targeting).

Entry: Email links & attachments Impact: Account takeover Defense: MFA
Typical targets
Employees, Finance teams, Executives, Customer support
Common entry points
Email links & attachments, Fake login pages, Voice calls (vishing), Messaging apps
Business impacts
Account takeover, Invoice fraud, Data exposure, Unauthorized access
Defenses that usually help
MFA, Payment verification process, Security awareness, Email filtering, DMARC/SPF/DKIM
Explain it like a manager

Describe the likely outcome in business terms: downtime, fraud, data exposure, or trust damage.

Study prompt

Pick one threat above and answer: (1) What is the likely entry point? (2) Which CIA property is most affected? (3) Which two controls would you prioritize first?

Attack surface checklist (starter)

  • Do we know all internet-facing systems (VPN, portals, admin panels)?
  • Do we know all SaaS apps connected to corporate identity?
  • Do we know which suppliers have remote access?
  • Do we know where sensitive data lives (and who can access it)?

Control mapping idea

For each threat type, identify:

  • One control that reduces likelihood
  • One control that reduces impact
  • One control that improves detection

Attack chain

MITRE ATT&CK framework

Initial Access Privilege Escalation Lateral Movement Defense in Depth Zero Trust
Mental model: attacker workflow

Attackers typically move through a chain: get inexpand accessreach valuable assetssteal, disrupt, or extort.

A simple "attack chain"

1. Recon
learn about the target (people, suppliers, exposed services)
2. Initial access
get a foothold (phishing, stolen creds, vulnerability)
3. Privilege escalation
become more powerful (admin access)
4. Lateral movement
move inside the network or cloud
5. Actions on objectives
steal data, encrypt, disrupt, extort

What defenders do (manager view)

  • Reduce exposure: limit what is reachable from the internet.
  • Make access harder: MFA, least privilege, secure configuration.
  • Detect faster: logs, monitoring, alerting, drills.
  • Contain and recover: segmentation, backups, IR playbooks.
Example: "phishing → ransomware" in plain English
  1. A user clicks a link and enters credentials on a fake login page.
  2. Attacker logs in (because there is no MFA) and steals more sessions/tokens.
  3. Attacker finds an admin account or a vulnerable server, then escalates privileges.
  4. They disable defenses and deploy ransomware across many systems.
  5. Operations stop; attackers demand payment and threaten data leaks.
Where to break the chain (high ROI)
  • MFA + good identity hygiene breaks many credential-based attacks early.
  • Patching internet-facing systems reduces "easy entry."
  • Segmentation limits lateral movement and blast radius.
  • Backups + restore tests reduce impact and recovery time.
  • Logging + alerting turns "unknown compromise" into "known incident."
Optional: connect this to MITRE ATT&CK

Professionals often map real attacker behavior using the MITRE ATT&CK framework (a knowledge base of tactics and techniques). You do not need to memorize it now, but you should understand the idea: attackers reuse techniques, and defenders can measure coverage.

If you want to explore later: search for “MITRE ATT&CK tactics” and compare them with the chain above.

Defense in depth

Because no single control is perfect, organizations layer controls. If one layer fails (a user clicks a link), another layer should still stop or limit damage (MFA, segmentation, backups).

Where controls fit in the chain

Open each step to see typical controls and manager questions.

Initial access

How attackers get a first foothold.

  • Controls: MFA, secure remote access, patching, email protections.
  • Manager question: Which systems are internet-facing and how fast do we patch them?
Privilege escalation and persistence

Attackers try to become admins and remain hidden.

  • Controls: least privilege, separate admin accounts, endpoint protection, monitoring.
  • Manager question: Who has admin rights and how is privileged access audited?
Lateral movement

Attackers move from the first system to others.

  • Controls: segmentation, strong identity boundaries, network monitoring.
  • Manager question: If one laptop is compromised, how far can an attacker spread?
Data access and exfiltration

Attackers locate and steal valuable data.

