Cybersecurity Course Overview

Core path

Your path through this level

Progress saves in this browser and syncs after you sign in

Completed

0 of 9

Pick up where you left off

Security as a system Risk drives priorities Integrity is provable change A request is a chain CIA applied to systems Identity flow Verification under pressure Personal data journey A personal baseline

Optional

Full module map

Use this if you want the shape of the level before you start

Show

Module F0Security as a system

Security connects intent, controls, evidence, and recovery. If one is missing, you are guessing.

Open

Prerequisites

No previous technical background required
Read the section explanation before using tools

Outcomes

Explain security as a system in your own words and apply it to a realistic scenario.
Security connects intent, controls, evidence, and recovery. If one is missing, you are guessing.
Check the assumption "We can name what matters" and explain what changes if it is false.
Check the assumption "Controls can be tested" and explain what changes if it is false.

Practice

Complete one guided exercise and explain your decision in plain language
Use the recap only after reading the main section

Artefact and failure modes

A short module note with one key definition and one practical example
Control theatre. Lots of policy and little evidence. The system looks serious and fails quickly.
No recovery plan. Incidents become chaotic when nobody rehearsed the calm next steps.

Module F1Risk drives priorities

Risk is how you decide what to fix first. It is not a score to admire.

Open

Prerequisites

No previous technical background required
Read the section explanation before using tools

Outcomes

Explain risk drives priorities in your own words and apply it to a realistic scenario.
Risk is how you decide what to fix first. It is not a score to admire.
Check the assumption "Likelihood is a model" and explain what changes if it is false.
Check the assumption "Impact includes people" and explain what changes if it is false.

Practice

Complete one guided exercise and explain your decision in plain language
Use the recap only after reading the main section

Artefact and failure modes

A short module note with one key definition and one practical example
Risk scoring without action. A risk register that never changes controls is a diary, not a defence.
Wrong priority. Teams sometimes optimise for what is easy to measure, not what is dangerous.

Module F2Integrity is provable change

Integrity is about detecting and resisting tampering, not about secrecy.

Open

Prerequisites

No previous technical background required
Read the section explanation before using tools

Outcomes

Explain integrity is provable change in your own words and apply it to a realistic scenario.
Integrity is about detecting and resisting tampering, not about secrecy.
Check the assumption "We know what good looks like" and explain what changes if it is false.
Check the assumption "We protect the reference" and explain what changes if it is false.

Practice

Complete one guided exercise and explain your decision in plain language
Use the recap only after reading the main section

Artefact and failure modes

A short module note with one key definition and one practical example
Integrity without provenance. If you cannot explain where data came from, a checksum alone does not make it trustworthy.
Confusing hashing with encryption. Hashing helps detect change. Encryption helps keep data private. They solve different problems.

Module F3A request is a chain

Most ‘network problems’ are a chain of smaller steps. Diagnose the step, not the vibe.

Open

Prerequisites

No previous technical background required
Read the section explanation before using tools

Outcomes

Explain a request is a chain in your own words and apply it to a realistic scenario.
Most ‘network problems’ are a chain of smaller steps. Diagnose the step, not the vibe.
Check the assumption "Order matters" and explain what changes if it is false.
Check the assumption "Trust is explicit" and explain what changes if it is false.

Practice

Complete one guided exercise and explain your decision in plain language
Use the recap only after reading the main section

Artefact and failure modes

A short module note with one key definition and one practical example
Blaming ‘the network’. If you cannot say which step failed, you do not have a diagnosis.
TLS as a magic shield. TLS protects data in transit. It does not fix weak authentication or broken access control.

Module F4CIA applied to systems

Confidentiality, integrity, and availability fail in different places. Controls must match the failure.

Open

Prerequisites

No previous technical background required
Read the section explanation before using tools

Outcomes

Explain cia applied to systems in your own words and apply it to a realistic scenario.
Confidentiality, integrity, and availability fail in different places. Controls must match the failure.
Check the assumption "CIA is a lens, not a slogan" and explain what changes if it is false.
Check the assumption "Availability is a safety issue" and explain what changes if it is false.

