Cyber security information notes for students, Lecture notes of Computer Science

It consists of all concepts and knowledge related to cyber security information which can help you and you can achieve your knowledge from this notes

Typology: Lecture notes

2025/2026

Available from 07/01/2026

akhoonzada-kaleem-ullah-jan
akhoonzada-kaleem-ullah-jan 🇵🇰

40 documents

1 / 3

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
**cybersecurity** is the practice of protecting systems, networks, programs,
devices, and data from digital attacks. As our world has become fundamentally
integrated with digital infrastructure, cybersecurity has evolved from a niche IT
concern into a critical pillar of global economics, national security, and daily
human life.
To truly understand cybersecurity, it helps to look at it through its foundational
principles, the threats it fights, and the strategies used to defend the digital
frontier.
## 1. The Core Philosophy: The CIA Triad
Every firewall rule, password policy, and encryption algorithm ever created is
designed to support one or more legs of a foundational framework known as
the **CIA Triad**.
* **Confidentiality:** Ensuring that sensitive information is accessible only to
those authorized to see it. It is the digital equivalent of a sealed envelope.
* *Controls:* Data encryption, Multi-Factor Authentication (MFA), and strict
access permissions.
* **Integrity:** Guaranteeing that data is trustworthy, accurate, and has not
been altered or tampered with by an unauthorized party.
* *Controls:* Cryptographic hashing (generating a unique digital "fingerprint"
for a file) and digital signatures.
* **Availability:** Making sure that systems, networks, and data are reliably
accessible to authorized users when needed.
* *Controls:* Redundant hardware, regular data backups, and Distributed
Denial of Service (DDoS) mitigation tools.
## 2. Anatomy of Modern Cyber Threats
Cyber threats are no longer just the work of solitary hackers in basements.
Today, the threat landscape is highly commercialized and deeply sophisticated,
driven by three primary categories of adversaries: **cybercriminals** (motivated
by money), **nation-state actors** (motivated by espionage and geopolitical
leverage), and **hacktivists** (motivated by political or social causes).
The most common weapons in their arsenals include:
### Social Engineering & Phishing
Instead of hacking a system, attackers frequently find it easier to "hack" the
human using the system. **Phishing** involves deceptive emails, messages, or
calls designed to trick individuals into handing over passwords, clicking
malicious links, or transferring funds.
### Malware (Malicious Software)
This is an umbrella term for any software intentionally designed to cause
damage, steal data, or compromise a device.
* **Ransomware:** The most financially devastating type of malware today. It
encrypts a victim’s data, rendering it completely useless, and demands a ransom
payment (usually in cryptocurrency) to unlock it.
* **Spyware & Trojans:** Programs that disguise themselves as legitimate
software but secretly spy on user activity, log keystrokes, or exfiltrate sensitive
data.
pf3

Partial preview of the text

Download Cyber security information notes for students and more Lecture notes Computer Science in PDF only on Docsity!

cybersecurity is the practice of protecting systems, networks, programs, devices, and data from digital attacks. As our world has become fundamentally integrated with digital infrastructure, cybersecurity has evolved from a niche IT concern into a critical pillar of global economics, national security, and daily human life. To truly understand cybersecurity, it helps to look at it through its foundational principles, the threats it fights, and the strategies used to defend the digital frontier.

1. The Core Philosophy: The CIA Triad

Every firewall rule, password policy, and encryption algorithm ever created is designed to support one or more legs of a foundational framework known as the CIA Triad.

  • Confidentiality: Ensuring that sensitive information is accessible only to those authorized to see it. It is the digital equivalent of a sealed envelope.
  • Controls: Data encryption, Multi-Factor Authentication (MFA), and strict access permissions.
  • Integrity: Guaranteeing that data is trustworthy, accurate, and has not been altered or tampered with by an unauthorized party.
  • Controls: Cryptographic hashing (generating a unique digital "fingerprint" for a file) and digital signatures.
  • Availability: Making sure that systems, networks, and data are reliably accessible to authorized users when needed.
  • Controls: Redundant hardware, regular data backups, and Distributed Denial of Service (DDoS) mitigation tools.

2. Anatomy of Modern Cyber Threats

Cyber threats are no longer just the work of solitary hackers in basements. Today, the threat landscape is highly commercialized and deeply sophisticated, driven by three primary categories of adversaries: cybercriminals (motivated by money), nation-state actors (motivated by espionage and geopolitical leverage), and hacktivists (motivated by political or social causes). The most common weapons in their arsenals include:

Social Engineering & Phishing

Instead of hacking a system, attackers frequently find it easier to "hack" the human using the system. Phishing involves deceptive emails, messages, or calls designed to trick individuals into handing over passwords, clicking malicious links, or transferring funds.

Malware (Malicious Software)

This is an umbrella term for any software intentionally designed to cause damage, steal data, or compromise a device.

  • Ransomware: The most financially devastating type of malware today. It encrypts a victim’s data, rendering it completely useless, and demands a ransom payment (usually in cryptocurrency) to unlock it.
  • Spyware & Trojans: Programs that disguise themselves as legitimate software but secretly spy on user activity, log keystrokes, or exfiltrate sensitive data.

Network and Exploitation Attacks

  • Zero-Day Exploits: Attacks that target software vulnerabilities that are completely unknown to the software developer. Because there is "zero days" of warning, no patch exists yet to fix it.
  • DDoS (Distributed Denial of Service): An attack that floods a targeted server or network with an overwhelming volume of fake internet traffic, causing it to crash or become unavailable to legitimate users.

3. The Defense Architecture: How Systems are Protected

Securing a modern digital environment requires a Defense-in-Depth strategy. This means layering multiple independent security controls so that if one layer fails, another stops the attacker.

[ User Awareness / Training ] [ Endpoint Security (Antivirus/EDR) ] [ Network Security (Firewalls, Identity) ] [ Data Security (Encryption, Access Control) ] [ CRITICAL DATA ] ## ``` ### Identity and Access Management (IAM) Identity is the new perimeter. Cybersecurity relies heavily on proving who you are before letting you in. This involves: 1. **Identification:** Claiming an identity (e.g., entering a username). 2. **Authentication:** Proving that identity. Security standardly relies on three factors: *something you know* (a password), *something you have* (a smartphone or security token), and *something you are* (biometrics like a fingerprint or facial scan). 3. **Authorization:** Determining exactly what data and systems that authenticated user is allowed to touch based on the **Principle of Least Privilege** (giving users only the absolute minimum access required to do their job). ### Network & Endpoint Protection * **Firewalls:** Gatekeepers that monitor incoming and outgoing network traffic based on an organization’s internal security rules. * **EDR (Endpoint Detection and Response):** Modern, AI-driven antivirus systems installed on devices (laptops, servers, phones) that constantly monitor behavior to spot and isolate abnormal activity in real time. ### The Shift to "Zero Trust" Historically, security relied on a "castle-and-moat" strategy: protect the outside network, and trust everything inside the perimeter. Modern cybersecurity has discarded this model in favor of **Zero Trust Architecture**. The core operating rule of Zero Trust is simple: *Never trust, always verify.* Every single request for data access must be authenticated and authorized, even if it originates from an internal employee sitting inside the company office. ## 4. The Human Element