Cybersecurity For Beginners

CYBER
SECURITY
Micro Lessons
The good news?

You don’t need to be a tech expert to stay safe online.
This guide will teach you the basics and simple steps you can take. .to
protect yourself and your organization.
The Cyber Security Micro Lesson Asır Digital
Cyber Security Hygiene

For
Non-Technical Employees
Preface
Welcome to Cyber Security Basics: A Beginner's Guide
Cyber-attacks are more common than you might think. For instance:
• Clicking on a suspicious link can expose your passwords.

• Using a weak password might allow hackers to steal your bank details.
• Opening a fake email could infect your computer with malware.
• Whether at home, school, or work, understanding and applying basic
cybersecurity practices can safeguard you and your organization from significant harm.
How is This Book Structured?
This guide is designed to make cybersecurity concepts approachable and actionable:
• Comprehensive Coverage: Key topics such as network security, data security,

ransomware, phishing, incident response, and Identity and Access Management (IAM)
are explained clearly.
• Real-World Examples: Practical scenarios are included to help beginners connect
theoretical knowledge with everyday situations.
• Best Practices and Prevention Strategies: Each chapter includes actionable
steps you can apply immediately to enhance your security.
• Clear Organization: With structured headings, subheadings, and a Q&A section
at the end of each chapter, this book is easy to navigate and reinforces your learning.
• Beginner-Friendly Language: Complex technical terms are simplified and broken
down into easy-to-understand explanations, ensuring accessibility for all readers.
Whether you’re looking to protect your personal data or develop a foundational

understanding of cybersecurity, this book will equip you with the tools and knowledge to
stay secure in a digital world.
Contents
Introduction ...................................................................................................................... 8
1. Introduction to Cybersecurity Hygiene ......................................................................... 8
1.1. Why is Cybersecurity Hygiene Important? ............................................................ 8
1.2. Best Practices for Cybersecurity Hygiene ............................................................. 8
1.2.1. Q and A ........................................................................................................... 9
1.3. Benefits of Cybersecurity Hygiene ...................................................................... 10
1.3.1 Q and A .......................................................................................................... 11
2. The Real-World Examples of Common Cyber Threats .............................................. 12
2.1. Phone Spear Phishing Attack .............................................................................. 12
2.1.2. How Twitter Survived Its Biggest Hack .......................................................... 12
2.1.3. Q and A ......................................................................................................... 13
2.2. Ransomware ....................................................................................................... 14
2.2.1. Key Characteristics ....................................................................................... 14
2.2.2. Types of Ransomwares ................................................................................. 14
2.2.3. Prevention and Mitigation .............................................................................. 15
2.2.4. Q and A ......................................................................................................... 16
2.3. The Colonial Pipeline ransomware attack in 2021 ............................................... 18
2.3.1. How Did the Attack Happen? ........................................................................ 18
2.3.2. Key Lessons Learned .................................................................................... 18
2.3.3. Prevention Strategies .................................................................................... 18
2.3.4. Q and A ......................................................................................................... 19
2.4. Mirai Botnet, Denial-of-Service (DoS) Attacks in 2016 ........................................ 20
2.4.1. What is DDoS Attack? ................................................................................... 20
2.4.2. Types of DDoS Attacks ................................................................................. 20
2.4.3. Mirai Botnet Attack Timeline .......................................................................... 21
2.4.4. The Mirai Botnet Attack Had Significant Consequences ............................... 21
2.4.5. The Maria Botnet Attack and Lessons Learned............................................. 21
2.4.6. Q and A ......................................................................................................... 22
2.5. The WannaCry Ransomware Malware Attack in 2017 ........................................ 22
2.5.1. Lessons Learned from The WannaCry Ransomware Malware Attack .......... 23
2.6. Social Engineering .............................................................................................. 23

2.6.1. Notable Attacks at Social Engineering .......................................................... 23
2.6.2. Recent Developments................................................................................... 23
2.7. Q and A ............................................................................................................... 24
3. Application Security for Beginners ............................................................................. 25
3.1. What is Application Security? .............................................................................. 25
3.2. Why is Application Security Important? ............................................................... 25
3.3. Key Components of Application Security............................................................. 25
3.3.1. Security by Design ........................................................................................ 25
3.3.2. Secure Code Testing ..................................................................................... 26
3.3.3. WAFs and API Security Gateways ................................................................ 26
3.3.4. Security Training and Awareness .................................................................. 26
3.3.5. A Software Bill of Materials (SBOM) .............................................................. 26
3.4. Q and A ............................................................................................................... 27
4. Network Security........................................................................................................ 28
4.1. What is Network Security? .................................................................................. 28
4.2. Why is Network Security Important?.................................................................... 28
4.3. Key Components of Network Security ................................................................. 28
4.4. Real-World Examples of Network Attack ............................................................. 29
4.4.1. Firewalls in Action ......................................................................................... 29
4.4.2. VPN for Remote Work ................................................................................... 29
4.4.3. Stopping Intrusions ........................................................................................ 29
4.4.4. Conclusion..................................................................................................... 30
4.4.5. Best Practices for Network Security .............................................................. 30
4.5. Q and A ............................................................................................................... 31
5. Identity and Access Management (IAM) ................................................................... 32
5.1. Key Components of IAM...................................................................................... 32
5.1.1. Authentication................................................................................................ 32
5.1.2. Multi-Factor Authentication (MFA) at Banks: ................................................. 32
5.1.3. Authorization ................................................................................................. 32
5.1.4. Role-Based Access Control (RBAC) in Corporate Environments .................. 32
5.1.5. Access management/Single Sign-On (SSO) ................................................. 33
5.1.6. Privileged Access Management (PAM) ......................................................... 33
5.1.7. Summary of IAM ............................................................................................ 33

5.2. Q and A ............................................................................................................... 34
6. Data Security ............................................................................................................. 35
6.1. Key Points of Data Security: ................................................................................ 35
6.2. What are GDPR, HIPAA, and PCI-DSS? ........................................................... 36
6.2.1. GDPR (General Data Protection Regulation) ................................................ 36
6.2.2. HIPAA (Health Insurance Portability and Accountability Act) ........................ 36
6.2.3. PCI-DSS (Payment Card Industry Data Security Standard) .......................... 36
6.3. Recent Examples ................................................................................................ 36
6.4. Q and A ............................................................................................................... 37
7. Incident Response and Forensics Meaning ............................................................... 40
7.1. Incident Response (IR) ........................................................................................ 40
7.2. Digital Forensics .................................................................................................. 40
7.3. Digital Forensics and Incident Response (DFIR) ................................................. 40
7.4. Q and A ............................................................................................................... 41
8. Penetration Testing and Ethical Hacking ................................................................... 42
8.1. Penetration Testing ............................................................................................. 42
8.2. Ethical Hacking .................................................................................................... 42
8.3. How Do Penetration Testing and Ethical Hacking Differ?.................................... 42
8.4. Q and A ............................................................................................................... 43
9. Data Backup .............................................................................................................. 45
9.1. Types of Data Backup ......................................................................................... 45
9.2. Best Practices for Data Backup ........................................................................... 45
9.3. Q and A ............................................................................................................... 46
10. Signs That a Webpage Might Be Dangerous ........................................................... 47
10.1. Suspicious URL or Domain Names: .................................................................. 47
10.2. No HTTPS Encryption ....................................................................................... 47
10.3. Too-Good-To-Be-True Content (Instinctive Unease) ......................................... 47
10.4. Browser Security Warnings ............................................................................... 47
10.5. Pop-Ups and Ads Overload ............................................................................... 47
10.6. Requests for Personal or Financial Information ................................................. 48
10.7. Poor Website Design and Content .................................................................... 48
10.8. Automatic Downloads ........................................................................................ 48
10.9. No Contact Information...................................................................................... 48

10.10. Unusual Behavior ............................................................................................ 48
10.11. Q and A ........................................................................................................... 49
11. Social Network Security ........................................................................................... 52
11.1. Why is Social Network Security Important? ....................................................... 52
11.2. Common Security Threats on Social Networks ................................................. 52
11.3. Best Practices for Social Network Security ........................................................ 53
11.4. Q and A ............................................................................................................. 54
12. Antivirus Protection .................................................................................................. 55
12.1. Key Functions: ................................................................................................... 55
12.2. Additional Features:........................................................................................... 55
12.3. Q and A ............................................................................................................. 56
13. Disaster Recovery ................................................................................................... 58
13.1. The primary goals of Disaster Recovery............................................................ 58
13.2. Key elements of a Disaster Recovery Plan ....................................................... 58
13.2.1. Recovery Point Objective (RPO) ................................................................. 58
13.2.2. Recovery Time Objective (RTO) ................................................................. 58
13.2.4. Backup and Restore Processes .................................................................. 59
13.2.5. Redundant Infrastructure ............................................................................. 59
13.2.6. Disaster Recovery Team ............................................................................. 59
13.2.7. Testing and Validation ................................................................................. 59
13.3. Q&A ................................................................................................................... 60
14. Mobile Device Security ............................................................................................ 63
14.1. Practical Suggestions to Improve Mobile Security ............................................. 63
14.2. Q and A ............................................................................................................. 64
15. Securing E-mail Communication.............................................................................. 66
15.1. Suspicious behavior in emails ........................................................................... 67
15.1.1. Unusual Sender Information ........................................................................ 67
15.1.2. Urgent or Threatening Language ................................................................ 67
15.1.3. Suspicious Attachments or Links ................................................................. 68
15.1.4. Poor Grammar, Spelling, or Formatting ....................................................... 68
15.1.5. Requests for Personal Information .............................................................. 69
15.1.6. Unfamiliar or Fake Attachments .................................................................. 69
15.1.7. Spoofed Branding or Visuals ....................................................................... 69

15.1.8. Unsolicited Offers or Rewards ..................................................................... 69
15.1.9. Inconsistencies ............................................................................................ 70
15.1.10. Embedded Pixel Tracking.......................................................................... 70
15.2. Q and A ............................................................................................................. 71
16. Recognizing Phishing Campaigns ........................................................................... 74
16.1. How to Recognize and Avoid Phishing Emails .................................................. 74
16.2. Always Review the Sender of an Email ............................................................. 74
16.3. Reporting Phishing Attempts ............................................................................. 75
16.3.1. For Windows Users (Outlook) ..................................................................... 75
16.3.2. For Macintosh Users (Outlook) .................................................................... 75
16.4. Best Practices for Suspicious (Phishing) Email ................................................. 75
ADDITIONS ................................................................................................................... 80
1. The top 10 most misspelled words in the English language, according to the Oxford
Dictionary ................................................................................................................... 80
2. Received Phishing Emails ...................................................................................... 82
References .................................................................................................................... 86
All company examples are for educational purposes only.

Chapter Overview
Introduction
1. Introduction to Cybersecurity Hygiene
Cybersecurity hygiene refers to the practices and habits that individuals and organizations
can adopt to support the health and security of their digital systems and information. It
involves a set of continuous, repeatable practices that help protect sensitive data and
assets from unauthorized individuals and malicious actors.
1.1. Why is Cybersecurity Hygiene Important?
Poor cybersecurity hygiene can pose serious risks to organizations, including data
breaches, financial losses, and reputational damage.
Cybersecurity hygiene helps protect against various threats, including ransomware,

malware, and phishing attacks.
It enables organizations to meet regulatory requirements and avoid potential fines and
penalties associated with non-compliance.
1.2. Best Practices for Cybersecurity Hygiene

• Regularly back up mission-critical data: Ensure that all important data is backed
up regularly to prevent losses in case of a security breach.
• Apply new patches and updates: Keep software and systems up to date with
the latest security patches and updates.
• Use strong passwords: Use strong, unique passwords for all accounts, and
require password changes on a regular basis.
• Encrypt data: Encrypt sensitive data both in transit and at rest to protect it from
unauthorized access.
• Secure routers and firewalls: Ensure that routers and firewalls are properly
configured to prevent unauthorized access.
• Monitor for vulnerabilities: Regularly scan for vulnerabilities and address them
promptly to prevent exploitation.
• Implement access controls: Implement access controls, such as multi-factor

authentication, to prevent unauthorized access.
• Provide cybersecurity training: Provide regular cybersecurity training to

employees to educate them on best practices and phishing attacks.
1.2.1. Q and A
1. Why is it important to regularly back up mission-critical data?
A. To save storage space.
B. To prevent data loss during a security breach.
C. To share data more easily.

D. To reduce software costs.
2. What is the purpose of applying new patches and updates to software and
systems?
A. To add new features.
B. To enhance the user interface.
C. To fix security vulnerabilities.
D. To improve system performance.
3. Which of the following is a key feature of a strong password?
A. It's easy to remember, like "12345."
B. It's short and includes only letters.

C. It's unique and includes a mix of letters, numbers, and special characters.
D. It’s the same across all accounts for convenience.
4. What is encryption, and why is it used in cybersecurity?
A. Encrypting data makes it invisible to everyone.
B. Encryption converts data into a code to protect it from unauthorized access.
C. Encryption speeds up internet connectivity.
D. Encryption is a method to store passwords securely.