  • Controls: access controls, data classification, DLP, encryption, logging.
  • Manager question: Where is sensitive data stored and who can access it?
Disruption and extortion

Attackers disrupt operations to force payment or cause damage.

  • Controls: offline backups, restore tests, incident response plans, crisis comms.
  • Manager question: What is our realistic recovery time for critical operations?
Zero Trust (one paragraph)

Zero Trust is a design approach that assumes no network location is automatically trusted. Access is granted based on identity, device, and context, and is continuously verified. In practice, it pushes organizations toward strong identity controls (MFA), least privilege, and better monitoring.

Threat actors

Motives and attribution

Cybercrime State-Sponsored Hacktivists Insiders Attribution

Cybercrime groups

  • Motivation: money (ransom, fraud, stolen data)
  • Behavior: fast, scalable, opportunistic
  • Often use "as-a-Service" models (ransomware-as-a-service, phishing kits)

State-sponsored / APT

  • Motivation: espionage, influence, sabotage
  • Behavior: patient, stealthy, targeted
  • May exploit supply chains and zero-days

Hacktivists and influence ops

  • Motivation: ideology, publicity, disruption
  • Behavior: defacements, DDoS, data leaks, disinformation
  • Impact: reputational damage can be larger than technical damage

Insiders and accidents

  • Motivation: mistakes, negligence, or malice
  • Behavior: mis-sent emails, misconfigured cloud, misuse of access
  • Controls: least privilege, approvals, logging, training
Attribution: be careful

Attribution (who did it) is often uncertain. Public claims can be wrong or political. In business decisions, focus on the scenario and the control improvements you can make.

Manager questions to ask
  • What is the most likely attacker goal for our sector?
  • Which assets are "crown jewels" (systems that must not fail)?
  • Which entry points are exposed to the internet?
  • What would be the biggest operational impact of downtime?
Cybercrime is an industry

Modern cybercrime is organized. Access brokers sell stolen credentials, phishing kits are rented, and ransomware operators run "affiliate" programs. This matters because it increases scale and speed: many attacks are not tailored, they are repeatable.

Attribution vs action

Even if you never learn "who did it," you can still improve security. Most controls are actor-agnostic: MFA, patching, backups, segmentation, and monitoring help against many attacker types.

Thinking in risk

Likelihood, impact, decisions

Risk Likelihood Impact Risk Appetite Risk Register
Risk in one line

Risk is the likelihood of a bad event, multiplied by how much it hurts the business. Different organizations have different risk appetite (what they are willing to accept).

Four risk responses

  • Mitigate: add controls (MFA, backups, monitoring).
  • Avoid: stop the risky activity (rare, but possible).
  • Transfer: insurance or contract clauses (does not remove operational pain).
  • Accept: consciously accept and monitor (document why).

What a manager needs

  • A short list of top risks (risk register)
  • Owners (who is accountable)
  • Controls and action plan
  • Metrics that show improvement (time to patch, MFA coverage, restore test success)
Risk mini simulator

Move the sliders to see how criticality, likelihood, and impact change prioritization.

How to use this

Use it as a conversation starter: “If this happened, would the business accept it?” If not, you need controls to reduce likelihood and/or impact.

Priority score: 18
Exposure (asset × impact) + Threat pressure (likelihood × impact)
Exposure: 9 · Threat pressure: 9
Medium priority
Important note

This is a toy model. Real risk analysis also considers detection time, existing controls, and your risk appetite. Critical assets often get “at least Medium” priority even when unlikely.

A practical habit: turn risk into actions

After you write a risk statement, immediately ask:

  • What control reduces likelihood the most?
  • What control reduces impact the most?
  • Who owns the action and when will it be done?

Example: a risk register entry

Risk: credential theft could lead to unauthorized payments and financial loss.