Practice

Complete one guided exercise and explain your decision in plain language
Use the recap only after reading the main section

Artefact and failure modes

A short module note with one key definition and one practical example
Overfocus on confidentiality. Teams encrypt data and forget integrity and availability. Incidents still happen.
No evidence trail. If you cannot detect misuse, you cannot respond in time.

Module F5Identity flow

Authentication answers who. Authorisation answers what. Sessions carry the decision over time.

Open

Prerequisites

No previous technical background required
Read the section explanation before using tools

Outcomes

Explain identity flow in your own words and apply it to a realistic scenario.
Authentication answers who. Authorisation answers what. Sessions carry the decision over time.
Check the assumption "Auth is not authz" and explain what changes if it is false.
Check the assumption "Sessions expire" and explain what changes if it is false.

Practice

Complete one guided exercise and explain your decision in plain language
Use the recap only after reading the main section

Artefact and failure modes

A short module note with one key definition and one practical example
Privilege creep. Permissions grow over time. Without review, the system quietly becomes unsafe.
Weak session handling. If sessions are stolen or replayed, security collapses. Protect cookies and tokens properly.

Module F6Verification under pressure

Phishing works by using normal work habits against you. The defence is a simple decision path.

Open

Prerequisites

No previous technical background required
Read the section explanation before using tools

Outcomes

Explain verification under pressure in your own words and apply it to a realistic scenario.
Phishing works by using normal work habits against you. The defence is a simple decision path.
Check the assumption "Time pressure is part of the attack" and explain what changes if it is false.
Check the assumption "Verification has a script" and explain what changes if it is false.

Practice

Complete one guided exercise and explain your decision in plain language
Use the recap only after reading the main section

Artefact and failure modes

A short module note with one key definition and one practical example
Channel spoofing. Email, chat, and phone can all be faked. Trust the verified path, not the tone.
Approval bypass. Attackers push you around process. The defence is a hard rule: no exceptions under urgency.

Module F7Personal data journey

Privacy is about what data leaves, where it rests, and who can see it.

Open

Prerequisites

No previous technical background required
Read the section explanation before using tools

Outcomes

Explain personal data journey in your own words and apply it to a realistic scenario.
Privacy is about what data leaves, where it rests, and who can see it.
Check the assumption "Purpose is stated" and explain what changes if it is false.
Check the assumption "Retention is deliberate" and explain what changes if it is false.

Practice

Complete one guided exercise and explain your decision in plain language
Use the recap only after reading the main section

Artefact and failure modes

A short module note with one key definition and one practical example
Overcollection. Teams collect ‘just in case’ and create future harm. Minimise by default.
Deletion that is only UI. Deleting from the interface is not deletion. Know where the copies live.

Module F8A personal baseline

A baseline is a small set of controls you can sustain. Consistency beats intensity.

Open

Prerequisites

No previous technical background required
Read the section explanation before using tools

Outcomes

Explain a personal baseline in your own words and apply it to a realistic scenario.
A baseline is a small set of controls you can sustain. Consistency beats intensity.
Check the assumption "Habits beat heroics" and explain what changes if it is false.
Check the assumption "You review, not only set" and explain what changes if it is false.

Practice

Complete one guided exercise and explain your decision in plain language
Use the recap only after reading the main section

Artefact and failure modes

A short module note with one key definition and one practical example
One control for everything. A single tool does not cover all threats. A baseline is a set of small, complementary controls.
No recovery plan. If you never practised recovery, the first incident becomes your rehearsal.

What changes at this level

Level expectations

Each level is independent but clearly deeper than the last. This panel makes the jump explicit.

Learning contract

Practice assessment outcomes

Read the explanation first, then use the tools to test the idea. Skip any tool that is not useful for your goal.

This is a scored practice assessment. It is free and not timed. Use it to identify weak domains before a timed attempt.

Practice assessment bank not found for this level yet.

What to do next

Pick one incorrect answer and rewrite your reasoning in plain language.
Note which evidence you would gather first in a real incident.
Repeat this practice set until your weak topics stop repeating.

Start timed assessment CPD prep pack Back to course

Course materials are protected by intellectual property rights.View terms

Preparing the page...