5. What is one way to prevent unauthorized access to systems and accounts?
A. Sharing passwords with team members
B. Using multi-factor authentication and access controls.
C. Turning off firewalls to speed up connections.
D. Disabling automatic updates.
1.B, 2.C, 3.C, 4.B, 5.B

1.3. Benefits of Cybersecurity Hygiene

Maintaining good cybersecurity hygiene practices is essential for organizations to protect
their networks, systems, and data from cyber threats. The benefits of cybersecurity
hygiene include:
• Improved security posture: Cybersecurity hygiene practices help organizations

keep a strong security posture, making it more difficult for attackers to breach their
defenses.
• Reduced risk of data breaches: Regularly updating software, patching

vulnerabilities, and implementing strong access controls can significantly reduce the risk
of successful cyber-attacks.
• Compliance with regulations: Many regulations, such as GDPR, HIPAA, and

PCI-DSS, require organizations to keep certain cybersecurity standards. Cybersecurity
hygiene practices can help ensure compliance with these regulations.
(GDPR (General Data Protection Regulation) is an EU data privacy law

designed to protect individuals' personal data and privacy. It applies to organizations
handling data of EU citizens, regardless of location.)
(HIPAA stands for the Health Insurance Portability and Accountability Act. It is
a U.S. federal law enacted in 1996 to protect the privacy and security of individuals'
health information.)
(PCI-DSS stands for the Payment Card Industry Data Security Standard. It is
a global security standard designed to protect cardholder data and ensure the
secure handling of credit and debit card transactions. It was established by
the Payment Card Industry Security Standards Council (PCI SSC), which includes
major card brands like Visa, MasterCard, American Express, Discover, and JCB.)
• Cost savings: Cybersecurity hygiene can help organizations save costs

associated with responding to and recovering from security breaches.
1.3.1 Q and A
1. What does "improved security posture" mean in the context of cybersecurity
hygiene?
A. Enhanced physical safety of employees.
B. Better protection against various cyber threats
C. Increased speed of internet connections
D. Improved website performance

2. How does cybersecurity hygiene help reduce the risk of data breaches?
A. By making systems inaccessible to users.
B. Through regular backups, encryption, and access controls
C. By disabling antivirus programs.
D. Through regular updates to social media policies
3. Why is compliance with regulations a benefit of cybersecurity hygiene?
A. It improves customer satisfaction.
B. It helps organizations meet legal requirements and avoid fines.

C. It enhances the design of software.
D. It simplifies employee training.
4. How does practicing good cybersecurity hygiene lead to cost savings?
A. By reducing the need for technical support staff.
B. By reducing the need for new hardware.
C. By lowering expenses related to responding to and recovering from security

breaches.
D. By avoiding the need for software licenses.
5. Which of the following is a direct benefit of cybersecurity hygiene?

A. Faster internet speeds
B. Reduced vulnerability to cyberattacks.
C. Higher profits from sales
D. Simplified email management
1.B, 2.B, 3.B, 4.C, 5. B

2. The Real-World Examples of Common Cyber Threats

In today’s digital world, cyber threats like phishing scams, ransomware,
and social engineering attacks are not just IT problems—they affect Cybersecu
everyone in the organization. Real-world examples teach us powerful rity
lessons: Is Everyone's
• Small Mistakes Have Big Consequences: Responsibility
A single click on a malicious link can cost a company millions. Real

stories remind us to pause and think before acting on suspicious requests.
• Cybercriminals Exploit Trust and Habits:
Whether through fake emails pretending to be your CEO or weak passwords, attackers
target human behavior. Understanding these tactics empowers us to spot the red flags.
• Awareness Leads to Action:
Knowing the risks makes us more vigilant, from double-checking emails to reporting
potential threats. Cybersecurity starts with individual actions and ends with collective
defense.
2.1. Phone Spear Phishing Attack

Phishing attacks involve tricking individuals into providing sensitive information, such as
passwords or credit card numbers, by pretending to be a trustworthy entity.
On July 14 and 15, 2020, Twitter suffered a significant security breach, in which hackers
gained unauthorized access to approximately 130 high-profile accounts, including those
of notable individuals such as Barack Obama, Joe Biden, Bill Gates, Elon Musk, Kanye
West, and others. The attackers used social engineering tactics to compromise Twitter
employees’ credentials, allowing them to access internal tools and manipulate the
affected accounts.
2.1.2. How Twitter Survived Its Biggest Hack—and Plans to Stop the Next One
On July 15, 2020, Twitter experienced one of its most severe security breaches, where
high-profile accounts, including those of Elon Musk, Bill Gates, Kanye West, and Joe
Biden, were hacked to promote a Bitcoin scam. The attack began when hackers executed
a phishing scheme targeting Twitter employees, successfully obtaining credentials and
bypassing multi-factor authentication. By exploiting internal tools, the attackers
compromised 130 accounts, sending fraudulent tweets and causing chaos across the
platform.
The breach exposed systemic vulnerabilities in Twitter’s security, including excessive

employee access to critical tools and a lack of early warning systems. The incident
escalated to a point where Twitter temporarily blocked all verified accounts from tweeting
to contain the damage. Internally, the company adopted a "zero trust" approach, requiring
all employees to reset credentials and undergo verification processes to regain access to
systems.
Investigations revealed the attack was orchestrated by Graham Ivan Clark, a 17-year-old
from Florida, who previously engaged in online scams. Clark exploited Twitter's internal
admin tools to hijack accounts, escalating from OG username trades to targeting
celebrities and politicians.
In the aftermath, Twitter implemented critical security measures, including:
• Requiring physical two-factor authentication (2FA) for all employees, including

contractors.
• Enhancing employee training on phishing awareness and cybersecurity.
• Limiting access to internal tools and implementing stricter approval workflows

for sensitive actions.
• Introducing structural safeguards, such as background checks and stronger

internal policies for at-risk accounts (e.g., politicians and campaigns).
With the US presidential election approaching at the time, the hack underscored the
potential for catastrophic consequences if such a breach occurred with intent to disrupt
democracy. Twitter has since rehearsed incident response plans to prepare for future
crises, prioritizing rapid detection and containment of threats.
The July 15 attack revealed Twitter’s need for structural changes to combat insider threats
and external hacking attempts. By reducing trust in individual employee access and
adopting stricter protocols, Twitter aimed to harden its defenses against future
cyberattacks. While no system is invulnerable, the company remains vigilant, knowing it
must act swiftly to prevent smaller incidents from spiraling into larger crises.
2.1.3. Q and A
1. What type of attack did Twitter experience on July 15, 2020?
A. Ransomware attack
B. Phishing attack targeting employees
C. Denial-of-Service (DoS) attack
D. Malware infection
2. What was the goal of the hackers during the Twitter attack?
A. To shut down Twitter permanently
B. To promote a Bitcoin scam through high-profile accounts
C. To steal private messages from politicians
D. To leak sensitive company data
3. How did the attackers gain access to Twitter’s internal tools?

A. By exploiting vulnerabilities in Twitter's software
B. By phishing employees to steal their credentials
C. By hacking into high-profile accounts directly

D. By planting malware in Twitter’s servers
4. What immediate step did Twitter take to contain the attack?
A. Completely shutting down the platform
B. Blocking all verified accounts from tweeting
C. Resetting all user passwords globally
D. Sending notifications to hacked accounts only
5. What security weakness did the Twitter hack expose?

A. Too many employees had access to sensitive tools
B. Twitter’s server infrastructure was outdated
C. Multi-factor authentication failed completely
D. Twitter accounts lacked strong passwords
6. What key security measure did Twitter implement after the attack?
A. Mandatory use of physical two-factor authentication for all employees
B. Eliminating access to verified accounts
C. Shutting down all OG usernames permanently
D. Requiring employees to work offline
1.B, 2.B, 3.B, 4.B, 5.A, 6.A
2.2. Ransomware
Ransomware is an ever-evolving form of malware designed to encrypt files on a device,
rendering any files and the systems that rely on them unusable. Malicious actors use
ransomware to extort victims by demanding a “ransom” in exchange for the decryption
key or password to unlock the encrypted data.
2.2.1. Key Characteristics

• Encryption: Ransomware encrypts files, making them inaccessible without the
decryption key.
• Extortion: Attackers demand a ransom payment in exchange for the decryption

key or password.
• Crypto viral extortion: Advanced ransomware variants use this technique,

making it difficult to recover files without the decryption key.
• Trojan disguise: Ransomware often arrives as a legitimate file, tricking users

into downloading or opening it via email attachments or other means.
2.2.2. Types of Ransomwares

• Encrypting ransomware: Encrypts files and demands a ransom for the
decryption key.
• Non-encrypting ransomware (screen-locking ransomware): Locks the device’s

screen, displaying a ransom demand.
• Leakware or doxware: Steals sensitive data and threatens to publish it unless a

ransom is paid.
• Mobile ransomware: Affects mobile devices, often using screen-locking tactics.
• Wipers: Destroys data unless a ransom is paid, sometimes even after payment.
• Scareware: Tries to scare users into paying a ransom, often posing as a law
enforcement agency or virus infection alert.
2.2.3. Prevention and Mitigation

• Back up your data. The best way to avoid the threat of being locked out of your
critical files is to ensure that you always have backup copies of them, preferably in the
cloud and on an external hard drive. This way, if you do get a ransomware infection, you
can wipe your computer or device free and reinstall your files from backup. This protects
your data, and you won’t be tempted to reward the malware authors by paying a ransom.
Backups won’t prevent ransomware, but it can mitigate the risks.
• Secure your backups. Make sure your backup data is not accessible for
modification or deletion from the systems where the data resides. Ransomware will look
for data backups and encrypt or delete them so they cannot be recovered, so use backup
systems that do not allow direct access to backup files.
• Use security software and keep it up to date. Make sure all your computers and
devices are protected with comprehensive security software and keep all your software
up to date. Make sure you update your devices’ software early and often, as patches for
flaws are typically included in each update.
• Practice safe surfing. Be careful where you click. Don’t respond to emails and
text messages from people you don’t know, and only download applications from trusted
sources. This is important since malware authors often use social engineering to try to
get you to install dangerous files.
• Only use secure networks. Avoid using public Wi-Fi networks, since many of them
are not secure, and cybercriminals can snoop on your internet usage. Instead, consider
installing a VPN, which provides you with a secure connection to the internet no matter
where you go.
• Stay informed. Keep current on the latest ransomwares threats so you know what
to look out for. In the case that you do get a ransomware infection and have not backed
up all your files, know that some decryption tools are made available by tech companies
to help victims.
• Implement a security awareness program. Provide regular security awareness

training for every member of your organization so they can avoid phishing and other social
engineering attacks. Conduct regular drills and tests to be sure that training is being
observed.
2.2.4. Q and A
1. What is ransomware?
A. Software that speeds up your computer.
B. Malware that encrypts files and demands payment for a decryption key.
C. A tool used to delete unnecessary files.

D. Software used for legal data backup.
2. What does encrypting ransomware do?
A. Locks the device's screen.
B. Destroys data immediately.
C. Encrypts files, making them inaccessible without a decryption key.
D. Displays fake virus infection alerts.
3. Which type of ransomware threatens to publish sensitive data unless a ransom

is paid?
A. Encrypting ransomware
B. Leakware (doxware)
C. Mobile ransomware
D. Scareware
4. How does scareware trick its victims?
A. By encrypting files
B. By posing as law enforcement or fake virus infection alerts
C. By locking the device screen
D. By publishing sensitive data

5. What is the best way to mitigate the risks of ransomware?
A. Pay the ransom immediately
B. Back up data regularly and securely
C. Ignore ransomware infections
D. Disconnect all computers from the internet forever

6. Which major infrastructure suffered a ransomware attack in May 2021?
A. Twitter headquarters
B. Colonial Pipeline
C. Amazon Web Services
D. Microsoft data center
7. What critical lesson was learned from the Colonial Pipeline ransomware attack?
A. Paying ransom immediately solves ransomware issues

B. Strong passwords alone can prevent ransomware
C. Critical infrastructure needs robust cybersecurity frameworks
D. Ransomware cannot affect industrial systems
8. How did ransomware affect Colonial Pipeline’s operations?
A. It caused fuel shortages and price hikes along the East Coast
B. It corrupted employee login systems
C. It caused the company’s computers to crash entirely
D. It permanently deleted all company data

9. What role does social engineering play in spreading ransomware?
A. It uses physical attacks to disable hardware.
B. It tricks users into downloading malicious files or providing credentials.
C. It prevents employees from using the internet.
D. It hacks into backup servers directly.
10. Why should you avoid public Wi-Fi to prevent ransomware infections?
A. Public Wi-Fi is slow and unreliable.

B. Public Wi-Fi allows cybercriminals to snoop on your activity.
C. It disables antivirus software.
D. It speeds up ransomware attacks.
1.B, 2.C, 3.B, 4. B, 5. B, 6.B, 7.C, 8.A, 9.B, 10. B

2.3. The Colonial Pipeline ransomware attack in 2021

On May 7, 2021, the Colonial Pipeline, which supplies 45% of the East Coast’s fuel, was
forced offline following a ransomware attack by the hacker group DarkSide. The attackers
infiltrated the company’s IT infrastructure, encrypted critical data, and demanded a
ransom. Although DarkSide claimed they did not intend to “create problems for society,”
the attack caused severe disruptions to fuel supplies, leading to shortages, price hikes,
and operational setbacks across the Southeastern United States.
Colonial Pipeline paid $4.4 million in ransom to recover its data, but restoring systems
remained slow due to the nature of the decryption tools provided. The incident exposed
significant vulnerabilities in critical infrastructure, particularly within the energy and utilities
sector, and highlighted the growing sophistication of ransomware attacks.
2.3.1. How Did the Attack Happen?