  • Owner: Finance + IT/Security
  • Controls: MFA, payment verification, monitoring
  • Metric: % accounts with MFA; # payments over threshold with 2-person approval
  • Next action: enforce MFA for executives and finance this month

Metrics that managers understand

  • MFA coverage for critical accounts
  • Patch time for critical vulnerabilities (SLA)
  • Restore test success rate (not just "we have backups")
  • MTTD / MTTR (detect and recover faster)
  • # high-risk suppliers without security requirements
Decision rule (simple)

If a risk is high priority and controls exist that reduce it at reasonable cost, do it. If the risk remains high even after controls, leadership must explicitly decide whether to accept or change strategy.

Business continuity vs disaster recovery vs incident response
  • Incident response: actions during and after a security incident (contain, eradicate, recover, learn).
  • Disaster recovery: restoring IT services after major disruption (often focused on systems).
  • Business continuity: keeping critical business functions running (often includes people and process workarounds).
Practical exercise

Pick one critical process (payments, order fulfillment, patient intake). What is the maximum acceptable downtime? What systems and people does it depend on? That answer sets your recovery priorities.

Geopolitics & tech

Current landscape

Cloud Adoption Remote Work AI Tools Geopolitics Basics First

Technology shifts that change risk

  • Cloud adoption: identity becomes the new perimeter.
  • Remote work: more endpoints, weaker networks, more phishing.
  • APIs everywhere: faster integration, bigger attack surface.
  • Open source & dependencies: supply chain risk becomes normal.
  • AI tools: boosts productivity, but also enables deepfakes and faster phishing.

Geopolitics and conflict

  • More espionage and "pre-positioning" in critical sectors.
  • More wiper malware and disruptive attacks (not just extortion).
  • More information manipulation targeting public trust.
  • Sanctions and global tension can increase supply chain uncertainty.
So what should a manager do?

Track trends, but prioritize basics: patching, MFA, backups, segmentation, and clear processes for payments and access. "Boring" controls stop a surprising amount of real incidents.

Discussion prompt

Pick one change (remote work, AI tools, cloud migration, international conflict). What new risk does it create for a company like a bank, a retailer, or a logistics firm? Who should own that risk?

ENISA reference

EU cybersecurity agency

ENISA Threat Landscape NIS2 Directive EU-Wide View Best Practices
Why ENISA matters for you
  • It provides an EU-wide view (useful for multinational organizations).
  • It publishes the annual ENISA Threat Landscape (ETL), summarizing major threats and trends.
  • It supports EU cybersecurity policy (for example, around the NIS2 Directive).

What ENISA publishes (examples)

  • Threat Landscape reports (annual, plus topical deep dives)
  • Guidelines and good practices (cloud, supply chain, incident response)
  • Skills & roles frameworks (useful for hiring and training)
  • Material supporting EU cybersecurity certification schemes

How to use ENISA in a meeting

Name a business concern (downtime, fraud, data leakage).
Connect it to a threat trend (from ENISA).
Propose 1–2 controls and a measurable outcome.
Define owner and timeline.
ENISA reading template

When you read an ENISA report, extract:

  • Top threats and how they are evolving (what is new vs stable).
  • Typical attack techniques (how attackers get in and what they do).
  • Mitigations (controls that reduce likelihood and impact).
  • Who is targeted (sectors, org sizes, critical infrastructure).
ENISA scavenger hunt

Open the latest ENISA Threat Landscape and find:

  • Which threat category is ranked highest.
  • Two examples of "threats against availability."
  • One trend related to supply chain or open source risk.
Show why this exercise matters

In real organizations, security teams often need to convince non-technical leaders. Using reputable sources makes your argument stronger and helps prioritize based on evidence rather than fear.

Links (for your notes)
Prime threats (ENISA ETL)

ENISA groups the landscape into "prime threats". The wording may evolve, but the categories are stable:

  • Threats against availability (including DDoS and disruptions)
  • Ransomware
  • Data-related threats (data breaches, leaks, exfiltration)
  • Supply chain threats
  • Malware
  • Social engineering
  • Information manipulation

Source: ENISA Cyber Threats

How to cite sources correctly

  • Include title, year, and publisher (e.g., ENISA).
  • Prefer primary sources (agency reports, major vendor reports) over random blogs.
  • When quoting numbers, specify scope (region, time period, definition).

