Foundations · Module 9

Foundations capstone

This capstone turns learning into action.

30 min 3 outcomes Cybersecurity Foundations

Previously

Privacy and everyday data protection

Privacy is not only a legal idea.

This module

Foundations capstone

This capstone turns learning into action.

Next

Cybersecurity Foundations practice test

Test recall and judgement against the governed stage question bank before you move on.

Progress

Mark this module complete when you can explain it without rereading every paragraph.

Why this matters

Keep it calm and practical.

What you will be able to do

  • 1 Choose a small set of changes you can explain and repeat
  • 2 Write a short CPD reflection that stays honest and specific
  • 3 Leave with a baseline you can build on without burnout

Before you begin

  • No previous technical background required
  • Read the section explanation before using tools

Common ways people get this wrong

  • One control for everything. A single tool does not cover all threats. A baseline is a set of small, complementary controls.
  • No recovery plan. If you never practised recovery, the first incident becomes your rehearsal.

This capstone turns learning into action. Keep it calm and practical. Small changes stick, and a baseline gives you something solid to improve later.

This capstone is about turning learning into action. Choose a small set of changes you can explain. Make them real. Keep it calm and practical.

This is Foundations. Move into Applied next once you can explain every term on this page to another person and show them how the tools work.

Mental model

A personal baseline

A baseline is a small set of controls you can sustain. Consistency beats intensity.

  1. 1

    Accounts

  2. 2

    MFA

  3. 3

    Updates

  4. 4

    Backups

  5. 5

    Monthly review

Assumptions to keep in mind

  • Habits beat heroics. A baseline works when you can repeat it on a bad week, not only on a good one.
  • You review, not only set. Security decays. Review is what keeps the baseline real.

Failure modes to notice

  • One control for everything. A single tool does not cover all threats. A baseline is a set of small, complementary controls.
  • No recovery plan. If you never practised recovery, the first incident becomes your rehearsal.

Check yourself

Quick check. Capstone

0 of 3 opened

What is the goal of this capstone

Turn the course into a few real actions you can explain and repeat.

What is one safe default when you are unsure

Pause and verify through an independent channel before acting.

Why keep the baseline small

Small changes stick. You can build on them without burnout.

Artefact and reflection

Artefact

A personal security baseline you can review and update

Reflection

Where in your work would choose a small set of changes you can explain and repeat change a decision, and what evidence would make you trust that change?

Optional practice

Use a few toggles and a short note to capture what you changed and what you will do next.

Sources

Source NIST Cybersecurity Framework (CSF) 2.0 (2024)
Source OWASP Top 10 (2025)
Source OWASP ASVS 5.0.0
Source ISO/IEC 27001:2022 Information security management systems
Back to Cybersecurity