The attack exploited remote access vulnerabilities, which were worsened by the COVID-
19 pandemic and the shift to remote work. Unsecured connections and poorly managed
remote tools like VNC or TeamViewer likely provided entry points. Once inside, the
hackers escalated their privileges, moved laterally through the IT network, and encrypted
Colonial Pipeline's most sensitive data.
2.3.2. Key Lessons Learned
The Colonial Pipeline attack emphasized the need for robust cybersecurity measures in
critical infrastructure. Preventative strategies include:
• Principle of Least Privilege (PoLP): Limiting user access to only what is necessary
to prevent privilege escalation.
• Endpoint Privilege Management (EPM): Blocking unauthorized processes, such
as ransomware encryption.
• Secure Remote Access: Enforcing multi-factor authentication and privileged
access management to secure remote connections.
2.3.3. Prevention Strategies

Organizations, especially in the energy and OT sectors, must prioritize securing
endpoints, implementing strong privileged access controls, and ensuring full visibility over
user activities. These measures help prevent ransomware attacks, mitigate damage, and
protect critical infrastructure from catastrophic disruptions in the future.
The Colonial Pipeline incident serves as a wake-up call for industries to enhance cyber
resilience, particularly as remote access continues to be a critical vulnerability.
2.3.4. Q and A
1. Which major company was affected by the ransomware attack on May 7, 2021?
A. Amazon Web Services
B. Colonial Pipeline
C. Twitter
D. Microsoft
2. What was the immediate impact of the Colonial Pipeline ransomware attack?
A. Increase in cybersecurity jobs
B. Disruptions to fuel supply along the East Coast
C. Improvement in airline operations
D. Shutdown of banking services
3. How much ransom did the attackers demand from Colonial Pipeline?
A. $1 million USD
B. 75 bitcoin ($4.4 million USD)
C. $10 million USD
D. 50 bitcoin ($2 million USD)
4. What vulnerability did the attackers exploit to infiltrate Colonial Pipeline’s

systems?
A. Outdated hardware components
B. Poorly secured remote access tools like VNC and TeamViewer
C. Weak passwords on company servers
D. Physical security breaches at company facilities

5. What cybersecurity principal limits user access to only what is necessary?
A. Principle of Least Privilege (PoLP)
B. Two-factor authentication (2FA)
C. Firewall security
D. Data encryption
6. Why was restoring Colonial Pipeline's systems slow even after paying the
ransom?
A. The decryption tools provided were slow and inefficient.
B. The company refused to restart the systems.
C. The attackers demanded more money.
D. The pipeline was permanently damaged.
7. What key lesson did the Colonial Pipeline attack highlight?
A. The importance of physical security in oil pipelines
B. The need for robust cybersecurity measures in critical infrastructure
C. The effectiveness of paying ransoms quickly

D. The risk of phishing attacks through email only
1. B, 2.B, 3.B4.B, 5.A, 6.A, 7.B
2.4. Mirai Botnet, Denial-of-Service (DoS) Attacks in 2016

DoS attacks overwhelm a system's resources, making it unavailable to users. The Mirai
botnet attack in 2016 is a famous example, where a massive number of compromised IoT
devices were used to launch a DoS attack on the DNS provider Dyn, causing widespread
internet outages.
A massive cyber-attack known as the Mirai botnet attack occurred, affecting millions of
devices connected to the Internet of Things (IoT). The attack was conducted by a malware
called Mirai, which targeted vulnerable IoT devices, such as web-connected cameras,
routers, and other devices with default passwords.
Background
Mirai was created by three college students, Paras Jha, Josiah White, and Dalton
Norman, who rented out their botnet to cybercriminals for DDoS attacks and click fraud.
2.4.1. What is DDoS Attack?

A Distributed Denial-of-Service (DDoS) attack is a type of cybercrime where an attacker
intentionally floods a targeted server, network, or online service with a massive amount
of malicious traffic. This overwhelming traffic is generated from multiple compromised
systems, hence the term “distributed.”
2.4.2. Types of DDoS Attacks

DDoS attacks can be motivated by several factors, including:
• Hacktivism: Disgruntled individuals or groups looking to make a statement or

express disapproval.
• Financial gain: Competitors disrupting online operations to steal business or

extorting victims by demanding payment to reverse the damage.
• Malicious entertainment: Attackers looking to cause chaos and show their
capabilities.
DDoS attackers aim to exhaust the target’s Internet bandwidth and RAM, causing the
system to become unresponsive or crash. This disrupts normal business operations,
prevents legitimate users from accessing online services, and can result in significant
financial losses.
The malware was designed to scan for and infect IoT devices running on the ARC
processor and Linux operating system.
2.4.3. Mirai Botnet Attack Timeline

• September 2016: The Mirai botnet launched its first DDoS attack on OVH, a
French internet service company.
• October 2016: The botnet attacked Dyn, a domain name system (DNS) provider,
causing widespread outages across North America and Europe. Major websites,
including PayPal, Twitter, and Netflix, were affected.
• November 2016: The Mirai botnet attacked Deutsche Telekom, a German
telecommunications company, causing significant disruptions.
2.4.4. The Mirai Botnet Attack Had Significant Consequences

• Widespread outages: The attack brought down major websites and services,
causing disruptions to online activities.
• Financial losses: The attack resulted in substantial financial losses for affected
organizations.
• Reputation damage: The incident damaged the reputation of IoT device
manufacturers and service providers.
• Increased awareness: The attack highlighted the need for improved security
measures for IoT devices and the importance of regular software updates and password
changes.
2.4.5. The Maria Botnet Attack and Lessons Learned

• Vulnerability of IoT devices: The attack showed the ease with which IoT devices
can be compromised due to default passwords and outdated software.
• Botnet proliferation: The Mirai botnet’s rapid growth and mutation highlighted the
potential for botnets to spread and evolve.
• Cybercrime economics: The attack showed how cybercriminals can profit from
DDoS attacks and click fraud, incentivizing further malicious activity.
The attacks resulted in significant financial losses for affected organizations, including
Dyn’s estimated $1 million daily losses during the peak of the attack.
The affected websites included: PayPal, Twitter, Reddit, Sony, Amazon, Netflix, Spotify,
Pinterest, SoundCloud, Squarespace.
2.4.6. Q and A
1. What was the primary target of the Mirai botnet attack in October 2016?
A. Financial institutions
B. A DNS provider called Dyn
C. Personal computers
D. Gaming consoles.
2. What devices were mainly compromised in the Mirai botnet attack?

A. Smartphones
B. IoT devices like cameras and routers
C. Laptops with antivirus software
D. Smart TVs
3. What is the purpose of a Denial-of-Service (DoS) attack?

A. To encrypt sensitive data
B. To overwhelm system resources and make them unavailable
C. To steal personal information
D. To improve server performance
4. What motivated attackers to launch DDoS attacks?

A. Hacktivism
B. Financial gain
C. Malicious entertainment
D. All of the above
5. Why were IoT devices vulnerable to the Mirai botnet malware?

A. They were poorly manufactured.
B. They used default passwords and outdated software.
C. They had advanced security measures.
D. They were expensive to keep.
1.B, 2.B, 3.B, 4.D, 5.B
2.5. The WannaCry Ransomware Malware Attack in 2017

Malware is malicious software designed to harm or exploit any programmable device,
service, or network.
In May 2017, the WannaCry ransomware malware attack spread rapidly across the globe,
infecting over 200,000 computers in more than 150 countries, including the United
Kingdom’s National Health Service (NHS), FedEx, Honda, Nissan, and many others. The
attack was unprecedented in its scale and impact, causing widespread disruption to
healthcare, transportation, and other critical infrastructure.
Aftermath:
• Financial Losses: Estimated to be in the hundreds of millions of dollars, with some

reports suggesting up to $4 billion in damages.
• Industry Impact: The attack highlighted the importance of patching and updating
software, as well as the need for robust cybersecurity measures.
• Attribution: Investigations pointed to North Korea’s Lazarus Group as the likely
perpetrators.
2.5.1. Lessons Learned from The WannaCry Ransomware Malware Attack

• Patch Management: Regularly update and patch software to prevent exploitation
of known vulnerabilities.
• Network Segmentation: Isolate critical systems and networks to prevent lateral
movement of malware.
• User Awareness: Educate users about phishing, social engineering, and
ransomware attacks to prevent initial infection.
• Incident Response: Develop and regularly test incident response plans to
minimize the impact of attacks.
2.6. Social Engineering

Social engineering involves manipulating individuals into divulging confidential
information or performing actions that compromise security.
An example is the Fancy Bear Cyber Espionage Group, which used social engineering
techniques to target political organizations and individuals, stealing sensitive information.
2.6.1. Notable Attacks at Social Engineering
In 2016, Fancy Bear hacked the World Anti-Doping Agency (WADA) database,
compromising confidential athlete medical data, including information on US athletes
such as Serena and Venus Williams, and Simone Biles.
In 2019, the group targeted at least 16 national and international sporting and anti-doping
organizations across three continents, using IoT devices to hack corporate networks. The
attacks occurred just before the news broke that the World Anti-Doping Agency was
planning to take further action ahead of the 2020 Summer Olympics.
2.6.2. Recent Developments
In 2023, the headquarters of Fancy Bear and the entire military unit were targeted by
Ukrainian drones, resulting in the collapse of a rooftop on an adjacent building.
An analysis of a sample published by the US government shows that Fancy Bear has
stripped down its initial infector to defeat ML-based defenses, hiding malicious
functionality in benign code.
2.7. Q and A
1. What was the primary method used in the 2020 Twitter phishing attack?
A. Disabling antivirus software
B. Manipulating employees to provide credentials
C. Using malware to encrypt data

D. Overloading servers with fake requests
2. What was the significant impact of the Colonial Pipeline ransomware attack in
2021?
A. Causing internet outages
B. Disrupting fuel supply in the United States
C. Compromising medical data of athletes
D. Encrypting Twitter’s internal systems
3. Which type of cyber threat was responsible for the Mirai botnet attack in 2016,
and what did it target?
A. Phishing; personal bank accounts
B. Ransomware; corporate networks
C. Denial-of-Service; DNS provider Dyn

D. Social engineering; IoT devices
4. What was one of the major lessons learned from the WannaCry ransomware
attack in 2017?
A. Social engineering is the most dangerous type of attack.
B. Keeping software updated and patched is critical to preventing attacks.
C. Bitcoin is a secure way to pay ransoms.
D. Denial-of-Service attacks cause the most financial loss.
5. What type of cyber threat was Fancy Bear known for, and what was one of their
notable targets in 2016?
A. Malware; Colonial Pipeline
B. Phishing; Twitter
C. Social engineering; World Anti-Doping Agency

D. Ransomware; Sony
1.B, 2.B, 3.C, 4.B, 5.C
3. Application Security for Beginners

Stay alert. Stay aware.
By learning from real-world incidents, we can turn stories of
cyberattacks into valuable lessons that strengthen our awareness,
reduce mistakes, and help protect both ourselves and the Together, we can keep
organization. our digital workplace
secure.
3.1. What is Application Security?
Application security is the process of protecting software applications from cyber threats
by identifying and fixing vulnerabilities during development and after deployment. It
ensures that applications, whether web-based, mobile, or desktop, are secure and
function as intended without exposing users or organizations to risks.
3.2. Why is Application Security Important?

Application security is crucial for protecting sensitive data, preventing cyber-attacks,
maintaining customer trust, complying with regulations, reducing business risk, ensuring
continuous operations, detecting and responding to threats, improving development
efficiency, enhancing reputation, and staying ahead of evolving threats.
Let’s go over in finer detail four reasons every business needs to prioritize application
security.
• Data Protection: Applications often handle sensitive data like personal

information, financial records, or medical histories.
• Business Continuity: Secure applications reduce the chances of disruptions
caused by attacks.
• Customer Trust: Users are more likely to engage with applications that prioritize
security.
• Compliance: Many industries require applications to meet specific security
standards.
3.3. Key Components of Application Security
Building a Strong Application Security Program focuses on integrating security
practices—such as risk management, testing, and controls—early in the application
development lifecycle. It requires a change in organizational philosophy, ensuring security
is considered, integrated, and tested at every stage. A robust application security program
consists of five key components.
3.3.1. Security by Design

Security should be addressed at the architecture and design phase, before coding begins.
Collaboration between security professionals and developers enables risk-based
identification of security controls (e.g., encryption, authentication, logging).
Security risk assessments help define controls based on the application’s interactions
with data, systems, and infrastructure. Insights for monitoring tools (like SIEM) must be
embedded into design and validated for effectiveness.
3.3.2. Secure Code Testing

Continuous testing ensures security flaws are caught early:
• Static Application Security Testing (SAST): Scans source code before

compilation.
• Dynamic Application Security Testing (DAST): Tests running applications.
• Penetration Testing (Pen Test): Combines automated tools and human-driven
assessments to identify weaknesses comprehensively, especially for high-risk
applications.
3.3.3. WAFs and API Security Gateways

Web Application Firewalls (WAFs) and API gateways protect applications by enforcing
definitive rules against malicious traffic. These rules should be developed at the design
phase to ensure immediate protection upon deployment, avoiding delays caused by
dynamic learning modes.
3.3.4. Security Training and Awareness

Developers should receive regular training on the OWASP Top 10 vulnerabilities and
threat intelligence. Focused training addresses coding errors linked to security risks.
Insights into attack methods and emerging vulnerabilities empower developers to write
secure code.
3.3.5. A Software Bill of Materials (SBOM)

A Software Bill of Materials (SBOM) is a comprehensive inventory of all software
components, including open-source libraries, used in a software application.
A SBOM is a critical tool for managing open-source libraries in software applications,

enabling organizations to ensure the security, compliance, and reliability of their software
supply chain.
3.4. Q and A
1. Why is "Security by Design" important in application development?
A. It ensures security is considered early, during the architecture and design

phase.
B. It helps save time by addressing security after coding is done.
C. It focuses only on testing applications after deployment.
D. It reduces the need for collaboration between developers and security

professionals.
2. What is the primary purpose of Static Application Security Testing (SAST)?
A. To test running applications for vulnerabilities.

B. To scan source code before it is compiled.
C. To monitor applications after deployment.

D. To identify weak passwords in the system.
3. Which of the following is true about Penetration Testing (Pen Test)?
A. It only uses automated tools to check for security flaws.
B. It combines automated tools and manual testing to identify vulnerabilities.
C. It can only be performed after an application goes live.

D. It is unnecessary for high-risk applications.
4. How do WAFs (Web Application Firewalls) and API Security Gateways protect
applications?
A. By scanning source code for errors.
B. By blocking unauthorized or malicious traffic.
C. By helping developers write secure code.
D. By monitoring developers' coding activities.
5. What does a Software Bill of Materials (SBOM) provide?
A. A list of all software components, including open-source libraries, used in

an application.
B. A report on application testing results.
C. A summary of coding errors found during development.

