Learning from major cyber security incidents
Learning from major cyber security incidents

Start this free course now. Just create an account and sign in. Enrol and complete the course for a free statement of participation or digital badge if available.

Free course

Learning from major cyber security incidents

1 Cyber security basics

This course does not cover the basics of cyber security and online safety as these are covered in the badged OpenLearn course Introduction to cyber security: stay safe online [Tip: hold Ctrl and click a link to open it in a new tab. (Hide tip)] (open the link in a new tab or window by holding down Ctrl (or Cmd on a Mac) when you click on it).

If you haven’t taken the abovementioned course or your memory needs to be refreshed, you are encouraged to visit the Glossary at the end of this course or the relevant section in the Introduction to cyber security: stay safe online course when you meet an unfamiliar term or concept related to cyber security.

Activities 1 to 4 should help you to assess your knowledge and to familiarise yourself with the basics of cyber security.

Activity 1

Timing: Allow about 10 minutes

In the context of computer security, briefly explain the meaning of the following terms:

  • vulnerability
  • threat
  • countermeasure.


A vulnerability is a point at which there is potential for a security breach.

A threat is some danger that can exploit a vulnerability.

A countermeasure is an action you take to protect your information against threats and vulnerabilities.

Activity 2

Timing: Allow about 20 minutes

In the context of malware, briefly explain the meaning of the following terms:

  • virus
  • worm
  • Trojan
  • ransomware
  • spyware
  • botnets.


A virus inserts a copy of itself into applications or crucial parts of the operating system in order to infect other computing devices or storage media that interact with the infected computer.

A worm exploits the vulnerability of computing devices in a network and replicates itself by finding and infecting other vulnerable computing devices.

A Trojan is malware disguised as something useful and can be self-replicating.

Ransomware is malware that demands payment in order to refrain from doing some harmful action or to undo the effects of the harmful action.

Spyware records the activities of the user, such as the passwords they type into the computer, and transmits this information to the person who wrote the malware.

Botnets are created using malware that allows an attacker to control a group of computers and use them to gather personal information or launch attacks against others, such as for sending spam emails or flooding a website with so many requests for content that the server cannot cope (called a denial-of-service attack).

Activity 3

Timing: Allow about 20 minutes
  • a.In the context of encryption, briefly explain the meaning of the following terms:

  • plaintext
  • ciphertext
  • cipher
  • encryption
  • decryption.


Plaintext is information that can be directly read by humans or a machine (this document is an example of plaintext). ‘Plaintext’ is a historic term predating computers, when encryption was only used for hardcopy text; nowadays it is associated with many formats including music, movies and computer programs.

Ciphertext is the encrypted data.

A cipher is the mathematics (or algorithm) responsible for turning plaintext into ciphertext and reverting ciphertext to plaintext (you might also see the word ‘code’ used – there is a technical difference between the two but it need not concern you now).

Encryption is the process of converting plaintext to ciphertext (occasionally you may see it called ‘encipherment’).

Decryption is the process of reverting ciphertext to plaintext (occasionally known as ‘decipherment’).

  • b.What is asymmetric cryptography and how does it differ from symmetric cryptography?


Asymmetric cryptography, also known as public key cryptography, sidesteps the key distribution problem because each user creates their own keys:

  • the private key, which they keep safe and never distribute

  • the public key, which can be sent to anyone with whom they want to exchange encrypted information.

Unlike with symmetric encryption, the two keys behave differently: the public key is the only key that can decrypt ciphertext encrypted using the corresponding private key, and the private key is the only key capable of decrypting files encrypted with the corresponding public key. Crucially, the value of one key cannot easily be determined from the other, so even if the public key falls into hostile hands, the value of the private key cannot be determined.

Activity 4

Timing: Allow about 20 minutes

In the context of network security:

  • What is a firewall and how can it protect a network?
  • What is an intrusion detection system and how does it work?


In a building, a firewall is a reinforced masonry wall that is designed to prevent a fire from spreading through the structure, allowing people time to escape. Similarly, in a computer network, a firewall is a barrier that blocks dangerous communications from spreading across a network, either from the outside world into a local network, or from one part of a local network to another.

An intrusion detection system (IDS) may be a dedicated device or software. It is typically classified as one of two types, depending on its responsibilities:

  • a network intrusion detection system (NIDS), which is responsible for monitoring data passing over a network
  • a host intrusion detection system (HIDS), which is responsible for monitoring data to and from a computer.

An IDS can support a network firewall. Ideally the firewall should be closed to all traffic apart from that which is known to be needed by the organisation (such as web traffic, email and FTP). An IDS can then be used to scan any traffic passing through the firewall for potential attacks using an NIDS, as well as being able to detect those coming from within – such as from a personal computer infected with malware – using an HIDS.

Intrusion detection may be considered passive; it identifies that an intrusion is taking place and informs an administrator, who must take appropriate action. However, it can also be reactive – as well as informing the administrator, the IDS can actively attempt to stop the intrusion, in most cases by blocking any further data packets sent by the source IP address. Such a system is also referred to as an intrusion prevention or protection system (IPS).

Now you have familiarised yourself with some of the key terms related to cyber security, you will next look at the first case study used in this course.


Take your learning further

Making the decision to study can be a big step, which is why you'll want a trusted University. The Open University has 50 years’ experience delivering flexible learning and 170,000 students are studying with us right now. Take a look at all Open University courses.

If you are new to University-level study, we offer two introductory routes to our qualifications. You could either choose to start with an Access module, or a module which allows you to count your previous learning towards an Open University qualification. Read our guide on Where to take your learning next for more information.

Not ready for formal University study? Then browse over 1000 free courses on OpenLearn and sign up to our newsletter to hear about new free courses as they are released.

Every year, thousands of students decide to study with The Open University. With over 120 qualifications, we’ve got the right course for you.

Request an Open University prospectus371