Skip to main content

Cybersecurity · Foundations

Cybersecurity Foundations

Page 1 of 4

Level 1 of my cybersecurity course. Data, networks, attackers, and everyday defences with hands-on practice.

Optional reading support. Use this only if it helps you read or focus.

Progress

Core path

Your path through this level

Progress saves in this browser and syncs after you sign in

Completed
0 of 9
You will be able to
  • Explain the CIA triad (confidentiality, integrity, availability) with concrete everyday examples.
  • Explain how data representation (bits, bytes, encodings) affects security outcomes.
  • Apply simple checks to passwords, links, and basic account hygiene using practice tools.

Pick up where you left off

Security as a systemRisk drives prioritiesIntegrity is provable changeA request is a chainCIA applied to systemsIdentity flowVerification under pressurePersonal data journeyA personal baseline
Optional
Full module map
Use this if you want the shape of the level before you start
Show
Module F0Security as a system
Security connects intent, controls, evidence, and recovery. If one is missing, you are guessing.
Open
Prerequisites
  • No previous technical background required
  • Read the section explanation before using tools
Outcomes
  1. Explain security as a system in your own words and apply it to a realistic scenario.
  2. Security connects intent, controls, evidence, and recovery. If one is missing, you are guessing.
  3. Check the assumption "We can name what matters" and explain what changes if it is false.
  4. Check the assumption "Controls can be tested" and explain what changes if it is false.
Practice
  • Complete one guided exercise and explain your decision in plain language
  • Use the recap only after reading the main section
Artefact and failure modes
  • A short module note with one key definition and one practical example
  • Control theatre. Lots of policy and little evidence. The system looks serious and fails quickly.
  • No recovery plan. Incidents become chaotic when nobody rehearsed the calm next steps.
Module F1Risk drives priorities
Risk is how you decide what to fix first. It is not a score to admire.
Open
Prerequisites
  • No previous technical background required
  • Read the section explanation before using tools
Outcomes
  1. Explain risk drives priorities in your own words and apply it to a realistic scenario.
  2. Risk is how you decide what to fix first. It is not a score to admire.
  3. Check the assumption "Likelihood is a model" and explain what changes if it is false.
  4. Check the assumption "Impact includes people" and explain what changes if it is false.
Practice
  • Complete one guided exercise and explain your decision in plain language
  • Use the recap only after reading the main section
Artefact and failure modes
  • A short module note with one key definition and one practical example
  • Risk scoring without action. A risk register that never changes controls is a diary, not a defence.
  • Wrong priority. Teams sometimes optimise for what is easy to measure, not what is dangerous.
Module F2Integrity is provable change
Integrity is about detecting and resisting tampering, not about secrecy.
Open
Prerequisites
  • No previous technical background required
  • Read the section explanation before using tools
Outcomes
  1. Explain integrity is provable change in your own words and apply it to a realistic scenario.
  2. Integrity is about detecting and resisting tampering, not about secrecy.
  3. Check the assumption "We know what good looks like" and explain what changes if it is false.
  4. Check the assumption "We protect the reference" and explain what changes if it is false.
Practice
  • Complete one guided exercise and explain your decision in plain language
  • Use the recap only after reading the main section
Artefact and failure modes
  • A short module note with one key definition and one practical example
  • Integrity without provenance. If you cannot explain where data came from, a checksum alone does not make it trustworthy.
  • Confusing hashing with encryption. Hashing helps detect change. Encryption helps keep data private. They solve different problems.
Module F3A request is a chain
Most ‘network problems’ are a chain of smaller steps. Diagnose the step, not the vibe.
Open
Prerequisites
  • No previous technical background required
  • Read the section explanation before using tools
Outcomes
  1. Explain a request is a chain in your own words and apply it to a realistic scenario.
  2. Most ‘network problems’ are a chain of smaller steps. Diagnose the step, not the vibe.
  3. Check the assumption "Order matters" and explain what changes if it is false.
  4. Check the assumption "Trust is explicit" and explain what changes if it is false.
Practice
  • Complete one guided exercise and explain your decision in plain language
  • Use the recap only after reading the main section
Artefact and failure modes
  • A short module note with one key definition and one practical example
  • Blaming ‘the network’. If you cannot say which step failed, you do not have a diagnosis.
  • TLS as a magic shield. TLS protects data in transit. It does not fix weak authentication or broken access control.
Module F4CIA applied to systems
Confidentiality, integrity, and availability fail in different places. Controls must match the failure.
Open
Prerequisites
  • No previous technical background required
  • Read the section explanation before using tools
Outcomes
  1. Explain cia applied to systems in your own words and apply it to a realistic scenario.
  2. Confidentiality, integrity, and availability fail in different places. Controls must match the failure.
  3. Check the assumption "CIA is a lens, not a slogan" and explain what changes if it is false.
  4. Check the assumption "Availability is a safety issue" and explain what changes if it is false.
Practice
  • Complete one guided exercise and explain your decision in plain language
  • Use the recap only after reading the main section
Artefact and failure modes
  • A short module note with one key definition and one practical example
  • Overfocus on confidentiality. Teams encrypt data and forget integrity and availability. Incidents still happen.
  • No evidence trail. If you cannot detect misuse, you cannot respond in time.
Module F5Identity flow
Authentication answers who. Authorisation answers what. Sessions carry the decision over time.
Open
Prerequisites
  • No previous technical background required
  • Read the section explanation before using tools
Outcomes
  1. Explain identity flow in your own words and apply it to a realistic scenario.
  2. Authentication answers who. Authorisation answers what. Sessions carry the decision over time.
  3. Check the assumption "Auth is not authz" and explain what changes if it is false.
  4. Check the assumption "Sessions expire" and explain what changes if it is false.
Practice
  • Complete one guided exercise and explain your decision in plain language
  • Use the recap only after reading the main section
Artefact and failure modes
  • A short module note with one key definition and one practical example
  • Privilege creep. Permissions grow over time. Without review, the system quietly becomes unsafe.
  • Weak session handling. If sessions are stolen or replayed, security collapses. Protect cookies and tokens properly.
Module F6Verification under pressure
Phishing works by using normal work habits against you. The defence is a simple decision path.
Open
Prerequisites
  • No previous technical background required
  • Read the section explanation before using tools
Outcomes
  1. Explain verification under pressure in your own words and apply it to a realistic scenario.
  2. Phishing works by using normal work habits against you. The defence is a simple decision path.
  3. Check the assumption "Time pressure is part of the attack" and explain what changes if it is false.
  4. Check the assumption "Verification has a script" and explain what changes if it is false.
Practice
  • Complete one guided exercise and explain your decision in plain language
  • Use the recap only after reading the main section
Artefact and failure modes
  • A short module note with one key definition and one practical example
  • Channel spoofing. Email, chat, and phone can all be faked. Trust the verified path, not the tone.
  • Approval bypass. Attackers push you around process. The defence is a hard rule: no exceptions under urgency.
Module F7Personal data journey
Privacy is about what data leaves, where it rests, and who can see it.
Open
Prerequisites
  • No previous technical background required
  • Read the section explanation before using tools
Outcomes
  1. Explain personal data journey in your own words and apply it to a realistic scenario.
  2. Privacy is about what data leaves, where it rests, and who can see it.
  3. Check the assumption "Purpose is stated" and explain what changes if it is false.
  4. Check the assumption "Retention is deliberate" and explain what changes if it is false.
Practice
  • Complete one guided exercise and explain your decision in plain language
  • Use the recap only after reading the main section
Artefact and failure modes
  • A short module note with one key definition and one practical example
  • Overcollection. Teams collect ‘just in case’ and create future harm. Minimise by default.
  • Deletion that is only UI. Deleting from the interface is not deletion. Know where the copies live.
Module F8A personal baseline
A baseline is a small set of controls you can sustain. Consistency beats intensity.
Open
Prerequisites
  • No previous technical background required
  • Read the section explanation before using tools
Outcomes
  1. Explain a personal baseline in your own words and apply it to a realistic scenario.
  2. A baseline is a small set of controls you can sustain. Consistency beats intensity.
  3. Check the assumption "Habits beat heroics" and explain what changes if it is false.
  4. Check the assumption "You review, not only set" and explain what changes if it is false.
Practice
  • Complete one guided exercise and explain your decision in plain language
  • Use the recap only after reading the main section
Artefact and failure modes
  • A short module note with one key definition and one practical example
  • One control for everything. A single tool does not cover all threats. A baseline is a set of small, complementary controls.
  • No recovery plan. If you never practised recovery, the first incident becomes your rehearsal.
Optional
Planning and evidence
Objectives, timing, and CPD tracking
Show