D. A list of all employees involved in application development.
1.A, 2. B, 3.B, 4.B, 5.A
4. Network Security
For beginners, it’s essential to understand the fundamental layers of network security. By
focusing on these key areas, beginners can establish a solid foundation for network
security, reducing the risk of cyber threats and ensuring the integrity of their digital assets.
4.1. What is Network Security?
Network security is a broad term that encompasses a multitude of technologies, devices,
and processes designed to protect the integrity, confidentiality, and accessibility of
computer networks and data. It involves restricting external access by ensuring:
• Confidentiality: Protecting sensitive information from unauthorized access or

disclosure.
• Integrity: Preventing unauthorized modification or destruction of data.
• Availability: Ensuring that authorized users have timely and reliable access to
network resources and data.
4.2. Why is Network Security Important?

• Protects Sensitive Data: Safeguards personal and organizational information
from being stolen or leaked.
• Prevents Cyberattacks: Stops hackers, viruses, and malware from infiltrating the
network.
• Ensures Business Continuity: Reduces downtime caused by network disruptions.
• Compliance: Helps organizations meet legal and regulatory requirements for data
security.
4.3. Key Components of Network Security

• Firewalls
Firewalls act as barriers that filter incoming and outgoing traffic, allowing only authorized
communication.
• Intrusion Detection and Prevention Systems (IDPS)

IDPS monitors network traffic for suspicious activity and takes action to block potential
threats.
• Virtual Private Networks (VPNs)
VPNs encrypt data transmitted over the internet, ensuring secure communication
between users and the network.
• Network Access Control (NAC)
NAC ensures that only authorized users and devices can connect to the network.
• Encryption
Encryption secures data transmitted across the network, making it unreadable to

unauthorized users.
4.4. Real-World Examples of Network Attack
4.4.1. Firewalls in Action

Company and Incident Date:
• Company: ABC Corp. (a multinational financial services firm)

• When: March 2024
The company's firewall successfully flagged and blocked a phishing email containing
malicious links.
Why It Works: Firewalls act as the first line of defense, monitoring and filtering incoming
and outgoing traffic based on predefined rules.
Lesson Learned: Firewalls are essential for preventing unauthorized access and
malicious traffic, particularly against common threats like phishing emails.
4.4.2. VPN for Remote Work
• Company: XYZ Tech Solutions (a global software development company)

• When: April 2020, during the peak of the COVID-19 pandemic
Businesses, including XYZ Tech Solutions, adopted Virtual Private Networks (VPNs) to
secure connections for their remote employees.
Why It Works: VPNs encrypt internet traffic, ensuring that sensitive company data
remains secure when employees access corporate systems over untrusted networks
(like home or public Wi-Fi).
Lesson Learned: VPNs play a critical role in enabling secure remote work by
safeguarding data against interception or unauthorized access.
4.4.3. Stopping Intrusions

• Company: ShopEase Online (a leading global e-commerce platform)

• When: August 2023
What Happened: ShopEase Online successfully detected and blocked a brute force
attack using an Intrusion Prevention System (IPS).
Why It Works: IPS continuously monitors network traffic for signs of suspicious or
malicious activity, such as repeated login attempts indicative of brute force attacks and
takes action to stop them.
Lesson Learned: Intrusion Prevention Systems are vital for protecting against real-time
attacks like brute force, which can compromise user credentials and sensitive data.
4.4.4. Conclusion
The increasing reliance on cybersecurity solutions like firewalls, VPNs, and Intrusion
Prevention Systems (IPS) highlights their critical role in safeguarding businesses against
modern cyber threats.
Firewalls serve as the first line of defense, filtering malicious traffic and blocking
unauthorized access, as seen in their effectiveness against phishing attempts.
VPNs ensure secure remote work by encrypting sensitive data, enabling businesses to
adapt quickly to challenges like the COVID-19 pandemic.
Intrusion Prevention Systems (IPS) protect in real time by identifying and blocking
sophisticated attacks, such as brute force attempts, before they compromise sensitive
information.
4.4.5. Best Practices for Network Security

• Use Strong Passwords: Require strong, unique passwords for network access.
• Enable Firewalls: Set up firewalls to filter network traffic.
• Encrypt Data: Always use encryption for sensitive information.
• Update Regularly: Keep all network devices and software up to date.
• Educate Users: Train employees to recognize phishing and avoid risky behavior
online.
• Monitor Activity: Use tools to track network traffic for unusual activity.
4.5. Q and A
1. What is the primary purpose of a firewall?
A. Speed up the network
B. Monitor internet usage
C. Filter and block unauthorized network traffic
D. Store passwords for users
2. Which tool encrypts data for secure communication over the internet?
A. Firewall
B. VPN
C. Antivirus software
D. Router
3. What is the main function of an Intrusion Detection and Prevention System

(IDPS)?
A. To provide network speed analysis
B. To detect and block suspicious network activity
C. To store user credentials
D. To create backups of network data
4. Why is it important to use strong passwords for network access?

A. To save time during login
B. To prevent unauthorized users from accessing the network
C. To ensure compliance with software licensing
D. To allow multiple users to share the same account
5. What does Network Access Control (NAC) do?
A. Encrypts data for transmission
B. Prevents unauthorized devices from connecting to the network

C. Improves network speed
D. Stores network configurations
1.C, 2.B, 3.B, 4.B, 5.B

5. Identity and Access Management (IAM)

Identity and Access Management (IAM) is a critical component of network security that
enables organizations to manage digital identities and control user access to critical
corporate information. IAM ensures that the right people and job roles in an organization
can access the tools they need to do their jobs, while preventing unauthorized access.
Think of IAM as the security guard for your digital assets. It ensures that only authorized
individuals can enter specific areas.
5.1. Key Components of IAM

5.1.1. Authentication
Authentication is the process of verifying a user’s identity before granting access.
Multi-Factor Authentication (MFA) adds extra layers, like a code sent to your phone or
biometric verification (e.g., fingerprint).
5.1.2. Multi-Factor Authentication (MFA) at Banks:

• Scenario: When you log into an online banking portal, you enter your username
and password (authentication step 1). To confirm your identity, the bank sends a one-time
password (OTP) to your mobile phone or email for additional verification (step 2).
• Why It Matters: MFA ensures that even if your password is compromised,

attackers cannot access your account without the second verification step.
• Lesson Learned: MFA strengthens security by adding an extra layer of protection.
5.1.3. Authorization
Authorization determines what actions a user is allowed to perform once authenticated.
5.1.4. Role-Based Access Control (RBAC) in Corporate Environments

• Scenario: In a company, employees have specific access based on their roles:
HR staff can access payroll and employee records.
IT admins can manage servers and systems.
Finance staff can view financial reports.
Other employees have limited access.
• Why It Matters: Role-Based Access Control ensures employees only have access
to resources necessary for their job, reducing the risk of unauthorized access or insider
threats.
• Lesson Learned: IAM principles like RBAC prevent over-permissioning and follow
the principle of least privilege.
5.1.5. Access management/Single Sign-On (SSO)

Single sign-on is a form of access control that enables users to authenticate with multiple
software applications or systems using just one login and one set of credentials.
• Scenario: An employee logs into their corporate account using a SSO system.
With one login, they gain access to multiple applications like email, HR software, project
management tools (e.g., Jira, Slack), and cloud services.
• Why It Matters: SSO simplifies user experience by reducing the need to

remember multiple passwords while maintaining strong access control.
• Lesson Learned: SSO enhances productivity and reduces password fatigue while
keeping systems secure.
5.1.6. Privileged Access Management (PAM)

An IAM system isolates highly privileged user accounts (e.g., system admins) and uses
credential vaults and just-in-time access protocols to grant access to sensitive
resources.
• Scenario: An employee logs into their corporate account using a SSO system.
With one login, they gain access to multiple applications like email, HR software, project
management tools (e.g., Jira, Slack), and cloud services.
• Why It Matters: SSO simplifies user experience by reducing the need to

remember multiple passwords while maintaining strong access control.
• Lesson Learned: SSO enhances productivity and reduces password fatigue while
keeping systems secure.
5.1.7. Summary of IAM

IAM ensures that only the right people have access to the right resources at the right
times. By using tools like MFA, SSO, and RBAC, organizations can enhance security,
streamline access, and reduce the risk of breaches. Strong IAM practices are essential
for safeguarding data and meeting compliance requirements.
5.2. Q and A
1. What is the primary goal of IAM?
A. To speed up internet access
B. To ensure only authorized users access resources
C. To simplify software development

D. To manage network hardware
2. Which of the following is an example of multi-factor authentication (MFA)?
A. Entering a password and a code sent to your phone
B. Using a single long password
C. Logging in with a username only
D. Creating a new account
3. What does role-based access control (RBAC) do?

A. Allows all employees to access all resources
B. Restricts access based on a user’s job role
C. Eliminates the need for passwords
D. Grants admin rights to everyone
4. What is a key benefit of single sign-on?
A. Reduces the number of passwords users need to remember
B. Increases password complexity

C. Grants unlimited access to all systems
D. Requires manual re-entry of credentials for each system
5. Why is privileged access management (PAM) important?
A. It simplifies user authentication for everyone.
B. It secures accounts with elevated permissions to reduce risks.
C. It removes the need for encryption.
D. It prevents users from accessing public Wi-Fi.
1.B, 2.A, 3.B, 4.A, 5.B

6. Data Security
Data Security refers to the process of safeguarding digital information throughout its
entire lifecycle to protect it from unauthorized access, theft, corruption, or destruction. It
encompasses various measures to ensure the confidentiality, integrity, and availability of
sensitive data, including:
• Confidentiality: Protecting data from unauthorized access or disclosure.
• Integrity: Ensuring data accuracy, completeness, and authenticity.
• Availability: Guaranteeing timely and reliable access to data when needed.

6.1. Key Points of Data Security:
Access controls: Limiting access to data based on user roles, permissions, and
•
authentication.
Encryption: Converting data into unreadable formats to protect it from

•
unauthorized access.
Data masking: Hiding sensitive information, such as personally identifiable data,

•
while still allowing authorized users to access it.
• Redaction: Removing sensitive information from data before sharing or storing

it.
Monitoring: Tracking data usage and detecting potential security breaches or

•
insider threats.
Auditing: Regularly reviewing and analyzing data access and usage patterns to
•
identify potential security risks.
Backup and recovery: Ensuring data is backed up regularly and can be restored
•
in case of data loss or corruption.
Compliance: Adhering to relevant regulations, standards, and industry best
•
practices to protect sensitive data.
Data security is essential for organizations to:
Safeguard sensitive information, including customer data, financial records, and

•
intellectual property.
• Prevent financial losses and reputational damage caused by data breaches or
cyber incidents.
• Ensure compliance with regulatory standards such as GDPR, HIPAA, and PCI-
DSS.
• Foster trust with customers and stakeholders by showcasing a strong
commitment to data protection.
6.2. What are GDPR, HIPAA, and PCI-DSS?

These are regulatory frameworks and standards that organizations must follow to protect
specific types of data:
6.2.1. GDPR (General Data Protection Regulation)

GDPR A regulation in the European Union that protects personal data and privacy for EU
citizens.
• Requires organizations to collect and process data responsibly.

• Gives individuals control over their personal data (e.g., the right to access,
correct, or delete it).
• Applies to any organization dealing with EU citizens, even outside the EU.
6.2.2. HIPAA (Health Insurance Portability and Accountability Act)
HIPAA is a U.S. law that protects sensitive patient health information.
• Sets standards for safeguarding medical records and health information.
•Requires healthcare providers, insurers, and their partners to follow strict privacy
and security rules.
• Includes penalties for data breaches involving health information.
6.2.3. PCI-DSS (Payment Card Industry Data Security Standard)

A global standard for organizations that handle credit cards and payment informations.
• Focuses on protecting cardholder data from theft or fraud.
• Requires secure systems for processing, storing, and transmitting payment

information.
• Mandates regular security assessments and compliance reporting.
6.3. Recent Examples

• Meta was fined €91m for violating GDPR rules on password storage
• Google is under investigation for its AI data privacy practices
• Uber was fined €290m for sending drivers' data to the US without consent
• Meta is facing 11 complaints over its use of personal data to train AI models
without consent
6.4. Q and A
1. What does data security aim to protect?
a) Digital information from unauthorized access
b) Digital information from theft
c) Digital information from corruption or destruction

d) All of the above
2. Which of the following is NOT a primary goal of data security?
a) Confidentiality
b) Integrity
c) Efficiency
d) Availability
3. What is the purpose of access controls in data security?

a) To encrypt sensitive data
b) To limit access to data based on user roles and permissions
c) To remove sensitive data before sharing
d) To detect insider threats
4. What does encryption do to data?
a) Deletes it
b) Converts it into an unreadable format

c) Shares it with authorized users
d) Backs it up
5. What is the key difference between data masking and redaction?
a) Data masking hides sensitive data; redaction removes it.
b) Data masking encrypts data; redaction decrypts it.
c) Data masking limits access; redaction enables sharing.
d) Data masking is a backup process; redaction is a monitoring process.

