← Back to Module

Cyber Security Fundamentals & Lab Setup

Introduction to Security Concepts, CIA Triad, and OS³ Newman Cyber Security Lab

CMU540: Cyber Security - Session 1

Birmingham Newman University

Lecturer: James Williams

Understanding fundamental security concepts and setting up the OS³ Studio lab environment

3-hour session • 30 slides • 2 interactive tasks

Session Timeline:

  • 10 min: Registration & waiting
  • 20 min: Opening slides
  • 45 min: Task 1
  • 15 min: Break/Catch up
  • 20 min: Secondary slides
  • 45 min: Task 2
  • Remaining: Self-study

Learning Objectives

  • Understand fundamental cybersecurity concepts
  • Learn the CIA Triad (Confidentiality, Integrity, Availability)
  • Explore common security threats and vulnerabilities
  • Set up the OS³ Newman Cyber Security Lab environment
  • Understand the course structure and expectations
  • Explore career opportunities in cybersecurity

What is Cybersecurity?

Cybersecurity is the practice of protecting systems, networks, and programs from digital attacks.

Key Areas:

  • Information Security: Protecting data and information
  • Network Security: Securing network infrastructure
  • Application Security: Securing software applications
  • Operational Security: Protecting business operations
  • Disaster Recovery: Planning for security incidents

The CIA Triad

Confidentiality

Ensuring that information is accessible only to those authorized to have access.

  • Data encryption
  • Access controls
  • Authentication
  • Privacy protection

Integrity

Maintaining the accuracy and completeness of information.

  • Data validation
  • Checksums and hashes
  • Digital signatures
  • Audit trails

Availability

Ensuring that information and resources are available when needed.

  • Redundancy
  • Backup systems
  • Disaster recovery
  • DDoS protection

Common Security Threats

1. Malware

<!-- Types of Malware -->
- Viruses: Self-replicating malicious code
- Worms: Self-propagating malware
- Trojans: Disguised malicious software
- Ransomware: Encrypts data for ransom
- Spyware: Monitors user activity
- Adware: Displays unwanted advertisements

2. Social Engineering

<!-- Social Engineering Techniques -->
- Phishing: Fraudulent emails
- Spear Phishing: Targeted attacks
- Vishing: Voice-based attacks
- Smishing: SMS-based attacks
- Pretexting: False identity attacks
- Baiting: Tempting offers

Common Attack Vectors

1. Network Attacks

<!-- Network Attack Types -->
- DDoS: Distributed Denial of Service
- Man-in-the-Middle: Intercepting communications
- Packet Sniffing: Capturing network traffic
- Port Scanning: Discovering open ports
- ARP Spoofing: Redirecting network traffic
- DNS Spoofing: Redirecting domain requests

2. Application Attacks

<!-- Application Attack Types -->
- SQL Injection: Database manipulation
- Cross-Site Scripting (XSS): Client-side attacks
- Cross-Site Request Forgery (CSRF): Unauthorized actions
- Buffer Overflow: Memory exploitation
- Directory Traversal: File system access
- Session Hijacking: Stealing user sessions

Security Controls

1. Administrative Controls

<!-- Administrative Controls -->
- Security policies and procedures
- Employee training and awareness
- Background checks
- Security audits and assessments
- Incident response plans
- Business continuity planning

2. Technical Controls

<!-- Technical Controls -->
- Firewalls and intrusion detection
- Antivirus and antimalware
- Encryption and access controls
- Network segmentation
- Vulnerability scanning
- Security monitoring and logging

Physical Security

1. Physical Access Controls

<!-- Physical Security Measures -->
- Access control systems
- Security cameras and monitoring
- Biometric authentication
- Security guards and patrols
- Environmental controls
- Equipment protection

2. Environmental Controls

<!-- Environmental Security -->
- Temperature and humidity control
- Fire suppression systems
- Power backup and UPS
- Flood protection
- Earthquake protection
- Electromagnetic shielding

Risk Management

1. Risk Assessment Process

<!-- Risk Assessment Steps -->
1. Asset Identification
  - Hardware and software assets
  - Data and information assets
  - Human resources
  - Physical facilities

2. Threat Analysis
  - External threats
  - Internal threats
  - Natural disasters
  - Human error

2. Risk Treatment Options

<!-- Risk Treatment Strategies -->
- Accept: Acknowledge and monitor risk
- Avoid: Eliminate the risk source
- Mitigate: Reduce risk likelihood/impact
- Transfer: Share risk with third party

Risk = Threat × Vulnerability × Impact

Career Opportunities in Cybersecurity

Entry-Level Roles:

  • Security Analyst: £25,000 - £45,000
  • IT Security Specialist: £30,000 - £50,000
  • Network Security Administrator: £28,000 - £48,000
  • Security Operations Center (SOC) Analyst: £26,000 - £46,000

Skills Needed: Basic security concepts, Network fundamentals, Problem-solving, Communication

OS³ Newman Cyber Security Lab

What is OS³ Studio?

