This course is designed to equip participants with the foundational knowledge necessary to understand, discuss, and implement basic cybersecurity concepts, controls, and their business implications:

• IT Professionals seeking a career change into cybersecurity.
• Non-security IT staff (e.g., developers, network admins) needing security awareness.
• Business managers who oversee technology departments.
• Compliance, Audit, and Risk personnel.
• New hires in Security Operations Centers (SOCs).
• Anyone preparing for a foundational cybersecurity certification.

• Interactive lectures and Q&A sessions.
• Basic scenarios applying the CIA Triad to business problems.
• Small group discussions on real-world breaches.
• Individual exercises on classifying data and control types.
• Review of security policy templates.

Unit 1: The Cybersecurity Landscape and Risk Fundamentals

• Defining Confidentiality, Integrity, and Availability (The CIA Triad).
• Differentiating between Threats, Vulnerabilities, and Risks.
• Overview of common attack types (e.g., malware, phishing, DoS).
• Understanding the Cyber Kill Chain and MITRE ATT&CK Framework.

• Categorizing controls: Technical, Administrative, and Physical.
• Identifying preventative, detective, and corrective controls.
• The concept of Defence-in-Depth and control layering.
• Mapping controls to risks and business objectives.

Unit 2: Network and System Security Basics

• Fundamentals of firewalls, proxies, and intrusion detection systems (IDS).
• Understanding segmentation and virtual private networks (VPNs).
• Basic principles of securing Wi-Fi and wireless networks.
• Introduction to the OSI model and security at each layer.

• Antivirus/Anti-malware and Endpoint Detection and Response (EDR).
• Patch management and vulnerability assessment fundamentals.
• Secure configuration baselines and hardening operating systems.
• Basics of physical security for data centers and server rooms.

Unit 3: Identity, Access, and Data Protection

• Authentication methods: passwords, tokens, and multi-factor authentication (MFA).
• Authorization models: RBAC, ABAC, and least privilege principle.
• Lifecycle of user accounts: provisioning, review, and de-provisioning.
• Single Sign-On (SSO) and federation concepts.

• Data classification and handling procedures.
• Encryption concepts: symmetric vs. asymmetric.
• Backup and recovery strategies for data resilience.
• Introduction to Data Loss Prevention (DLP) technologies.

Unit 4: Security Operations and Incident Handling

• Role of the Security Operations Center (SOC).
• Log collection, analysis, and Security Information and Event Management (SIEM).
• Introduction to threat intelligence and its sources.
• Continuous monitoring best practices.

• The basic stages of the Incident Response lifecycle.
• Developing and testing an Incident Response Plan.
• Business Continuity and Disaster Recovery (BC/DR) overview.
• Basic digital forensics concepts.

Unit 5: The Business and Regulatory Context

• Understanding the human element in security.
• Best practices for security awareness training programs.
• Common social engineering tactics and defense.
• Promoting a security-first culture in the workplace.

• Introduction to key regulations (e.g., GDPR, HIPAA, CCPA).
• The role of policies, standards, and procedures.
• Understanding vendor and third-party risk.
• Communicating cyber risk and business impact to stakeholders.