6. Which of the following involves regularly reviewing data access and usage?
a) Monitoring
b) Encryption
c) Auditing
d) Backup
7. Why is data backup and recovery important?
a) To encrypt sensitive data

b) To ensure data can be restored in case of loss or corruption
c) To limit access to sensitive information
d) To delete outdated data
8. Data security helps organizations protect:
a) Customer data and financial records
b) Intellectual property
c) Regulatory compliance
d) All of the above

9. What is a key reason for organizations to invest in data security?
a) To reduce marketing costs
b) To build trust with customers and stakeholders
c) To avoid purchasing software
d) To increase advertising reach
10. What is the purpose of GDPR?
a) To protect financial transactions

b) To ensure medical records are secure
c) To protect personal data and privacy for EU citizens
d) To monitor insider threats

11. Which regulation focuses on the protection of health information?
a) PCI-DSS
b) GDPR
c) HIPAA
d) CISA
12. PCI-DSS is a standard designed to protect:
a) Personal health information

b) Credit card and payment information
c) Social media data
d) Employee login details
13. Which company was fined €91 million for violating GDPR rules on password
storage?
a) Meta
b) Google
c) Uber
d) Amazon
14. Why was Uber fined €290 million?

a) For failing to encrypt payment data
b) For sending drivers' data to the U.S. without consent

c) For misusing customer credit card information
d) For data breaches involving health information
15. What is a common issue faced by organizations in data security?
a) Lack of funding for advertising
b) Unauthorized use of personal data for AI training

c) Reduction in compliance audits
d) Overly complex marketing strategies
1.D, 2.C, 3.B, 4.B, 5.A, 6.C, 7.B, 8.D, 9.B, 10.C, 11.C, 12.B, 13.A, 14.B, 15. B
7. Incident Response and Forensics Meaning

7.1. Incident Response (IR)
Incident Response is the process by which an organization handles a data breach or
cyberattack. It involves quickly identifying an attack, minimizing its effects, containing
damage, and remediating the cause.
The National Institute of Standards and Technology (NIST) defines IR as a four-step

process:
• Preparation: Establishing incident response policies, procedures, and playbooks

to ensure readiness.
• Detection/Analysis: Identifying and analyzing the incident to determine its scope,
severity, and impact.
• Containment, Eradication/Recovery: Containing the attack to prevent further
damage, eradicating the threat, and recovering affected systems and data.
• Post-Incident Activity: Conducting after-action reviews, reporting, and improving
incident response processes.
7.2. Digital Forensics

Digital Forensics is the investigation of cyberthreats, primarily to gather digital evidence
for litigating cybercriminals. It involves collecting, preserving, and analyzing digital
evidence from compromised systems, networks, and devices to:
• Reconstruct the incident,
• Identify the attackers,
• Determine the attack vectors and tactics,
• Preserve evidence for potential legal action.
7.3. Digital Forensics and Incident Response (DFIR)

DFIR integrates these two disciplines, combining incident response activities (e.g.,
containment, eradication) with digital forensic techniques to:
• Quickly identify and respond to incidents
• Preserve critical evidence before it’s lost or altered
• Conduct thorough investigations to understand the attack
• Remediate vulnerabilities and prevent future attacks.
7.4. Q and A
1. What is the primary goal of Incident Response (IR)?
a) To create new software
b) To handle a data breach or cyberattack effectively
c) To increase user engagement
d) To sell cybersecurity tools
2. What does the "Containment, Eradication, and Recovery" phase of Incident

Response aim to achieve?
a) Spread the attack further

b) Contain the attack, remove threats, and restore systems
c) Conduct market research
d) Preserve evidence for legal action
3. What is the primary purpose of digital forensics?

a) To create backups of data
b) To gather digital evidence for investigating cyberthreats
c) To manage social media accounts
d) To redesign software applications
4. Digital forensics preserves evidence for:

a) Internal reviews only
b) Legal actions or investigations
c) Social media posts
d) Personal use
5. What type of evidence does digital forensics analyze?

a) Physical documents
b) Digital evidence from systems, networks, and devices
c) Verbal testimonies
d) Handwritten notes
1.B, 2.B, 3.B, 4.B, 5.B

8. Penetration Testing and Ethical Hacking

Penetration testing and ethical hacking are two cybersecurity techniques used to identify
vulnerabilities in an organization’s security posture. While they are often used
interchangeably, they have distinct differences in their methodologies, objectives, and
approaches.
8.1. Penetration Testing

Penetration testing, also known as pen testing, is a cybersecurity assessment technique
used to identify and exploit vulnerabilities in computer systems, networks, or applications.
The primary goal of penetration testing is to find security flaws in specific information
systems without causing harm. Penetration testers use both manual and automated tools
and approaches to ensure an organization’s cybersecurity is impenetrable.
8.2. Ethical Hacking

Ethical hacking, also known as white-hat hacking, involves the authorized simulation of
real-world cyber-attacks to identify security weaknesses. Ethical hackers utilize the same
methodologies and tools as hackers, but their intention is to bolster security rather than
perpetrate malicious activities. Ethical hacking encompasses a broad range of activities,
from network penetration testing to social engineering assessments.
8.3. How Do Penetration Testing and Ethical Hacking Differ?
Aspect Penetration Testing Ethical Hacking
Focused on specific systems or Broader, includes human and physical

Scope applications security
Comprehensive evaluation of security

Purpose Simulate specific attack scenarios posture
Requires permission for defined Requires broad permission to test

Authorization areas multiple areas
Provides detailed reports on Identifies vulnerabilities and educates

Output vulnerabilities users
8.4. Q and A
1. What is the main goal of penetration testing and ethical hacking?
a) To disrupt an organization’s systems
b) To identify vulnerabilities in an organization’s security posture
c) To design new security software
d) To bypass legal restrictions
2. What is penetration testing primarily used for?

a) Designing new hardware
b) Identifying and exploiting vulnerabilities in specific systems
c) Testing user experience on websites
d) Marketing cybersecurity tools
3. What is a characteristic of penetration testing?

a) It is broad and includes physical security testing
b) It uses manual and automated tools to identify vulnerabilities
c) It is done without authorization
d) It focuses on educating users
4. What is the primary output of penetration testing?

a) A comprehensive security report
b) A marketing strategy
c) A detailed list of vulnerabilities in specific systems
d) Recommendations for social media security
5. What is the primary goal of ethical hacking?
a) To gain unauthorized access to systems

b) To simulate cyber-attacks and identify security weaknesses
c) To design firewalls
d) To create new software for users
6. Which of the following is a characteristic of ethical hacking?
a) It involves unauthorized access to systems

b) It includes activities like social engineering assessments
c) It ignores physical security
d) It is conducted without organization’s consent
7. Ethical hackers are also referred to as:

a) Grey-hat hackers
b) Black-hat hackers
c) White-hat hackers
d) Blue-hat hackers
8. What type of permission is required for ethical hacking?

a) No permission is needed
b) Broad permission to test multiple areas
c) Permission for only a single area
d) Permission is not applicable
1.A, 2.B, 3.B, 4.C, 5.B, 6.B, 7.C, 8.B,

9. Data Backup
Data backup is the process of creating a copy of digital data, such as files, databases, or
entire systems, and storing it in a separate location, typically for the purpose of recovering
the data in case of loss, corruption, or destruction of the original data due to various
events, including:
• Hardware failure
• Cyber-attacks (e.g., ransomware)
• Natural disasters (e.g., floods, fires)
• Human error (e.g., accidental deletion)
• Malware or virus attacks
Data backup provides a safeguard against data loss and ensures business continuity by
allowing organizations to restore their critical data and systems quickly, minimizing
downtime and potential losses.
9.1. Types of Data Backup

• Full Back up: A complete copy of all data, often used for initial backups or when
significant changes occur.
• Incremental Backup: Copies only changed data since the last full or incremental
backup.
• Differential Backup: Copies all changed data since the last full backup.
• Synthetic Full Backup: Combines incremental backups with a full backup to

create a complete copy of data.
• Cloud Backup: Stores backup data in a remote cloud storage service, providing
offsite protection and accessibility.
• Virtual Tape Library (VTL): A virtualized tape library that mimics traditional tape
backup systems but uses disk storage.
9.2. Best Practices for Data Backup

• Regularly Schedule Backups: Based on data volume and change frequency.
• Store Backups Offsite: To protect against local disasters or theft.
• Use multiple backup targets: To ensure data availability and reduce reliance on a
single backup method.
• Verify Backup Integrity: Regularly check backups for completeness and accuracy.
• Test Restore Procedures: Ensure data can be successfully restored in case of a

disaster.
9.3. Q and A
1. What is the primary purpose of data backup?
a) To create multiple copies of files for sharing
b) To safeguard digital data against loss, corruption, or destruction
c) To save storage space on devices

d) To enhance software performance
2. Which of the following is NOT a common cause of data loss that data backup can
protect against?
a) Hardware failure
b) Human error
c) Natural disasters
d) Improved internet speed
3. What type of backup copies only the data that has changed since the last full
backup?
a) Full Backup
b) Incremental Backup
c) Differential Backup
d) Synthetic Full Backup
4. What is one of the advantages of cloud backups?

a) Data is stored locally for faster access
b) Backup data is stored remotely, providing offsite protection and accessibility
c) It eliminates the need for verifying backup integrity
d) It does not require an internet connection
5. Which of the following is the best practice for data backup?

a) Rely on a single backup target for convenience
b) Schedule backups irregularly to save time
c) Verify the integrity of backups regularly
d) Avoid testing restore procedures to prevent data overwrites
1.B, 2.B, 3.C, 4.C,5. C

10. Signs That a Webpage Might Be Dangerous

10.1. Suspicious URL or Domain Names:
Be cautious of websites with misspelled, altered, or added letters in the domain name.
Verify the domain name to ensure it matches the company or website you intended to
visit.
• Look for typos, misspellings, or extra characters in the web address

(e.g., faceboook.com instead of facebook.com).
•Avoid links with unusual extensions like ‘.xyz’, ‘.tk’, or long strings of random
characters.
• Hover over links to preview the destination before clicking.
10.2. No HTTPS Encryption

A lack of HTTPS means data is not encrypted and may be intercepted.
Ensure the website uses HTTPS (the “s” indicates a secure connection). Although HTTPS
doesn’t guarantee the website is completely secure, it’s a basic requirement for online
safety.
10.3. Too-Good-To-Be-True Content (Instinctive Unease)

Trust your instincts
• Be wary of websites that offer free products, rewards, or deals that seem
unrealistic.
• Avoid "clickbait" headlines, lotteries, or urgent messages like, “You’ve won a

prize!”.
If a website gives you an uneasy feeling or seems suspicious, it’s best to err on the side
of caution and avoid it.
10.4. Browser Security Warnings
Modern browsers often display warnings such as:
• "This site may be unsafe."
• "This connection is not private."
• “Dangerous site”
• “Fake site ahead”
Heed these warnings and avoid proceeding.
10.5. Pop-Ups and Ads Overload

Avoid websites with excessive pop-ups or links insisting you click on them. These may
be attempts to install malware or generate ad revenue.
•If you see frequent prompts to install software or share information, exit
immediately.
10.6. Requests for Personal or Financial Information

Legitimate websites rarely request sensitive details (e.g., passwords, bank accounts)
through pop-ups or forms.
• Be cautious of sites that ask for such information without proper verification.
10.7. Poor Website Design and Content

Dangerous websites often have:
• Spelling and grammar errors
• Low-quality images or broken links
• Inconsistent page formatting.
10.8. Automatic Downloads

If the site starts downloading files without your permission, it’s likely distributing malware.
10.9. No Contact Information

Legitimate websites usually display contact information (e.g., company name, address,
phone number).
Fake sites often omit this or provide fake contact details.
10.10. Unusual Behavior

Your browser slows down, freezes, or displays pop-ups when visiting a site.This could
indicate malware or malicious scripts.
10.11. Q and A
1. What should you check for when looking at a website's URL to ensure it is
legitimate?
a) Bright colors in the design

b) Typos, misspellings, or extra characters in the domain name
c) The speed of the website
d) Whether the site has a lot of images
2. Why is it important to hover over a link before clicking it?
a) To see if the website loads faster

b) To preview the actual destination of the link
c) To check if the link has ads
d) To open the link automatically
3. What does the “S” in HTTPS stand for, and why is it important?
a) “Simple” - it makes websites easier to use

b) “Secure” - it ensures data is encrypted for safety
c) “Speedy” - it helps websites load faster
d) “Systematic” - it organizes data
4. If a website uses only HTTP and not HTTPS, what should you do?
a) Proceed with caution, as data may not be secure

b) Trust it if the page looks professional
c) Use the site as long as it loads quickly
d) Ignore HTTPS since it’s not important
5. If a website offers free prizes or unbelievable deals, what should you do?
a) Trust the offer if it looks real
b) Be skeptical and avoid interacting with it
c) Share your personal details to claim the prize
d) Click all links to check the offers
6. What is a good rule of thumb if a website makes you feel uneasy?

a) Trust your instincts and avoid the site
b) Stay on the site to double-check its offers
c) Refresh the page to fix any issues
d) Install suggested software to "secure" the site
7. What should you do if your browser warns, “This site may be unsafe”?
a) Ignore the warning and proceed
b) Refresh the site to see if the warning disappears
c) Close the site and avoid visiting it
d) Click “proceed anyway” to bypass the warning
8. Which of these is an example of a browser security warning?

a) "This connection is not private"
b) "Page loaded successfully"
c) "High speed detected"
d) "Click to win!"
9. Why should you avoid websites with excessive pop-ups or ads?

a) They may contain malware or lead to scams
b) Pop-ups are required for the site to work
c) Pop-ups are harmless and can be ignored
d) Ads help improve site performance
10. What should you do if a website frequently prompts you to install software?
a) Install it immediately to see what it is
b) Ignore it and stay on the site
c) Exit the website immediately
d) Restart your device
11. What is a major red flag when visiting a website?
a) It uses animations and videos
b) It asks for passwords or bank details through pop-ups
c) The website has many images
d) The site loads quickly
12. What are signs of a poorly designed, suspicious website?

a) Low-quality images and broken links
b) High-quality logos and videos
c) Bright colors and animations
d) Lots of advertisements
13. If you notice multiple grammar and spelling mistakes on a webpage, what
should you do?
a) Report the website and avoid sharing information
b) Trust it if the deals are good
c) Refresh the page to correct the errors
d) Keep browsing because errors are normal
14. What might it mean if a website starts downloading files without your
permission?
a) The site is sharing free tools
b) The site is likely distributing malware
c) It’s a sign the site is fast and efficient
d) Downloads are harmless and can be ignored
15. Why is missing or fake contact information a red flag for a website?
a) It means the site is private
b) It indicates the site may not be legitimate
c) It improves the website’s speed
d) Contact information is optional
16. What could happen if a website runs malicious scripts on your browser?
a) Your browser may slow down, freeze, or show pop-ups
b) The website will load faster than usual
c) Your data is automatically backed up
d) Nothing noticeable will happen
17. If your browser behaves unusually when visiting a webpage, what is the safest
action?
a) Restart your browser and try again

b) Immediately close the webpage and scan for malware
c) Ignore the behavior and continue browsing
d) Reload the site multiple times
1.B, 2.B, 3.B, 4.A, 5.B, 6.A, 7.C, 8.A, 9.A, 10.C, 11.B, 12.A, 13.A, 14.B, 15.B, 16.A, 17.B
11. Social Network Security

Social network security refers to the strategies, practices, and technologies used to
protect personal and organizational information shared on social media platforms from
unauthorized access, misuse, or attacks. It ensures that users' privacy is maintained,
sensitive data is safeguarded, and accounts are not exploited for malicious purposes.
11.1. Why is Social Network Security Important?