OS³ Studio is our comprehensive cybersecurity lab environment that provides:

  • Hands-on vulnerability testing
  • Secure implementation challenges
  • Real-world attack scenarios
  • Industry-standard security tools
  • Guided learning experiences

Access: Available through university portal

Course Structure Overview

CMU540: Cyber Security Course Modules:

  • Sessions 1-3: Fundamentals & OWASP Top 10 (A01-A03)
  • Sessions 4-6: Web Security (SQL, XSS, CSRF, Config)
  • Sessions 7-9: Advanced Security (Components, Auth, Data, Logging, SSRF, Upload)
  • Sessions 10-12: Network Security (Protocols, Scanning, DNS, Traffic, Firewall)

Total: 12 sessions, 36 hours, comprehensive cybersecurity education

Web Demos and Resources

Learning Resources:

  • OWASP - Open Web Application Security Project
  • NIST - National Institute of Standards and Technology
  • SANS - SANS Institute
  • CIS - Center for Internet Security
  • ACSC - Australian Cyber Security Centre

Security Awareness

Key Security Principles:

  • Defense in Depth: Multiple layers of security
  • Least Privilege: Minimum necessary access
  • Fail Secure: System fails to secure state
  • Separation of Duties: No single person controls everything
  • Regular Updates: Keep systems and software current

Summary: Cybersecurity Fundamentals

Key Concepts Covered:

  1. CIA Triad: Confidentiality, Integrity, Availability
  2. Common threats: Malware, Social Engineering
  3. Attack vectors: Network and Application attacks
  4. Security controls: Administrative and Technical
  5. Physical security and environmental controls
  6. Risk management and assessment
  7. Career opportunities in cybersecurity

Task 1: OS³ Studio Setup and Configuration

Objective:

Follow the OS³ Studio setup guide to configure your lab environment.

Instructions:

  1. Access the OS³ Studio portal through the university website
  2. Create your student account and log in
  3. Follow the step-by-step setup guide
  4. Configure your lab environment
  5. Test basic connectivity and access
  6. Explore the lab interface and tools
  7. Complete the setup verification checklist
  8. Document any issues or questions

Time: 45 minutes

Focus on following the setup guide carefully and ensuring everything works correctly

Break Time

15 Minutes

Take a break, ask questions, or catch up on the OS³ Studio setup.

Next: Live demo and Task 2

Live Demo: OS³ Studio Overview

Live Demonstration

This section will be covered in a live demonstration by the lecturer.

  • OS³ Studio interface overview
  • Basic navigation and features
  • Available lab environments
  • Security tools and capabilities
  • Hands-on examples

Please pay attention to the live demo and ask questions as needed.

OS³ Studio Features

1. Lab Environments

<!-- Available Lab Environments -->
- Web Application Security Labs
- Network Security Testing
- Vulnerability Assessment
- Penetration Testing Scenarios
- Secure Coding Challenges
- Incident Response Simulations

2. Security Tools

<!-- Integrated Security Tools -->
- Nmap: Network scanning
- Wireshark: Traffic analysis
- Burp Suite: Web application testing
- Metasploit: Exploitation framework
- OWASP ZAP: Web app scanner
- Custom vulnerability scanners

Learning Path in OS³ Studio

1. Beginner Level

<!-- Beginner Labs -->
- Basic vulnerability scanning
- Simple web application testing
- Network reconnaissance
- Basic exploit techniques
- Security tool introduction
- Guided tutorials

2. Intermediate Level

<!-- Intermediate Labs -->
- Advanced web application attacks
- Network penetration testing
- Social engineering simulations
- Incident response scenarios
- Secure implementation challenges
- Real-world case studies

OS³ Studio Best Practices

1. Lab Safety

<!-- Lab Safety Guidelines -->
- Only test in designated lab environments
- Never attempt attacks on real systems
- Follow ethical guidelines
- Report any lab issues immediately
- Respect other students' work
- Keep lab environments clean

2. Learning Approach

<!-- Effective Learning Strategies -->
- Start with guided tutorials
- Practice regularly
- Take notes and document findings
- Ask questions when stuck
- Collaborate with classmates
- Challenge yourself with advanced labs

Career Development in Cybersecurity

Next Steps:

  • Foundation Certifications: CompTIA Security+, Network+
  • Specialized Training: Ethical hacking, Incident response
  • Hands-on Practice: OS³ Studio labs, CTF competitions
  • Industry Networking: Security conferences, meetups
  • Continuous Learning: Stay updated with latest threats

Resources: CompTIA | SANS | OWASP

Task 2: OS³ Studio Exploration

Objective:

Explore the OS³ Studio environment and familiarize yourself with the available tools and labs.

Instructions:

  1. Access your configured OS³ Studio environment
  2. Navigate through the different lab categories
  3. Try out basic security tools and features
  4. Complete a simple vulnerability scanning exercise
  5. Explore the web application security labs
  6. Test basic network reconnaissance tools
  7. Familiarize yourself with the interface
  8. Document your exploration and any questions

Time: 45 minutes

Focus on exploring and getting comfortable with the OS³ Studio environment

Further Activity: Advanced Exploration

Advanced Students - Additional Exploration:

For students with additional time, explore advanced features:

  • Advanced vulnerability scanning techniques
  • Complex web application testing scenarios
  • Network penetration testing labs
  • Social engineering simulation exercises
  • Incident response and forensics labs

Deliverable: Exploration report with findings and questions

Session Summary

Key Takeaways:

  • Cybersecurity fundamentals are essential for all IT professionals
  • The CIA Triad forms the foundation of security
  • Understanding threats and vulnerabilities is crucial
  • OS³ Studio provides hands-on learning experience
  • Career opportunities in cybersecurity are growing
  • Continuous learning is essential in this field

Next Steps

Continue Learning:

  • Complete the OS³ Studio setup and exploration
  • Review cybersecurity fundamentals
  • Practice with basic security tools
  • Read about OWASP Top 10 vulnerabilities
  • Join cybersecurity communities

Next Session: WEB-ACCESS-01: Broken Access Control (OWASP A01)