If you want to start learning now, leave this closed. Come back when you want to plan your practice or keep evidence for CPD. This is guidance and it is not endorsed by awarding bodies. Standards mapping lives on the course overview page.

Learning objectives

What you will be able to do

  1. 1. Explain the CIA triad (confidentiality, integrity, availability) with concrete everyday examples.
    The CIA triad is the baseline for every security decision you will ever make.
  2. 2. Explain how data representation (bits, bytes, encodings) affects security outcomes.
    Representation errors can break security even when the code is fine.
  3. 3. Apply simple checks to passwords, links, and basic account hygiene using practice tools.
    Hygiene checks are the fastest risk reducers for most people.
  4. 4. Analyse a small system to identify trust boundaries and obvious attack surface.
    Trust boundaries show where attacks actually land.
  5. 5. Explain how phishing and social engineering attempts work and how to spot realistic red flags.
    Social engineering is still the main entry point, so you must recognise it.
  6. 6. Create a personal security improvement plan you can follow and review.
    A personal plan turns knowledge into habits that stick.
  7. 7. Evaluate a simple breach scenario and recommend preventive and detective controls.
    Breach reasoning teaches how controls work together, not in isolation.
What comes next
Next we move into threat modelling and real system flows because that is where security lives day to day.
Continue to Applied

What changes at this level

Level expectations

Each level is independent but clearly deeper than the last. This panel makes the jump explicit.