• Protecting Personal Privacy: Safeguards sensitive information like location,
contact details, and activities from being misused.
• Preventing Cyber Threats: Reduces risks like phishing, identity theft, and
malware attacks.
• Maintaining Brand Reputation: Helps organizations avoid reputational damage

caused by unauthorized posts or data breaches.
• Avoiding Legal Issues: Ensures compliance with privacy laws and regulations,
such as General Data Protection Regulation (GDPR).
11.2. Common Security Threats on Social Networks

While the popularity of using online social networks is rising every day, the security threats
to the users of these networks have also increased dramatically. Many people find social
networks very interesting, because they offer a wide range of online services for
socializing between friends and people that have similar interests. However, sharing
these interests online and using them without considering the security factor can lead a
user to become victim of a hacker. There are many different types of threats that might
put the social network's users at cyber security risk.
• Phishing Attacks:
Cybercriminals send fake messages to trick users into revealing sensitive information
(e.g., passwords, credit card numbers).
• Account Hacking:
Unauthorized access to social media accounts, often leading to malicious posts or
misuse.
• Social Engineering:
Manipulating users into divulging confidential information by exploiting trust.
• Malware and Scams:

Sharing malicious links or files that infect devices or steal data.
• Impersonation and Fake Profiles:

Creating fake accounts to impersonate others and deceive users.
• Data Mining:
Collecting user data without consent, often for marketing or malicious purposes.
11.3. Best Practices for Social Network Security

• Use Strong Passwords:
Create unique, complex passwords for each account and consider using a password
manager.
• Enable Two-Factor Authentication (2FA):
Add an extra layer of security by requiring a second verification step during login.
• Limit Personal Information Sharing:
Avoid posting sensitive details like home addresses, financial information, or vacation
plans.
• Review Privacy Settings:
Regularly check and customize privacy settings to control who can view and interact with
your content.
• Be Cautious with Links and Messages:

Verify links and avoid clicking on suspicious URLs or responding to unsolicited messages.
• Monitor Account Activity:
Check for unauthorized logins or posts and report unusual activity immediately.
• Educate Yourself and Employees:

Stay informed about common social media threats and train users to recognize potential
scams.
• Avoid Third-Party Apps:
Be selective with apps that request access to your social media accounts, ensuring they
are trustworthy.
11.4. Q and A
1. What is the primary goal of social network security?
a) To improve social media engagement

b) To protect personal and organizational information from unauthorized
access, misuse, or attacks
c) To collect user data for marketing purposes
d) To create new social media platforms
2. Which of the following is NOT a reason why social network security is

important?
a) Protecting personal privacy
b) Preventing cyber threats
c) Increasing advertisement reach
d) Avoiding legal issues
3. Which of these is an example of a phishing attack on social networks?
a) A hacker creating a fake profile

b) Cybercriminals sending fake messages to trick users into revealing
sensitive information
c) A user sharing malicious links intentionally
d) Collecting data for marketing without user consent
4. What is the purpose of enabling two-factor authentication (2FA) on social media

accounts?
a) To automatically update privacy settings
b) To add an extra layer of security by requiring a second verification step
during login
c) To create complex passwords for all accounts
d) To monitor account activity in real-time
5. Which of the following is a best practice for social network security?

a) Share sensitive personal information on public profiles
b) Click on all links sent in messages
c) Regularly check and customize privacy settings to control who can view
your content
d) Use the same password for all accounts
1.B, 2.C, 3.B, 4. B, 5.C

12. Antivirus Protection

A comprehensive security solution designed to prevent, detect, and remove malware,
including viruses, worms, Trojans, ransomware, spyware, adware, and other types of
malicious software (malware) from infecting and compromising computer systems,
networks, and mobile devices.
12.1. Key Functions:

Antivirus protection is a key layer of cybersecurity that safeguards your data, devices, and
privacy. By combining reliable antivirus software with safe browsing habits, you can effectively
minimize risks and stay protected from cyber threats.
• Scanning: Regularly scans computer systems, files, and network traffic for known
and unknown malware patterns.
• Detection: Identifies and flags suspicious code or behavior as potential malware

threats.
• Removal: Deletes or quarantines detected malware to prevent further damage or

spread.
• Real-time Protection: Monitors system and network activity in real-time to block

malware infections and prevent unauthorized access.
• Signature-based Detection: Uses pre-defined patterns (signatures) to identify

known malware, ensuring timely detection and removal.
• Behavioral-based Detection: Analyzes code behavior to detect and block

unknown or zero-day malware attacks.
• Heuristics: Uses algorithms to analyze file behavior and make educated guesses
about potential malware, even if it’s unknown.
• HIPS (Host Intrusion Prevention System): Monitors system activity and blocks
unauthorized changes or behavior that may indicate malware presence.
12.2. Additional Features:

• Firewall: Blocks unauthorized network traffic and incoming/outgoing connections.
• Email Scanning: Scans email attachments and bodies for malware.
• Web Filtering: Blocks access to malicious websites and URLs.
• Identity Theft Protection: Monitors for and alerts users to potential identity theft
attempts.
• Mobile Security: Protects mobile devices from malware, phishing, and other
threats.
12.3. Q and A
1. What is the primary purpose of antivirus protection?
a) To create a backup of files
b) To prevent, detect, and remove malware from computer systems,
networks, and mobile devices
c) To improve system performance
d) To increase internet speed
2. Which of the following is NOT a key function of antivirus software?

a) Scanning files and network traffic
b) Detecting suspicious behavior
c) Automatically upgrading hardware
d) Removing or quarantining malware
3. What does real-time protection in antivirus software do?
a) Monitors system and network activity continuously to block malware
infections and unauthorized access
b) Creates daily backups of system files
c) Optimizes system performance for gaming
d) Downloads the latest antivirus updates automatically
4. Which of the following is an additional feature of modern antivirus software?

a) Firewall protection
b) Email scanning
c) Web filtering
d) All of the above
5. What is HIPS (Host Intrusion Prevention System)?

a) A system that creates a backup of user data in case of malware attacks
b) A feature that blocks unauthorized changes or behavior indicating malware
presence
c) A tool to optimize computer hardware for better performance
d) A scanning feature for external hard drives only
6. Why is antivirus protection important in today's digital landscape?

a) It helps safeguard against data breaches, system crashes, and financial
losses.
b) It increases system processing speed.
c) It is only required for mobile devices.
d) It eliminates the need for firewalls.
7. What is the role of heuristics in antivirus software?

a) It creates copies of files for backup purposes.
b) It uses algorithms to analyze file behavior and detect unknown malware.
c) It blocks all suspicious network connections without analysis.
d) It scans only email attachments for viruses.
8. What does email scanning in antivirus software help with?

a) Optimizing email delivery speed
b) Scanning email attachments and bodies for malware threats
c) Encrypting email communications automatically
d) Blocking all emails from unknown senders
9. What is mobile security in antivirus software?

a) A feature to improve mobile device battery life
b) Protection for mobile devices against malware, phishing, and other threats
c) A system for blocking spam calls
d) Software for creating mobile-friendly documents
1.B, 2.C, 3.A, 4.D, 5.B, 6.A,7. B, 8.B, 9.B

13. Disaster Recovery

Disaster Recovery (DR) is an organization’s plan to protect its IT systems and data from
disasters and recover quickly to minimize downtime and losses. It involves anticipating
and addressing technology-related disasters, such as:
• Natural disasters (e.g., floods, earthquakes, hurricanes)

• Cyberattacks (e.g., ransomware, malware)
• Power outages
• Equipment failures
• Human errors (e.g., accidental data deletion)
13.1. The primary goals of Disaster Recovery

• Data protection: Ensure that critical data is backed up regularly and stored
securely offsite.
• System availability: Design and implement redundant systems and infrastructure
to ensure minimal downtime.
• Business continuity: Minimize the impact on business operations by quickly
restoring IT systems and services.
13.2. Key elements of a Disaster Recovery Plan
This beginner-level Q&A simplifies key concepts like RPO, RTO, redundancy, and testing
while reinforcing the importance of a Disaster Recovery Plan.
13.2.1. Recovery Point Objective (RPO)

The RPO defines the maximum amount of data loss that an organization can tolerate
after a disaster or failure. It represents the age of files or data in backup storage required
to resume normal operations if a computer system or network failure occurs. The
maximum acceptable time lag between data loss and recovery.
Examples:
• RPO of 12 hours means that data loss exceeding 12 hours would exceed the
organization’s tolerance.
• RPO of 5 hours means that data loss exceeding 5 hours would exceed the
organization’s tolerance.
By understanding and implementing a Recovery Point Objective, organizations can
ensure timely and effective disaster recovery, minimizing data loss and business
disruption.
13.2.2. Recovery Time Objective (RTO)

The maximum time it takes to recover IT systems and services after a disaster.
Examples:
• A system with a defined RTO of 30 minutes must be fully recovered and

operational within 30 minutes of the incident.
• A non-mission-critical system may have a longer RTO, such as 2 hours, allowing

for a more relaxed recovery timeline.
13.2.4. Backup and Restore Processes

Regular backups and tested restore procedures to ensure data integrity.
13.2.5. Redundant Infrastructure

Duplicate systems, networks, and storage to ensure failover and failback capabilities. By
understanding the different types of redundancy and implementing best practices,
organizations can ensure their infrastructure is designed to support business operations,
even in the face of adversity.
13.2.6. Disaster Recovery Team

Designated personnel responsible for executing the disaster recovery plan.
13.2.7. Testing and Validation

Regularly test and validate the disaster recovery plan to ensure its effectiveness.
Disaster Recovery planning involves a combination of technology, processes, and people
working together to ensure business continuity in the face of unexpected disruptions.
13.3. Q&A
1. What is Disaster Recovery (DR)?
A. The process of fixing computers.
B. A plan to protect IT systems and recover quickly after disasters.
C. A strategy to improve internet speed.

D. A way to delete unnecessary data.
2. Which of the following is an example of a disaster covered under DR?
A. Spilling coffee on your keyboard.
B. Natural disasters like floods or hurricanes.
C. Forgetting your email password.
D. Sending the wrong email to a colleague.
3. What is the main goal of Disaster Recovery?
A. To protect data and ensure business continuity.
B. To replace outdated systems.
C. To install new software.
D. To reduce employee training time.
4. What does Recovery Point Objective (RPO) mean?
A. The oldest data a company can lose and still recover.
B. The maximum time a business can operate without employees.
C. The time needed to repair hardware.
D. The maximum allowable downtime after a disaster.

5. If a company has an RPO of 6 hours, what does that mean?
A. Backups are stored every 6 minutes.
B. Data loss exceeding 6 hours is unacceptable.
C. Systems need to be recovered in 6 minutes.
D. Data backups are stored in 6 different places.
6. What is Recovery Time Objective (RTO)?

A. The amount of time it takes to fix a coffee machine.
B. The time it takes to recover IT systems after a disaster.
C. The amount of time before data backups expires.
D. The timeline for hiring new IT staff.
7. Why are backups and restore processes important in disaster recovery?
A. They help reduce software costs.
B. They ensure data can be recovered after a disaster.

C. They improve internet connection speed.
D. They replace outdated computers.
8. What is the purpose of redundant infrastructure?
A. To duplicate systems, ensuring minimal downtime during failures.
B. To save money by reducing IT infrastructure.
C. To back up email messages only.

