Foundations of Cybersecurity and Ethical Hacking

1.1 Overview of Cybersecurity

Cybersecurity refers to the practice of protecting computer systems, networks, applications, and data from digital attacks, unauthorised access, damage, or disruption. As modern organisations increasingly rely on digital infrastructure, protecting information systems has become essential. Cybersecurity aims to ensure three core principles commonly known as the CIA Triad:

• i. Confidentiality: Ensuring that sensitive information is accessible only to authorised users.
• ii. Integrity: Maintaining the accuracy and consistency of data.
• iii. Availability: Ensuring that systems and information are accessible when needed.

Cybersecurity involves multiple disciplines such as network security, application security, information security, cloud security, and incident response.

1.2 What is Ethical Hacking?

Ethical hacking is the authorised process of identifying vulnerabilities in computer systems, networks, or applications in order to improve their security. Ethical hackers use the same techniques and tools as malicious attackers but do so legally and with permission to help organisations discover and fix security weaknesses before criminals exploit them.

Ethical hacking is often performed through penetration testing, which simulates real cyber-attacks to evaluate the security of systems.

1.3 Types of Hackers

Hackers are often classified into different categories based on their intentions:

• i. White Hat Hackers: Ethical hackers who test systems to improve security.
• ii. Black Hat Hackers: Malicious hackers who exploit systems for personal gain or to cause damage.
• iii. Grey Hat Hackers: Individuals who may discover vulnerabilities without permission but do not necessarily exploit them maliciously.

Understanding these categories helps organisations differentiate between legitimate security testing and cybercrime.

1.4 Common Types of Cyber Threats

Cyber threats are various methods used by attackers to compromise computer systems. Some common examples include:

• i. Malware: Malicious software designed to damage or disrupt systems.
• ii. Phishing: Fraudulent attempts to obtain sensitive information through deceptive messages.
• iii. Denial-of-Service (DoS) Attacks: Attacks that overload systems to make them unavailable to users.
• iv. Password Attacks: Attempts to gain access by guessing or cracking passwords.
• v. Man-in-the-Middle Attacks: Intercepting communication between two parties.

1.5 Why Cybersecurity is Important

Cybersecurity is essential because digital systems store critical information such as financial records, personal data, and organisational assets. Weak security can lead to:

• i. Financial losses
• ii. Data breaches
• iii. Damage to organisational reputation
• iv. Disruption of critical services

Governments and organisations therefore invest heavily in cybersecurity to protect national infrastructure and digital services.

1.6 Careers in Cybersecurity

Cybersecurity offers many career opportunities due to the growing demand for security professionals. Some common roles include:

• i. Cybersecurity Analyst
• ii. Penetration Tester (Ethical Hacker)
• iii. Security Engineer
• iv. Incident Response Specialist
• v. Security Consultant

These roles involve protecting systems, analysing threats, and responding to cyber incidents.

1.7 Module Summary

In this module, learners were introduced to the basic concepts of cybersecurity and ethical hacking. The module explained the importance of protecting digital systems, the ethical role of penetration testers, common cyber threats, and potential career paths in cybersecurity. Understanding these foundational concepts prepares learners for more advanced topics such as network security, vulnerability assessment, and penetration testing techniques.