Core path

Your path through this level

Progress saves in this browser and syncs after you sign in

Completed

0 of 9

Pick up where you left off

Optional

Full module map

Use this if you want the shape of the level before you start

Show

Module F0Security as a system

Security connects intent, controls, evidence, and recovery. If one is missing, you are guessing.

Open

Prerequisites

No previous technical background required
Read the section explanation before using tools

Outcomes

Explain security as a system in your own words and apply it to a realistic scenario.
Security connects intent, controls, evidence, and recovery. If one is missing, you are guessing.
Check the assumption "We can name what matters" and explain what changes if it is false.
Check the assumption "Controls can be tested" and explain what changes if it is false.

Practice

Complete one guided exercise and explain your decision in plain language
Use the recap only after reading the main section

Artefact and failure modes

A short module note with one key definition and one practical example
Control theatre. Lots of policy and little evidence. The system looks serious and fails quickly.
No recovery plan. Incidents become chaotic when nobody rehearsed the calm next steps.

Module F1Risk drives priorities

Risk is how you decide what to fix first. It is not a score to admire.

Open

Prerequisites

No previous technical background required
Read the section explanation before using tools

Outcomes

Explain risk drives priorities in your own words and apply it to a realistic scenario.
Risk is how you decide what to fix first. It is not a score to admire.
Check the assumption "Likelihood is a model" and explain what changes if it is false.
Check the assumption "Impact includes people" and explain what changes if it is false.

Practice

Complete one guided exercise and explain your decision in plain language
Use the recap only after reading the main section

Artefact and failure modes

A short module note with one key definition and one practical example
Risk scoring without action. A risk register that never changes controls is a diary, not a defence.
Wrong priority. Teams sometimes optimise for what is easy to measure, not what is dangerous.

Module F2Integrity is provable change

Integrity is about detecting and resisting tampering, not about secrecy.

Open

Prerequisites

No previous technical background required
Read the section explanation before using tools

Outcomes

Explain integrity is provable change in your own words and apply it to a realistic scenario.
Integrity is about detecting and resisting tampering, not about secrecy.
Check the assumption "We know what good looks like" and explain what changes if it is false.
Check the assumption "We protect the reference" and explain what changes if it is false.

Practice

Complete one guided exercise and explain your decision in plain language
Use the recap only after reading the main section

Artefact and failure modes

A short module note with one key definition and one practical example
Integrity without provenance. If you cannot explain where data came from, a checksum alone does not make it trustworthy.
Confusing hashing with encryption. Hashing helps detect change. Encryption helps keep data private. They solve different problems.

Module F3A request is a chain

Most ‘network problems’ are a chain of smaller steps. Diagnose the step, not the vibe.

Open

Prerequisites

No previous technical background required
Read the section explanation before using tools

Outcomes

Explain a request is a chain in your own words and apply it to a realistic scenario.
Most ‘network problems’ are a chain of smaller steps. Diagnose the step, not the vibe.
Check the assumption "Order matters" and explain what changes if it is false.
Check the assumption "Trust is explicit" and explain what changes if it is false.

Practice

Complete one guided exercise and explain your decision in plain language
Use the recap only after reading the main section

Artefact and failure modes

A short module note with one key definition and one practical example
Blaming ‘the network’. If you cannot say which step failed, you do not have a diagnosis.
TLS as a magic shield. TLS protects data in transit. It does not fix weak authentication or broken access control.

Module F4CIA applied to systems

Confidentiality, integrity, and availability fail in different places. Controls must match the failure.

Open

Prerequisites

No previous technical background required
Read the section explanation before using tools

Outcomes

Explain cia applied to systems in your own words and apply it to a realistic scenario.
Confidentiality, integrity, and availability fail in different places. Controls must match the failure.
Check the assumption "CIA is a lens, not a slogan" and explain what changes if it is false.
Check the assumption "Availability is a safety issue" and explain what changes if it is false.

Practice

Complete one guided exercise and explain your decision in plain language
Use the recap only after reading the main section

Artefact and failure modes

A short module note with one key definition and one practical example
Overfocus on confidentiality. Teams encrypt data and forget integrity and availability. Incidents still happen.
No evidence trail. If you cannot detect misuse, you cannot respond in time.