D. To provide employees with more storage space.
9. Who is responsible for executing the Disaster Recovery Plan?
A. The Finance Department.
B. The Disaster Recovery Team.
C. Marketing personnel.
D. External software vendors.
10. Why is testing and validating the DR plan important?
A. To identify weaknesses and ensure the plan works effectively.
B. To reduce employee workloads.
C. To upgrade computer systems.
D. To save storage space in backups.
1. B, 2.B, 3. A, 4.A, 5.B, 6. B,7.B, 8.A, 9.B, 10. A

14. Mobile Device Security

Mobile device security is the full protection of data on portable devices and the network
connected to the devices. Common portable devices within a network include
smartphones, tablets, and personal computers.
The biggest cyber threat isn’t sitting at your desk: it is your smartphone. Our phones have
become the prime hacking target, due to a combination of circumstances, some under
our control and some not.
14.1. Practical Suggestions to Improve Mobile Security

Securing your mobile device from these threats isn’t simple, which is why many of the
threats continue. It will require a multi-pronged effort on the part of both users and IT
managers to curtail them. Both Apple and Google have beefed up their operating systems
with various security technologies (Google calls its tools Play Protect). That is a good
starting point, but you’ll also want to consider many of the following suggestions:
• Use PINs to lock your phone. Either use the longer numeric PIN or your face or
finger to unlock the phone. The second or two delay is worth the extra security. As part of
your Touch/Face ID and Passcode settings is an option to “erase data” after entering 10
incorrect PIN attempts.
• Use additional security apps. Network Solutions has a Cyber Security

Solution that bundles Lookout and SkOUT along with a VPN. There are also other free
anti-malware products from Avira, Avast, ESET, Kaspersky and Sophos all have free AV
for Android for example. And there are numerous free VPN providers, such as ProtonVPN
and Cloudflare’s Warp that are worth using too.
•Use password manager. Having a common repository of passwords among all

your devices — and having complex and unique passwords — is a major improvement
over shared and simple passwords.
• Think before you connect to any public Wi-Fi network. Don’t automatically
connect to Wi-Fi hotspots by name: hackers like to fool you into thinking that just because
something is named “Starbucks Wi-Fi” it’s safe. Apple makes a Configurator app that can
be used to further lock down its devices: use it. “Ask to Join Networks” should always be
set to the “Ask” option.
• Always download apps from the official Google Play and Apple iTunes stores.
Make sure you have connected properly before you click on that download link. And while
you are checking, make sure you understand the app’s permissions and that they match
what the app is doing. Some developers, such as the financial app Mint, go a step further
and have a menu option in their apps that can show you their privacy policy too.
• Turn on the Verify Apps feature on Android devices to prevent malicious or

questionable apps from being downloaded.
• Finally, update your device’s operating system when new versions are available.
This is the best way to stay ahead of potential exploits found in older versions.
14.2. Q and A
1. What is mobile device security?
a) Protecting only smartphones from physical damage
b) The full protection of data on portable devices and their connected
networks
c) Ensuring portable devices always stay connected to the internet
d) Only securing laptops from malware attacks
2. Why are smartphones considered a prime hacking target?
a) They are expensive devices.

b) They are often left unlocked.
c) They store a significant amount of personal and sensitive data.
d) They don’t have access to app stores.
3. What is a key suggestion for securing your mobile device?
a) Avoid using a PIN or password to save time.

b) Use longer numeric PINs, or enable face or fingerprint unlock options.
c) Disable device locking features to improve accessibility.
d) Only rely on default security settings provided by the manufacturer.
4. Which of the following is good practice for using Wi-Fi networks?
a) Automatically connect to any network named “Starbucks Wi-Fi.”

b) Avoid public Wi-Fi networks entirely.
c) Use a VPN when connecting to public Wi-Fi and verify the network before
connecting.
d) Only connect to networks that don’t require a password.
5. What is the most secure way to download apps for your mobile device?
a) Download apps from third-party websites for free.
b) Only use official app stores like Google Play and Apple iTunes.
c) Rely on recommendations from social media links.
d) Use apps that don’t require any permissions.
6. Why is it important to update your mobile device’s operating system?
a) To increase storage capacity.

b) To improve the device’s design.
c) To stay ahead of potential exploits found in older versions.
d) To remove all saved passwords from the device.
7. What is a password manager, and why is it recommended for mobile device

security?
a) A tool to store all passwords in one place, ensuring they are unique and
complex across devices.
b) An app to prevent devices from connecting to the internet.
c) A feature that disables the use of passwords on mobile devices.
d) A security measure that locks your phone permanently.
8. What is the Verify Apps feature on Android devices?
a) A tool to automatically download apps from any website.

b) A setting to prevent malicious or questionable apps from being installed.
c) A feature that disables app downloads entirely.
d) A tool for increasing device speed by deleting apps.
9. Which of these is NOT a recommended security app or feature?
a) Lookout, SkOUT, or Kaspersky for anti-malware protection

b) ProtonVPN or Cloudflare’s Warp for secure VPN use
c) Downloading apps from unknown sources for free tools
d) Cyber Security Solution bundles for comprehensive protection
10. What does "Ask to Join Networks" do, and why is it important?
a) Automatically connects you to any nearby network for convenience.

b) Alerts you before joining a network, helping to prevent unintentional
connections to unsafe Wi-Fi.
c) Blocks all Wi-Fi networks except those in your home.
d) Disables all wireless connections.
1.B, 2.C, 3.B, 4.C, 5.B, 6.C, 7.A, 8.B, 9.C,10. B

15. Securing E-mail Communication

Whether it’s a phishing
Based on the provided search results, here are some
scheme, fraud or malware,
tips to secure email communication:
most cyber-attacks start with an
• Use encryption: Consider using email email !
encryption services like SecureMyEmail, Brightsquid
Secure-Mail, or Citrix Secure Mail, which provide end-to-end encryption and protect your
emails from unauthorized access.
• Verify identities: Use digital certificates or authentication protocols like SPF
(Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-
based Message Authentication, Reporting, and Conformance) to verify the authenticity of
senders and prevent email spoofing.
• Use secure protocols: Ensure your email client or server uses secure protocols
like TLS (Transport Layer Security) or SSL (Secure Sockets Layer) to encrypt email
communications in transit.
• Limit access: Restrict access to your email account by enabling two-factor

authentication (2FA), using strong passwords, and limiting login attempts.
• Monitor and report: Regularly monitor your email account for suspicious activity
and report any security breaches to your email provider or authorities.
• Use secure email clients: Use email clients that support encryption and secure
protocols, such as ProtonMail, Tutanota, or Mailfence.
• Avoid attachments: Avoid sending sensitive information as attachments, and
instead, use secure file-sharing services or encrypted messaging apps.
• Use clear and concise language: Avoid using vague or ambiguous language in
your emails, which can increase the risk of misinterpretation and potential security
breaches.
• Proofread and edit: Carefully proofread and edit your emails before sending them
to ensure they are free of errors and typos, which can compromise security.
• Use email templates: Use email templates or boilerplates to ensure consistency
in your email communications and reduce the risk of errors or security breaches.
15.1. Suspicious behavior in emails
15.1.1. Unusual Sender Information
Example of a real phishing email.
Unknown Sender: You don’t recognize the email address, or it looks odd.
Misspelled Domains: For example, @amaz0n.com instead of @amazon.com.
Generic Email Accounts: Comes from free services like Gmail, Yahoo, or Hotmail
instead of an official organization email.
15.1.2. Urgent or Threatening Language

These scams are extra dangerous because even if the employee does suspect something
is wrong, they may be too scared to confront their boss, we agree it is quite an awkward
conversation to have, telling them you thought their email seemed like a scam
The email pressures you to act quickly:
• "Your account will be locked in 24 hours unless you verify now!"
• "Immediate action required—your payment failed!"
Threats or consequences for inaction, such as account suspension or legal action.
For this reason, hackers will create a sense of urgency in some of their phishing efforts,
such as mentioning payment deadlines, or the email saying the recipient will receive a
call in the next hour for example.
This technique is very effective in workplace scams. Scammers know that most
employees will drop everything if the big boss sends an important email that must be
actioned immediately!
Urgent or Threatening Language.
15.1.3. Suspicious Attachments or Links

Phishing emails come in many forms (some more creative than others!) but the one
thing they all have in common is that they contain a payload. A payload is basically the
thing the scammer wants you to click and/or download. Payloads are usually infected
attachments or links to fake websites, where sensitive information will be collected
disguised as a login page.
The attachments are especially nasty, as they are usually infected with malware. These
attachments can be very hard to spot, on many occasions hackers have been
successful by disguising infected PDFs as invoices and payment notifications.
Unexpected Attachments: Files like .exe, .zip, or .docm can contain malware.
Shortened or Misleading Links: Links like bit.ly/abc123 or ones that redirect to unfamiliar
websites.
Tip: Hover over links without clicking to preview where they lead.
Tip: Never download or open any attachment you are unsure of.
15.1.4. Poor Grammar, Spelling, or Formatting

Odd use of language, capitalization, or awkward phrasing. Examples of poor grammar,
spelling, or formatting that you wouldn’t expect from a professional company in email
examples include:
• Typos (e.g., “Definately” instead of “Definitely”)

• Grammatical errors (e.g., subject-verb agreement issues)
• Inconsistent formatting (e.g., irregular use of headings, bullet points, or font

styles)
• Overuse of abbreviations or slang
• Lack of proper punctuation (e.g., missing or excessive commas)
Top tip: Look for grammatical mistakes, not spelling mistakes!
When creating phishing emails, attackers will often use a spellchecker or translation
machine, which will give them all the right words but not necessarily in the right context.
15.1.5. Requests for Personal Information

Asking for sensitive data like:
Passwords
Credit card details
Social Security or identification numbers.
Legitimate organizations never request this information over email.
15.1.6. Unfamiliar or Fake Attachments

Files that you weren’t expecting. Avoid downloading:
• .exe (executables)
• .pdf with strange names
• Office files with macros (.docm or .xlsm)
15.1.7. Spoofed Branding or Visuals
The logo, colors, or branding look slightly “off” or pixelated.
Generic greetings like "Dear Customer" instead of using your name.

15.1.8. Unsolicited Offers or Rewards
Promises of unexpected prizes, rewards, or refunds:
"You’ve won a free iPhone!"
"Claim your $500 gift card now!"
15.1.9. Inconsistencies
The email claims to be from your bank but comes from a strange domain.
Links that don’t match the content or sender's purpose.

15.1.10. Embedded Pixel Tracking
Hidden tracking pixels can indicate phishing attempts to see if you’ve opened the email.
Be cautious of unknown senders.
15.2. Q and A
1. What is the best way to protect emails from unauthorized access?
A. Use colorful fonts in your emails.
B. Use email encryption services like TLS or end-to-end encryption tools.
C. Only send emails during working hours.

D. Avoid replying to emails altogether.
2. Which of the following can help verify the authenticity of an email sender?
A. SPF, DKIM, and DMARC protocols.
B. Using bright colors in the email body.
C. Checking if the sender is on your friend list.
D. Ignoring all emails with attachments.
3. What should you do if an email contains a suspicious link?
A. Click the link to see where it leads.
B. Hover over the link to preview its destination.
C. Forward the email to everyone in your company.
D. Ignore the email without reading it.
4. What is the purpose of two-factor authentication (2FA) in securing emails?
A. It makes your password longer.
B. It ensures only authorized users can access the email account.
C. It sends all emails to a backup server.
D. It automatically blocks spam emails.

5. How can you identify suspicious attachments in an email?
A. Look for files with extensions like .exe, .zip, or .docm.
B. Open all attachments to check their content.
C. Only open PDFs because they are always safe.
D. Download attachments from trusted friends only.
6. What is a common sign of phishing emails?

A. High-quality visuals and perfect grammar.
B. Urgent or threatening language asking you to act quickly.
C. The email coming from your regular contacts.
D. Emails containing personal greetings.
7. What should you do if an email asks for your password or credit card details?
A. Reply to confirm the request.
B. Report the email immediately.

C. Send your details to avoid problems.
D. Ignore it, as it’s probably safe.
8. How can poor grammar or spelling help you spot a phishing email?
A. It always means the sender is in a hurry.
B. Legitimate companies rarely send emails with grammar mistakes.
C. It’s normal, so ignore small errors.

D. Errors make emails easier to read.
9. Why is it risky to trust an email offering prizes like a free iPhone?
A. Most companies don’t send free gifts over email.
B. The prize may expire quickly.
C. It’s a special deal for employees only.

D. Emails with prizes often lead to malware or scams.
10. What is one way to recognize spoofed branding in phishing emails?
A. The logo or branding looks pixelated or “off.”
B. The email uses bright colors and emojis.
C. The sender’s email address has the company name spelled perfectly.
D. The email content is short and concise.
11. What should you do if you notice unusual activity in your email account?
A. Change your password and report the incident to your provider.
B. Ignore it and close your email for a while.
C. Reply to all recent emails to confirm your identity.
D. Share your password with IT colleagues.
12. Why should you avoid sending sensitive information as attachments?
A. Attachments are always encrypted automatically.

B. Attachments can be intercepted if not secured properly.
C. Sending files by email is not professional.
D. Email servers delete attachments after 24 hours.
1.B, 2.A, 3.B, 4.B, 5.A, 6.B, 7.B, 8.B, 9.D, 10.A, 11.A, 12.B
16. Recognizing Phishing Campaigns

You can typically identify phishing campaigns simply by Cyber-criminals often
analyzing the content of the email: fail to place them in the
right context, resulting
• Suspicious Attachments & Links in awkward phrasing,
• Poor Spelling and Grammar unusual grammar, or
• The Sent Address is from a Public Domain unnatural tone.
• Misspelled Domain Name
• A Sense of Urgency
16.1. How to Recognize and Avoid Phishing Emails

If an email came unprompted and is requesting sensitive data, it is likely a phishing scam.
A legitimate organization will never ask for any personal information, including passwords,
via email.
If an email is creating a sense of urgency or is trying to invoke fear for you to take action,
such as changing your password now, it is likely a phishing scam. Cyber-criminals know
people procrastinate. Even if we receive a high priority email most of us will decide to
deal with it later on. This works against the hacker, as the longer we know/think about
something, the more likely we are to notice if something doesn’t seem right.
Looking at the phishing email again later with a fresh set of eyes or asking a college to
take a quick look can be beneficial in spotting a scam email.
If an email contains hyperlinks that do not match the web addresses for the organization
that it came from, it is likely a phishing scam.
16.2. Always Review the Sender of an Email
You can be sure not to fall victim to a phishing campaign.
For example, a legitimate email might come from support@paypal.com, while a

suspicious one could be from support@paypa1.com or paypal-security@gmail.com.
Always hover your mouse cursor over hyperlinks in email messages prior to clicking them.
By hovering your mouse over a link, the real web address will be displayed which can be
used to confirm if the link is legitimate or not.
No legitimate business will ever contact you from a ‘@gmail.com’ address, or any other
public domain for that matter! (With the small exception of some sole traders)
Every organization will have its own email domain, for example legitimate emails from
Amazon will be sent from “@amazon.co.uk”
If the domain name is the same as the name of the apparent sender, the email is usually
legitimate.
The best way to check the email domain is legit, is to search for the company and check
the web domain from the search engine.
Prior to logging in on a website, confirm that the address in the address bar is correct,
and ensure that the connection is secure.
To confirm that your connection is secure, look for a green lock near the address bar,
and confirm that the website address begins with “https:// and not http:// “.
16.3. Reporting Phishing Attempts

If you suspect that an email you received is a phishing campaign, you may forward it to
your organization's designated IT or security team for analysis and advice for any further
action on your part. To ensure that the Information Security department receives the full
details from the email message, please forward the email as an attachment by using the
following procedures:
16.3.1. For Windows Users (Outlook)

• Select the phishing email in your Outlook inbox.
• On your keyboard, press CTRL + ALT + F. This will automatically create a new
email message with the phishing email attached.
• Add any relevant details (such as when you received the email or any suspicious
behavior) to the body of the new email.
• Send this email to your organization's designated IT or security team. If unsure,
forward it to your IT department's helpdesk (e.g., security@yourcompany.com
or it-support@yourcompany.com).
16.3.2. For Macintosh Users (Outlook)

• Right-click the phishing email in Outlook.
• Navigate to “Forward Special” and select “As Attachment.”
• Add any relevant details (such as when you received the email or what
appeared suspicious) to the body of the new email.
• Send this email to your organization's designated IT or security team. If unsure,
forward it to your IT department's helpdesk (e.g., security@yourcompany.com
or it-support@yourcompany.com).
16.4. Best Behavior for Suspicious (Phishing) Email
• Looking at the phishing email again later with a fresh set of eyes or asking a
college to take a quick look can be beneficial in spotting a scam email.
• Do not click links or open attachments.
• Verify the sender by contacting the organization directly through official
channels.
• Mark the email as spam or phishing.
• Delete the email immediately.
• Report the email to your IT team or email provider.
16.5.Q and A
1. What is a common sign that an email is a phishing attempt?
A. It comes from a trusted organization.
B. It contains a request for sensitive data like passwords.
C. It uses emojis to sound friendly.

