In today’s world, computers and smart devices are at the centre of almost everything. They track our information, record places we go, and store payment data. This means it is more important than ever for each of us to understand privacy threats, cyber security concerns, and defences against potential attackers.

Course Outline

There are 11 lessons in this course:

Lesson 1. The Importance of Cyber Security

• Threats – passive, active
• Common Types of Attacks
• Injection attacks
• Social Engineering attacks
• Malware
• Spoofing
• Man in the Middle Attacks
• Network attacks
• A layered approach to defence
• Physical security
• Software and operating system security
• Network security
  
  

Lesson 2. Vulnerability Assessment

• Introduction
• Assessing vulnerabilities
• Security posture
• Performing a vulnerability assessment
• Identifying assets and classifying them
• Threats and risk assessment
• Baseline reporting
• Penetration testing
• Techniques
• Five step penetration testing
• Penetration testing versus Vulnerability assessment
  
  

Lesson 3. Securing Facilities and Networks

• Securing a data centre
• Securing the network
• Hardware – modem / router level
• Software PC and Device level
  
  

Lesson 4. Securing Your Online Digital Footprint

• Introduction
• What are digital footprints
• Social media
• Web browsing history and online shopping
• Devices used
• Importance of managing a digital footprint
• Protecting the users reputation
• Deciding where and how personal information is shared
• Preserving freedoms
• Preventing financial losses
• How to manage a digital footprint
• Privacy risks of online identities
• Developing better online habits
• Investigating default settings for online tools and services
• Using privacy enhancing tools
  
  

Lesson 5. Internet Security and Digital Certificates

• Introduction
• Digital certificates
• Digital signatures
• DRM (Digital Rights Management) and IRM (Information Rights Management)
• Generating a Digital Certificate
• Exchanging a digital certificate
• Verifying a digital certificate
• Web browsing
• TLS and SSL
• Security issues
• Secure web browsing using https
  
  

Lesson 6.  Wireless Network Vulnerabilities, Attacks and Security

• Introduction
• Types of wireless networks – PAN, LAN, MAN, WAN
• NFC Network Attacks
• Bluetooth attacks
• WLAN Attacks
• Introduction to network blurred edges
• Wireless denial of service attacks
• Rogue access point
• Attacks on home WLANs – war driving and war chalking
• Wireless security vulnerability and solutions
• IEE Wireless security vulnerabilities
  
  

Lesson 7.  Firewalls, IDS and IPS

• Introduction
• Types of firewall protection
  .Packet filtering firewalls 
• Application/proxy firewalls
• Hybrid firewalls
• Firewall limitations
• Formats of firewalls
• Hardware based and software-based firewalls
• UTM appliance
• Intrusion detection systems
• Network intrusion detection system (NIDS)
• Host based intrusion detection system (HIDS)
• Intrusion prevention systems
• Common detection methodologies
• Anomaly based IDPS
• Signature based IDPS
  
  

Lesson 8. Cryptography

• Introduction
• What is cryptography – definition. Terminology, characteristics
• Common cipher attacks
• Ciphertext only attacks
• Known plaintext attacks
• Dictionary attacks
• Brute force attacks
• Power analysis attacks
• Fault analysis attacks
• Cryptographic algorithms
• Symmetric encryption
• Asymmetric encryption
• Discovering keys
• Hash algorithms
  
  

Lesson 9. Access Control and Authorisation

• What is access control
• Definition and terminology
• Access control methods – RBAC, RAC, HBAC
• Implementing access control
• Group policies
• Access Control Lists
• Discretionary Control Lists
• Systems Access Control Lists
• Authentication an Authorisation
• Securing and protecting passwords
• Multifactor authentication
  
  

Lesson 10. Cyber Attack Disaster Recovery Strategies

• Introduction
• Cyber attack recovery planning and preparation
• Back up procedures
• System images – SOE
• Cloud storage / off site data back ups
• Monitoring and logging events
• Containment of attacks
• Assessing damage / loss caused
• Recovery procedures
• System images SOE
• Authorities and tracking down attackers
• Data and security policies
  
  

Lesson 11. Ongoing Security Management

• Managing security events
• Events monitoring
• Centralised versus distributed data collection
• Being organised
• Understanding the workplace
• Security and decision making
• Time management
• Networking
• Attitude
• Procedures
• Products and services
• The law 

Each lesson culminates in an assignment which is submitted to the school, marked by the school's tutors and returned to you with any relevant suggestions, comments, and if necessary, extra reading.

