Skip to content
Skip to main content

About this free course

Share this free course

Gamified Intelligent Cyber Aptitude and Skills Training (GICAST)
Gamified Intelligent Cyber Aptitude and Skills Training (GICAST)

Start this free course now. Just create an account and sign in. Enrol and complete the course for a free statement of participation or digital badge if available.

2 Understanding current threats

This section is part of the amber and green pathways.

A photograph of dark clouds above a green field.
Figure 13

Now you know what information assets you have, you’ll look at how those assets can be compromised.

You will learn about some different kinds of threat, the vulnerabilities that they exploit and some countermeasures that can be put in place to guard against them. Figure 12 illustrates the context of these terms. When we use those terms we mean:

  • vulnerability – a point at which there is potential for a security breach
  • threat – some danger that can exploit a vulnerability
  • countermeasure – action you take to protect your information against threats and vulnerabilities.
This diagram shows some frequently used terms within cyber security, and their connections.
Figure 14 Frequently used terms in cyber security

Threats can take many different forms, including unauthorised access to data with the intent of committing fraud against individuals or businesses. At its most extreme, there is the potential for the systematic disruption of computer networks and services, putting cyber security threats on a par with those associated with terrorism. In 2010, the UK government’s National Security Strategy highlighted cyber security attacks on the UK as a ‘Tier 1’ threat, which means they are one of the highest priorities for action.

New threats are being discovered all the time and they can affect any and every operating system, including Windows, Mac OS, Linux, Android and iOS.

Vulnerabilities discovered are listed in the National Vulnerabilities Database (NVD) by the National Institute of Standards and Technologies (NIST), USA. The vulnerabilities are detailed in numbered documents termed ‘Common Vulnerabilities and Exposure’ (CVE), for example CVE-2020-1299 (A remote code execution vulnerability exists in Microsoft Windows). The dashboard on the NVD website provides comprehensive count of the vulnerabilities reported and their severity.

This is a screenshot from the NVD Dashboard, which shows a range of current data on vulnerabilities, in tables and pie charts.
Figure 15 NVD Dashboard

To protect ourselves it is important to keep ourselves up to date with the latest cyber security news.

Next, you will explore how a cyber security threat is described in the Windows and Mac OS platforms by watching a video relevant to your computer’s operating system if possible.