A manager-friendly use case

"Because ransomware and availability attacks are top trends (ENISA), we will invest in backups + MFA + segmentation to reduce downtime risk for critical operations."

Regulation link: NIS2 (high level)

NIS2 expands the scope of cybersecurity obligations across many sectors in the EU. Even if you do not study law in this course, you should understand the direction: leadership accountability, risk management measures, and structured incident reporting.

Start here: ENISA overview of NIS2

By the numbers

Statistics and metrics

Statistics Ransomware Human Element Cost of Breach Industry Reports
Password attacks observed
~7,000 / second
Source: Microsoft Security Blog (passkeys)
Cyberattacks faced by customers
~600M / day
Source: Microsoft Digital Defense Report (news)
Reported cybercrime losses
>$16B (2024)
Source: FBI IC3 Internet Crime Report 2024
Average cost of a data breach
$4.88M
Source: IBM Cost of a Data Breach Report 2024
Breaches with a “human element”
68%
Source: Verizon DBIR 2024 Executive Summary
Ransomware + extortion in breaches
32%
Source: Verizon DBIR 2024 Executive Summary
Ransomware: top threat across industries
92% of industries
Source: Verizon DBIR 2024 Executive Summary
Prime EU threats (ENISA ETL)
Availability + ransomware
Source: ENISA Cyber Threats
How to interpret these numbers
  • Many attacks are automated and hit everyone, every day (not just "big targets").
  • Most incidents are caused by a small set of repeatable weaknesses (credentials, patching, configuration).
  • Reporting is incomplete: published numbers are usually conservative.
  • Even "simple" attacks can succeed fast: in phishing exercises, the median time to fall for phishing is under a minute.
Anecdote: NotPetya shows how geopolitics can become business disruption

In 2017, the NotPetya malware (disguised as ransomware) spread far beyond its initial target and caused massive operational disruption globally. Maersk publicly estimated losses between $250M and $300M, and multiple analyses estimate total global damages around $10B.

Manager takeaway: global interdependence means "regional cyber conflict" can create collateral damage for ordinary companies.

Quick reflection

If your company could not use email and ERP for 48 hours, what would be the business impact? Who decides the acceptable downtime and the recovery budget?

Summary

Key takeaways

Risk Management Vocabulary Controls ENISA Metrics
Summary: what you should remember
  • Cybersecurity is risk management for business continuity and trust.
  • Use a shared vocabulary: threat, vulnerability, risk, control.
  • Most incidents reuse the same entry points: credentials, phishing, patching, configuration.
  • Use reputable sources (especially ENISA) to justify priorities and budgets.

Three sentences you should be able to say

"Our top risks are these scenarios, and here is why they matter to the business."
"We reduce risk by improving controls that cut likelihood and impact (MFA, patching, backups, monitoring)."
"We track progress with metrics (MFA coverage, patch time, restore test success, detection time)."

Preparation for next unit

Next you will learn how the internet works (networks, the web, protection mechanisms) and why "digital hygiene" is the cheapest security investment.