Module F5Identity flow

Authentication answers who. Authorisation answers what. Sessions carry the decision over time.

Open

Prerequisites

No previous technical background required
Read the section explanation before using tools

Outcomes

Explain identity flow in your own words and apply it to a realistic scenario.
Authentication answers who. Authorisation answers what. Sessions carry the decision over time.
Check the assumption "Auth is not authz" and explain what changes if it is false.
Check the assumption "Sessions expire" and explain what changes if it is false.

Practice

Complete one guided exercise and explain your decision in plain language
Use the recap only after reading the main section

Artefact and failure modes

A short module note with one key definition and one practical example
Privilege creep. Permissions grow over time. Without review, the system quietly becomes unsafe.
Weak session handling. If sessions are stolen or replayed, security collapses. Protect cookies and tokens properly.

Module F6Verification under pressure

Phishing works by using normal work habits against you. The defence is a simple decision path.

Open

Prerequisites

No previous technical background required
Read the section explanation before using tools

Outcomes

Explain verification under pressure in your own words and apply it to a realistic scenario.
Phishing works by using normal work habits against you. The defence is a simple decision path.
Check the assumption "Time pressure is part of the attack" and explain what changes if it is false.
Check the assumption "Verification has a script" and explain what changes if it is false.

Practice

Complete one guided exercise and explain your decision in plain language
Use the recap only after reading the main section

Artefact and failure modes

A short module note with one key definition and one practical example
Channel spoofing. Email, chat, and phone can all be faked. Trust the verified path, not the tone.
Approval bypass. Attackers push you around process. The defence is a hard rule: no exceptions under urgency.

Module F7Personal data journey

Privacy is about what data leaves, where it rests, and who can see it.

Open

Prerequisites

No previous technical background required
Read the section explanation before using tools

Outcomes

Explain personal data journey in your own words and apply it to a realistic scenario.
Privacy is about what data leaves, where it rests, and who can see it.
Check the assumption "Purpose is stated" and explain what changes if it is false.
Check the assumption "Retention is deliberate" and explain what changes if it is false.

Practice

Complete one guided exercise and explain your decision in plain language
Use the recap only after reading the main section

Artefact and failure modes

A short module note with one key definition and one practical example
Overcollection. Teams collect ‘just in case’ and create future harm. Minimise by default.
Deletion that is only UI. Deleting from the interface is not deletion. Know where the copies live.

Module F8A personal baseline

A baseline is a small set of controls you can sustain. Consistency beats intensity.

Open

Prerequisites

No previous technical background required
Read the section explanation before using tools

Outcomes

Explain a personal baseline in your own words and apply it to a realistic scenario.
A baseline is a small set of controls you can sustain. Consistency beats intensity.
Check the assumption "Habits beat heroics" and explain what changes if it is false.
Check the assumption "You review, not only set" and explain what changes if it is false.

Practice

Complete one guided exercise and explain your decision in plain language
Use the recap only after reading the main section

Artefact and failure modes

A short module note with one key definition and one practical example
One control for everything. A single tool does not cover all threats. A baseline is a set of small, complementary controls.
No recovery plan. If you never practised recovery, the first incident becomes your rehearsal.

What changes at this level

Level expectations

Each level is independent but clearly deeper than the last. This panel makes the jump explicit.

Learning contract

Practice assessment outcomes

Read the explanation first, then use the tools to test the idea. Skip any tool that is not useful for your goal.

This is a scored practice assessment. It is free and not timed. Use it to identify weak domains before a timed attempt.

Practice assessment bank not found for this level yet.

What to do next

Pick one incorrect answer and rewrite your reasoning in plain language.
Note which evidence you would gather first in a real incident.
Repeat this practice set until your weak topics stop repeating.

Start timed assessment CPD prep pack Back to course

Course materials are protected by intellectual property rights.View terms

Cybersecurity practice assessment. Foundations

Level expectations

Practice assessment outcomes

Cybersecurity practice assessment. Foundations

Level expectations

Practice assessment outcomes