Assessment intent
Foundations

Terminology, safe habits, and correct reasoning about basic security decisions.

Style
mixed
20 questions
30 min timed
Pass standard
80%
Not externally certified
Evidence you can save (CPD friendly)
  • Personal security baseline: MFA, recovery options, password manager setup, and a short review note (what changed and why).
  • One small threat sketch for a system you actually use (assets, entry points, boundaries).
  • A phishing decision log: three examples and the exact cues you used to classify them.

CPD timing

Foundations time breakdown

Defensible timing based on page content: reading, labs, checkpoints, and reflection.

Reading
51m
7,746 words × 1.3
Practice
270m
18 × 15m
Checkpoints
45m
9 × 5m
Reflection
72m
9 × 8m
Estimated total
7h 18m
Based on page content
Claimed hours
8h
Includes reattempts + capstone
Claimed hours exceed on-page estimate by ~1h. Gap will be filled with guided practice and assessment-grade work.

CPD tracking

Fixed hours for this level are 8. Timed assessment time is included once on pass.

View in My CPD
Pricing and CPDSign in to sync progress and unlock assessments
Progress minutes
0.0 hours

Learning objectives

What you will be able to do

  1. 1. Explain the CIA triad (confidentiality, integrity, availability) with concrete everyday examples.
    The CIA triad is the baseline for every security decision you will ever make.
  2. 2. Explain how data representation (bits, bytes, encodings) affects security outcomes.
    Representation errors can break security even when the code is fine.
  3. 3. Apply simple checks to passwords, links, and basic account hygiene using practice tools.
    Hygiene checks are the fastest risk reducers for most people.
  4. 4. Analyse a small system to identify trust boundaries and obvious attack surface.
    Trust boundaries show where attacks actually land.
  5. 5. Explain how phishing and social engineering attempts work and how to spot realistic red flags.
    Social engineering is still the main entry point, so you must recognise it.
  6. 6. Create a personal security improvement plan you can follow and review.
    A personal plan turns knowledge into habits that stick.
  7. 7. Evaluate a simple breach scenario and recommend preventive and detective controls.
    Breach reasoning teaches how controls work together, not in isolation.
What comes next
Next we move into threat modelling and real system flows because that is where security lives day to day.
Continue to Applied

What changes at this level

Level expectations

Each level is independent but clearly deeper than the last. This panel makes the jump explicit.

Assessment intent
Foundations

Terminology, safe habits, and correct reasoning about basic security decisions.

Style
mixed
20 questions
30 min timed
Pass standard
80%
Not externally certified
Evidence you can save (CPD friendly)
  • Personal security baseline: MFA, recovery options, password manager setup, and a short review note (what changed and why).
  • One small threat sketch for a system you actually use (assets, entry points, boundaries).
  • A phishing decision log: three examples and the exact cues you used to classify them.

Learning contract

Foundations outcomes

About 8 hours

Read the explanation first, then use the tools to test the idea. Skip any tool that is not useful for your goal.

  1. Explain the CIA triad (confidentiality, integrity, availability) with concrete everyday examples.
  2. Explain how data representation (bits, bytes, encodings) affects security outcomes.
  3. Apply simple checks to passwords, links, and basic account hygiene using practice tools.
  4. Analyse a small system to identify trust boundaries and obvious attack surface.
  5. Explain how phishing and social engineering attempts work and how to spot realistic red flags.
Loading content...

Next step

Practise this level, then take the timed assessment

I recommend you start with the practice assessment for Foundations. It is not timed and it helps you write a clear CPD reflection before the full assessment.

20

Questions

30

Minutes

80%

Pass mark

Practice assessment

Start the practice assessment for Foundations

It is designed for confidence and evidence, and you can retry as often as you need.

Start practice assessment

Full assessment

Cybersecurity Foundations assessment

This assessment is timed. It is free to take and you can retry as often as you need.

  • Detailed feedback on every question
  • Pass evidence recorded in your account on pass
  • Personalised recommendations on weak areas
Sign in to start the full assessment

Sign in to save progress and keep your pass record

You can complete the course while signed out, and your progress saves in this browser. Sign in before assessments so your pass record is attached to your account.

Sign in for trackingContinue to AppliedSupport us

Courses and assessments are free. There is no paywall for the learning path, practice questions, or formal assessments. Optional donations support hosting, maintenance, and ongoing updates.

During timed assessments, copy and the context menu are restricted to reduce casual cheating. Passed assessments are recorded in your account as evidence.

Course materials are protected by intellectual property rights.View terms