Course Aims

• Define cyber security.
• Explain the goals and importance of cyber security.
• Understand important terminology relating to cyber security and list some attacks and defence mechanisms.
• Explain how to perform a vulnerability assessment.
• Understand the tools and techniques available.
• Compare and contrast vulnerability scanning and penetration testing.
• Explain how to secure physical data storage, data centre security, data warehouse and networks.
• Understand the effects of leaving a wide online digital footprint.
• Understand the options available for users to manage their online digital footprint.
• Understand what a firewall, an Intrusion Detection System (IDS), and an Intrusion Prevention System (IPS) represent in the world of cyber security.
• Explain the importance and functions of firewalls, IDS and IPS systems, and the benefits and protection they offer in protecting computers as well as computer networks.
• Understand the concept of cryptography and the importance of encrypting and decrypting data.
• Explain components of cryptographic protocols and common standards used in encryption and decryption.
• Understand the importance of digital signatures and digital certificates in securing web traffic.
• List the various types of wireless data communications networks and understand types of vulnerabilities and attacks against each of them.
• Explain wireless network security standards available to protect wireless networks.
• Define Access Control and become familiar with its terminology.
• Understand the importance of implementing access control models.
• Define authentication and understand the importance of creating and securing strong passwords and implementing double-factor or multi-factor authentication.
• Explain how to recover from a cyber-attack and best procedures for setting up redundancy and quick recovery methods prior and after attack has occurred and minimizing impacts to systems and networks involved.

Duration:  100 hours of self paced study

WHY STUDY CYBER SECURITY?

Learn to Minimse Risk in Your Own Work Environment

Lay a Foundation to build Your Skills So You Can Help Others

Cyber security is something that needs to be treated as important by both personal users as well as business who collect and store information. Computer security is a lot like house or car security, there is so much that we can do to protect it, but there is always someone who will come up with ways of breaching that security. It is like a game of cat and mouse, whereas ways of securing data are implemented to stop people gaining access to data and systems, there are people who find ways of getting around these protections to gain access.

There are many different types of threats to cyber security and throughout this course you will explore many different measures that can be taken to reduce risks associated with these various problems.

Some types of attack are obvious, and some are unseen until it is too late to do anything about it, some may never be seen. There are basically two ways that attacks can occur, passive and active.

Passive Attacks

In a passive attack, there is usually a program that does the work of scanning systems for vulnerabilities, information and flaws in systems in order to gathering ways in which the system can possible be breached. They will scan for known vulnerabilities in systems that may not have been secured correctly, they may not do anything with this information or they may use it to implement a more specific active attack. Passive attacks to systems are what accounts for most of the attacks that happen.

Active Attacks

In an active attack, there is a more specific target and a more specific goal for the attack, which means these can pose a greater threat to the intended target. These attacks often have the goal of changing the system in some way, gathering specific data, gaining full access to systems or retrieving information on those systems. This can be very dangerous to the intended target because when an unintended third party has this level of control or access to a system they can do many things that can be destructive to the owner of the system.
A brute force attack is a common active attack that will attempt to gain access to a system by cracking the password used to legitimately enter a system. This type of attack can be easy or hard, depending on the strength of the password, the power of the system making the attack and the ability of the attacker, usually this is performed with software, a dictionary attack can also be used which is faster and uses a list of known words to try and guess the password. It can vary on the time it takes them to be cracked depending on a number of factors and complexity of the password used.