Self check

Knowledge validation

Quiz Knowledge Check Assessment Practice
Before you take the quiz
  • Explain the difference between threat, vulnerability, and risk in your own words.
  • Give one example of a control that reduces likelihood and one that reduces impact.
  • In one sentence: why does ENISA matter?
1. Which statement best describes cybersecurity in a company?
A purely technical IT topic about antivirus tools.
A risk management discipline that protects operations and trust.
A one-time compliance project completed after an audit.
Only relevant for large enterprises and governments.
2. What is the difference between a threat and a vulnerability?
A threat is a weakness; a vulnerability is an attacker.
A threat is a potential cause of harm; a vulnerability is a weakness that can be exploited.
They are the same word in cybersecurity.
A vulnerability always means an incident already happened.
3. Which control primarily reduces likelihood (not impact)?
Multi-Factor Authentication (MFA) on email and VPN.
A tested offline backup strategy.
A crisis communications plan.
Post-incident lessons learned meetings.
4. Which example is a good “risk statement”?
We should buy a SIEM because hackers are everywhere.
There is a risk that phishing exploits weak authentication, causing invoice fraud and financial losses.
Our firewall is old and needs replacement.
Cybersecurity is important for GDPR.
5. ENISA is useful in this course mainly because it…
Sells cybersecurity tools to European companies.
Provides an EU-wide view of threats and publishes the Threat Landscape report.
Runs the internet infrastructure in Europe.
Investigates every breach in the EU.
6. A DDoS attack mainly threatens which part of the CIA triad?
Confidentiality
Integrity
Availability
None of the above
7. Why are supply chain attacks challenging?
Because they only happen to governments.
Because one compromise can impact many downstream organizations.
Because MFA cannot help at all.
Because they are always impossible to detect.
8. Which is the best manager response to a scary cyber headline?
Panic and demand “perfect security.”
Ask: What is the scenario? What assets? What likelihood and impact? Which controls help most?
Ignore it because the company is not a target.
Buy the most expensive tool immediately.
9. Which statement about “human element” is most accurate?
Humans are the only cause of breaches.
Humans are irrelevant; only software bugs matter.
Many breaches involve human behavior, so training plus good processes and MFA are important.
Human element means employees are to blame.
10. A company with critical systems should prioritize backups because backups mainly…
Prevent all attacks from happening.
Reduce impact by enabling recovery after disruption (like ransomware).
Replace the need for patching.
Are only required for compliance paperwork.
Exam-style practice (short answers)
  1. Write a risk statement for a logistics company that relies on a single cloud provider.
  2. You are a manager. You have budget for only two controls this quarter. Which do you choose and why?
  3. Pick a recent cyber headline and explain: threat, vulnerability, impact, and likely controls.

Glossary

Flashcards and definitions

Glossary Flashcards Study Aid Key Terms
Threat
A potential cause of harm
Anything that could cause damage, such as a criminal group, malware campaign, insider, or accidental error.
Vulnerability
A weakness
A weakness in technology, process, or people that could be exploited (e.g., unpatched system, weak access controls).
Asset
Something you value
Anything the business depends on: data, systems, money flows, reputation, people, and critical processes.
Attack surface
All the ways in
All the points where an attacker can try to enter or extract data: devices, accounts, APIs, cloud services, and people.
Risk
Likelihood and impact
The chance of a harmful event and how much it would hurt the business if it happens.
Control
A protection measure
A measure that reduces risk (technology, process, or behavior). Examples: MFA, backups, training, monitoring.
Incident
A security event with impact
A security event that affects operations, data, or trust (or has high potential to).
Breach
Data confidentiality is compromised
A confirmed compromise of data confidentiality (often personal data).
Confidentiality
Keep it private
Only authorized people/systems can access the information.
Integrity
Keep it correct
Information stays accurate and cannot be altered without authorization.
Availability
Keep it running
Systems and data are accessible when needed; downtime is minimized.
MFA
Multi-Factor Authentication
Login requires two or more factors (something you know, have, or are). Strong defense against credential theft.
Patch management
Fix known weaknesses
A process to update software to remove vulnerabilities, prioritized by exposure and criticality.
Backup
Recovery capability
A copy of data/systems used to restore after incidents. Must be tested; offline backups help against ransomware.
Ransomware
Encrypt and extort
Malware that disrupts operations by encrypting systems, often combined with data theft and extortion.
Phishing / BEC
Impersonate to steal
Social engineering to steal credentials or redirect payments (Business Email Compromise).
Supply chain attack
One supplier, many victims
Compromise of a vendor or software update path to reach multiple organizations.
DDoS
Overwhelm a service
Distributed Denial of Service: traffic floods to disrupt availability.
SIEM
Centralize security logs
Security Information and Event Management: collects and correlates logs to detect suspicious activity and support investigations.
ENISA
EU cybersecurity agency
The European Union Agency for Cybersecurity; publishes threat landscapes, guidance, and supports EU cybersecurity policy.

Instructors & Support Team

Meet the course instructors and support team