Cybersecurity Knowledge Base
Focused notes on defensive security, system architecture,
risk management, and security fundamentals.
Scope: Conceptual and defensive cybersecurity learning.
No exploit development or attack scripting included.
Cybersecurity
Cybersecurity focuses on protecting systems, networks, applications, and data
from unauthorized access, misuse, disruption, and destruction.
This section emphasizes security principles, defensive mechanisms, architectures,
risk management, and real-world security thinking — without exploit code.
1. Core Security Principles
CIA Triad
- Confidentiality: Prevent unauthorized access to information
- Integrity: Ensure data is accurate and unaltered
- Availability: Ensure systems and services remain accessible
Extended Security Concepts
- Authentication – verifying identity
- Authorization – defining permissions
- Accounting / Auditing – tracking actions
- Non-repudiation – proof of actions
2. Threats, Risks, and Vulnerabilities
Threat
Any potential cause of harm to a system or organization.
Vulnerability
A weakness that can be exploited by a threat.
Risk
The likelihood and impact of a threat exploiting a vulnerability.
Threat Categories
- Malware-based threats
- Viruses – Programs that attach to files and spread.
- Worms – Self-replicating malware that spreads across networks.
- Trojans – Malicious programs disguised as legitimate software.
- Ransomware – Locks user data until a ransom is paid.
- Network-based threats
- Denial-of-Service (DoS) attacks – Overwhelm systems to make them unavailable.
- Man-in-the-Middle (MITM) attacks – Intercept communication between parties.
- Packet sniffing – Unauthorized monitoring of network traffic.
- Human-based threats
- Phishing – Fraudulent attempts to obtain sensitive information.
- Social engineering – Manipulating individuals to divulge confidential data.
- Insider threats – Malicious or careless actions by employees or trusted personnel.
- Configuration and design weaknesses
- Weak passwords – Easily guessable or default credentials.
- Unpatched software – Vulnerabilities due to outdated systems.
- Poor network design – Open ports, lack of segmentation, or weak firewall rules.
3. Security Architecture & Design
Defense in Depth
- Multiple layers of security controls
- Failure of one control should not compromise the system
Least Privilege
- Users and services get minimum required access
Zero Trust Model
- No implicit trust inside or outside the network
- Continuous verification
- Strong identity and access control
4. Network Security (Conceptual)
- Network segmentation and isolation
- Firewalls (packet filtering, stateful, application-level)
- Intrusion Detection Systems (IDS)
- Intrusion Prevention Systems (IPS)
- Secure network protocols (TLS, HTTPS)
Perimeter vs Internal Security
- Traditional perimeter-based security
- Modern internal segmentation and monitoring
5. Operating System & Endpoint Security
- User account control and permissions
- Process isolation
- Secure boot mechanisms
- Patch and update management
- Endpoint detection and response (EDR)
6. Application Security (No Exploit Code)
Secure Application Design
- Input validation
- Output encoding
- Error handling without information leakage
- Secure authentication workflows
Common Application-Level Risks (Conceptual)
- Injection flaws
- Broken authentication
- Access control failures
- Security misconfigurations
7. Cryptography Fundamentals
Encryption
- Symmetric encryption
- Asymmetric encryption
- Key management importance
Hashing
- One-way functions
- Password storage
- Integrity verification
Digital Certificates & PKI
- Public Key Infrastructure
- Certificate Authorities
- Trust chains
8. Identity & Access Management (IAM)
- User identity lifecycle
- Multi-factor authentication
- Single Sign-On (SSO)
- Role-Based Access Control (RBAC)
- Attribute-Based Access Control (ABAC)
9. Cloud Security Concepts
Shared Responsibility Model
- Cloud provider responsibilities
- Customer responsibilities
Cloud Security Controls
- Identity and access policies
- Network isolation
- Encryption at rest and in transit
- Logging and monitoring
10. Security Monitoring & Incident Response
Logging & Monitoring
- System logs
- Application logs
- Security event correlation
Incident Response Lifecycle
- Preparation
- Detection
- Containment
- Eradication
- Recovery
- Lessons learned
11. Risk Management & Governance
- Asset identification
- Threat modeling
- Risk assessment
- Risk mitigation strategies
- Continuous risk review
12. Security Policies & Compliance
- Security policies and procedures
- Access control policies
- Incident response policies
- Awareness of standards:
- ISO/IEC 27001
- NIST Framework
- GDPR (conceptual)
ELABORATION
Security & Compliance Notes
- ISO/IEC 27001
An international standard for managing information security.
- Focuses on Confidentiality, Integrity, and Availability (CIA triad).
- Uses a risk-based approach to identify and control security threats.
- Helps organizations protect sensitive information and gain trust.
- NIST Framework
A cybersecurity framework developed by NIST (USA).
- Provides best practices for managing cybersecurity risks.
- Based on five core functions:
- Identify
- Protect
- Detect
- Respond
- Recover
- Widely used by government and private organizations.
- GDPR (Conceptual)
A data protection law from the European Union.
- Protects personal data and privacy of individuals.
- Requires lawful data processing and user consent.
- Gives users rights like data access and data deletion.
- Applies to organizations handling EU citizens’ data worldwide.
13. Human Factor & Security Awareness
- Social engineering awareness
- User training importance
- Insider threat management
- Security culture in organizations
14. Cybersecurity Mindset (Advanced)
- Security is continuous, not one-time
- Prevention, detection, and response are equally important
- Assume breach and plan resilience
- Security must align with business goals
Focus area: defensive security, system hardening, architecture,
risk awareness, and real-world protection strategies.