D. It asks for sensitive data urgently.
2. How can you check if an email sender is legitimate?
A. Open the email to see its contents.
B. Look for a domain that matches the organization (e.g., @amazon.com).
C. Verify the sender's domain by searching for the company online.
D. Trust any email with a well-designed logo.
3. What should you do if an email creates a sense of urgency, like “Change your
password now!”?
A. Immediately follow the instructions.
B. Verify the sender through official channels before acting.
C. Ignore it and report it later.
D. Take a moment to carefully review the email.
4. Why should you hover over links in suspicious emails?
A. To highlight the link in the email.

B. To preview the real web address before clicking.
C. To open the link faster.
D. To see if the link is written in bold text.
5. Which of the following is a red flag in a phishing email?
A. The email greets you with your full name.
B. A link that redirects to an unknown website.
C. Correct grammar and professional tone.

D. The email contains a company survey.
6. How can you confirm a website is secure before logging in?
A. Ensure the website loads quickly.
B. Look for “http://” in the address bar.
C. Look for “https://” and a lock icon near the address bar.
D. Check if the website uses bright animations.
7. What is the correct way for Windows users to report a phishing email in Outlook?
A. Press CTRL + ALT + F to forward the email as an attachment.
B. Press SHIFT + DELETE to delete it permanently.
C. Save the email on your desktop for future reference.
D. Move the email to a junk folder.
8. What should Macintosh users do to report a phishing email in Outlook?
A. Forward the email as-is to a colleague.
B. Delete the email immediately.

C. Right-click the email, select “Forward Special,” and choose “As
Attachment.”
D. Print the email for later analysis.
9. Which of the following is NOT recommended if you receive a suspicious email?
A. Clicking on any links to “check them.”
B. Verifying the sender through official channels.
C. Reporting the email to your IT team.
D. Hovering over the links without clicking.

10. What should you do if you’re unsure whether an email is legitimate?
A. Delete it immediately to stay safe.
B. Ask a colleague to review the email.
C. Reply to the sender requesting more information.
D. Ignore it and leave it unread.
11. Why do cybercriminals use poor spelling and grammar in phishing emails?
A. They test if the reader is paying attention.
B. They rely on spellcheckers, which get words wrong in context.
C. They want the email to look more urgent.
D. It helps filter out more attentive recipients.
12. Why is it important to mark phishing emails as spam or phishing?
A. It deletes the email permanently.
B. It forwards the email to the police automatically.

C. It helps your email provider block similar future attempts.
D. It archives the email for safekeeping.
1.D,2. C,3. D, 4.B, 5.B, 6.C,7. A, 8.C,9. A, 10.B, 11.B, 12.C

However, even though spotting threats might seem

simple, cybercriminals have many other tricks to outsmart
your defenses.
You’ll gain the knowledge and tools to recognize and

defend against these tricks with confidence.
With the right mindset and skills, you can stay one
step ahead and keep your digital life secure.
ADDITIONS
1. The top 10 most misspelled words in the English language, according to the Oxford
Dictionary
10. Accomodate?
This is one that often shows up in business communications, so you want to make sure
you get it right. It actually takes two c's and two m's.
Correct spelling: accommodate
9. Wich?
It seems hard to believe that you could put down "wich" when you really meant "which" -
- but this one has more than two million mentions in the Oxford Dictionary's corpus, more
mentions than any other word on this list.
Correct spelling: which
8. Recieve?
Despite the fact that this is drilled in elementary school and beyond, it's apparently still
challenging to remember that the rule is ... (all together now) "i before e, except after c."
This is one of the c's in question.
Correct spelling: receive
7. Untill?
This was originally the correct spelling of the word ... in the Middle Ages. We've (arguably)
advanced since that period of human history, and the word only has one "l" these days.
You can also get away with the abbreviation 'til, if you're feeling bold (it's still grammatically
correct).
Correct spelling: until
6. Occured
Similar to accommodate, you've got double consonants in this one. It might also occur to
you that there's only one r in the word when it's in present tense, which makes it extra
confusing. Welcome to English.
Correct spelling: occurred
5. Seperate
Again, you want to get this right in business settings, such as when telling your team to
"send separate emails" to different clients.
Correct spelling: separate

4. Goverment?
You've got to govern in order to have a government. Don't forget about that n in there.
Correct spelling: government
3. Definately?
This is definitely one you want to get right. If you just remember, "I want to get it right,"
then you can remember that there's an i in the middle there, not an a.
Correct spelling: definitely
2. Pharoah
Probably not one that'll come up a lot at work (unless you've got quite the totalitarian C-
suite), but still good to know. Also an idea for a Halloween costume.
Correct spelling: pharaoh
1. Publically
Whether you use it privately or publicly, this is one you want to make sure is correct.
Correct spelling: publicly

2. Received Phishing Emails
From: Unknown .edu Email Account (Redacted)

Sent: Monday, August 24, 2015 4:17 AM
To: Name Redacted
Subject: Alert
There has been an automatic security update on your email. Click Here to complete update
Please note that you have within 24 hours to complete this update because you might lose
access to your Email Box.
Thanks
IT Helpdesk
From: ADP Address (Spoofed)

Sent: Friday, October 16, 2015 9:57 AM
To: 13 UNG Accounts (Redacted)
Subject: ADP Invoice
Attached: Infected PDF File
Your most recent ADP invoice is attached for your review.
If you have any questions regarding this invoice, please contact your ADP service team at
the number provided on the invoice for assistance.
Please note that your bank account will be debited within one banking business day for the
amount(s) shown on the invoice.
Thank you for choosing ADP for your business solutions.
Important: Please do not respond to this message. It comes from an unattended mailbox.
From: Help Desk (Spoofed)

Sent: Tuesday, October 6, 2015 6:31 AM
To: Name Redacted
Subject: Last Warning!!!Upgrade To Secure Your Account
Your mailbox is almost full and out dated.
Used: 1.93GB
Available: 2.01GB
This is to inform you that our webmail Admin Server is currently congested, and your
Mailbox is out of date. We are currently deleting all inactive accounts so please confirm that
your e-mail account is still active by updating your current and correct details by CLICKING
HERE
Regards,
Thanks,
Admin Department
©2014-2015 Help Desk, All rights reserved.
From: System Admin (Spoofed)

Sent: Monday, October 26, 2015 10:50 AM
To: Name Redacted
Subject: 5 new Message
You have 5 new Message pending due to mailbox space
Click here to read
Sincerely
System Admin
From: Unknown .edu Email Account (Redacted)

Sent: Thursday, June 23, 2016 7:34 PM
To: Name Redacted
Subject: IT DESk
Access to your mailbox account is about to expire, we recommend that you upgrade to
avoid account suspension.
Please CLICK HERE for quick upgrade.

From: IT Service Desk (Spoofed)

Sent: Thursday, August 3, 2017 10:24 AM
To: UNG Employee (Redacted)
Subject: !!! TREAT VERY URGENT !!!
Dear Email Account User,
Your e-mail account was LOGIN today by Unknown IP address, click on the Administrator
link below to validate your e-mail account or your account will be temporary block for
sending more messages
CLICK HERE
You may find this message in your Junk folder due to the unusual activities, kindly move to
your inbox and click on the above link.
Privacy Policy | ©2017 Office of Information Technology. All rights reserved Management
Team
From: ADP Payroll Team (Spoofed)

Sent: Saturday, June 3, 2017 10:16 AM
To: 200+ UNG Accounts (Redacted)
Subject: Important Notice for ADP Users
Dear Member,
You have one unread message.
1 Unread Message
Thank You,
ADP Payroll Team

From: Redacted
Sent: Monday, May 8, 2017 4:55 AM
To: UNG Employee (Redacted)
Subject: General Notice,
General Notice,
This is to inform you that there is a change and update in our mail server; all User are
required to update their information to avoid termination or suspension of account.
To update you information CLICK HERE. OR copy this link pest it on your browser bar
<URL REDACTED>
Kindly click above instruction to update your information, we will process your request
once we receive your information.
Thanks
Admin.
Legal Disclaimer
From: ADP Portal (Spoofed)

Date: Wednesday, February 8, 2017 1:05 PM
To: 11 UNG Accounts (Redacted)
Subject: Important Changes To Your Pay Stub.
Attention!
Important changes have been made to the "Pay" section of your account.
To view these changes, login with your "user@domain" User ID and Password at: My ADP
Portal
Need help or have questions about your account? Contact the HR/Payroll Department for
assistance.
This email has been sent from an automated system. DO NOT REPLY TO THIS EMAIL.
References
1. Books
• Web Application Security: A Beginner's Guide by Bryan Sullivan and Vincent
Liu
• The Tangled Web: A Guide to Securing Modern Web Applications by Michal
Zalewski
2. Web Resources
• University of North Georgia
Phishing Awareness
• OWASP (Open Web Application Security Project)
Guidelines for identifying, mitigating, and preventing common web application

vulnerabilities, including the OWASP Top 10.
OWASP Website
• NIST Cybersecurity Framework (CSF)
Outlines security controls such as secure development, encryption, and

access control mechanisms.
NIST Framework
• SANS Institute Security Resources

Offers best practices for secure coding, testing, and configuration
management.
SANS Website
• CIS Controls (Center for Internet Security)
Provides actionable steps for securing systems, applications, and networks.
CIS Controls
3. Industry White Papers and Articles
Security practices for APIs, patch management, and secure SDLC derived
from major tech companies such as Google, Microsoft, and Cisco.
AWS Documentation

Cybersecurity For Beginners

Uploaded by

Copyright:

Available Formats

Cybersecurity For Beginners

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Cybersecurity For Beginners

Uploaded by

Copyright:

Available Formats

CYBER

The good news?

Cyber Security Hygiene

• Clicking on a suspicious link can expose your passwords.

How is This Book Structured?

This guide is designed to make cybersecurity concepts approachable and actionable:

• Comprehensive Coverage: Key topics such as network security, data security,

Whether you’re looking to protect your personal data or develop a foundational

2.6. Social Engineering .............................................................................................. 23

5.1.7. Summary of IAM ............................................................................................ 33

10.9. No Contact Information...................................................................................... 48

15.1.7. Spoofed Branding or Visuals ....................................................................... 69

All company examples are for educational purposes only.

1.1. Why is Cybersecurity Hygiene Important?

Cybersecurity hygiene helps protect against various threats, including ransomware,

1.2. Best Practices for Cybersecurity Hygiene

• Implement access controls: Implement access controls, such as multi-factor

• Provide cybersecurity training: Provide regular cybersecurity training to

A. To save storage space.

B. To prevent data loss during a security breach.

C. To share data more easily.

A. To add new features.

B. To enhance the user interface.

C. To fix security vulnerabilities.

D. To improve system performance.

3. Which of the following is a key feature of a strong password?

A. It's easy to remember, like "12345."

B. It's short and includes only letters.

D. It’s the same across all accounts for convenience.

4. What is encryption, and why is it used in cybersecurity?

A. Encrypting data makes it invisible to everyone.

B. Encryption converts data into a code to protect it from unauthorized access.

C. Encryption speeds up internet connectivity.

D. Encryption is a method to store passwords securely.

A. Sharing passwords with team members

B. Using multi-factor authentication and access controls.

C. Turning off firewalls to speed up connections.

D. Disabling automatic updates.

1.B, 2.C, 3.C, 4.B, 5.B

1.3. Benefits of Cybersecurity Hygiene

• Improved security posture: Cybersecurity hygiene practices help organizations

• Reduced risk of data breaches: Regularly updating software, patching

• Compliance with regulations: Many regulations, such as GDPR, HIPAA, and

(GDPR (General Data Protection Regulation) is an EU data privacy law

• Cost savings: Cybersecurity hygiene can help organizations save costs

A. Enhanced physical safety of employees.

B. Better protection against various cyber threats

C. Increased speed of internet connections

D. Improved website performance

A. By making systems inaccessible to users.

B. Through regular backups, encryption, and access controls

C. By disabling antivirus programs.

D. Through regular updates to social media policies

3. Why is compliance with regulations a benefit of cybersecurity hygiene?

A. It improves customer satisfaction.

B. It helps organizations meet legal requirements and avoid fines.

D. It simplifies employee training.

4. How does practicing good cybersecurity hygiene lead to cost savings?

A. By reducing the need for technical support staff.

B. By reducing the need for new hardware.