Lesson 11: Security Basics & Safe Computing

Security is mostly habits. Learn the core security ideas (CIA triad), common threats (phishing/malware), and what you should do FIRST when something looks sketchy.

Goal: Think “risk + first action” Core model: CIA triad Big threat: social engineering Practical: Phish or legit

1) The CIA Triad (Your Security “Compass”)

A huge number of security questions are really asking: “Which part of the CIA triad is being impacted?” If you can spot that, you can choose the right control and the right first action.

Concept	Meaning	Common Examples
Confidentiality	Keep data private (only authorized people can see it)	Encryption, permissions, MFA
Integrity	Keep data accurate and unaltered	Hashes, access control, change logs
Availability	Keep systems usable when needed	Backups, redundancy, DoS protection

2) Threats You MUST Recognize

Social engineering (most common)

Phishing: email “bait” to steal credentials or make you click/attach
Smishing/Vishing: phishing over text / phone
Pretexting: attacker invents a believable story (“I’m from IT”)
Tailgating: follows you into a secured area

Malware (common categories)

Ransomware: encrypts files for money
Spyware/Keylogger: watches what you do / steals credentials
Trojan: looks legit but contains a malicious payload
Worm: spreads itself across systems/networks

Exam pattern: “Most effective control” vs “best FIRST action.” Controls reduce future risk. First actions reduce current damage safely (don’t click, isolate, report).

3) Safe Habits That Beat Most Attacks

Use MFA: stops password-only compromise.
Password manager: unique, long passwords (don’t reuse).
Update/patch: closes known vulnerabilities.
Least privilege: users/apps only get what they need.
Backups (3-2-1): 3 copies, 2 media types, 1 offsite/offline.

4) If You Suspect a Security Incident

Default safe first actions:

Don’t click links/attachments you don’t trust.
Isolate the device from the network if you suspect malware.
Report to IT/security (don’t “dig around” and destroy evidence).
Change credentials only after you confirm the right process (and from a known-safe device).

Think like IT: contain first → then investigate → then recover → then prevent.

Quick Cheats

Use these like “flashcards” while you practice.

Phishing red flags

Urgency “act now” Link mismatch hover shows different domain Attachments .zip/.exe/.html Credential request “verify password” Weird sender typos/odd domain

3-2-1 backup rule

3 copies of data
2 different storage types
1 offsite/offline copy

Controls (fast definitions)

Preventive: stops issues (MFA, patching)
Detective: detects/alerts (logs, SIEM)
Corrective: restores/fixes (backup restore)

Micro “First Action” Rule

If you’re not 100% sure it’s safe: don’t click → verify via official channel → report if suspicious.

Practical: Phish or Legit Simulator

For each message, choose the best classification, the best FIRST action, and the most impacted CIA area. Use Reveal to learn the “why.”

Progress 0/8

Score 0%

Rule: Your “first action” should reduce risk immediately (don’t click, verify via official channel, report). If malware is suspected, think isolate first.

1) “Your mailbox is full — verify now”

From: it-support@micros0ft-mail.com
“Your mailbox will be disabled in 30 minutes. Click to verify your password.”

Risk: High · ID: M1

Classification

Best FIRST action

Most impacted CIA area

Hint: Urgency + credential request + weird domain = phishing.

Why: This is credential theft. Don’t click. Report it. CIA impact is Confidentiality (account/data exposure).

2) “Vendor invoice attached”

From: ap@yourvendor.com
Subject: “Invoice #44719” Attachment: invoice_44719.zip

Risk: Medium · ID: M2

Classification

Best FIRST action

Most impacted CIA area

Hint: Unexpected ZIP attachments are a common malware delivery method.

Why: ZIPs can hide malware. Verify through a known channel before opening. CIA is mainly Integrity (malware can alter systems/data), and may also impact confidentiality.

3) “Planned maintenance tonight”

From: noreply@yourcompany.com
“Scheduled network maintenance 11:00 PM–1:00 AM. VPN may disconnect briefly.”

Risk: Low · ID: M3

Classification

Best FIRST action

Most impacted CIA area

Hint: Maintenance affects availability; verify via official channel.

Why: Legit IT notices usually don’t ask for credentials. Verify on the official status channel. CIA is Availability (planned downtime).

4) “Payroll update required”

From: hr-payroll@yourcompany-support.com
“We detected an error. Sign in here to update your direct deposit.”

Risk: High · ID: M4

Classification

Best FIRST action

Most impacted CIA area

Hint: Payroll/bank requests are classic credential theft.

Why: This targets credentials + financial info. Report it. CIA is Confidentiality (sensitive personal/banking data).

5) “Password expired” (but you just changed it)

A pop-up appears while browsing: “Your password expired. Re-enter credentials to continue.”

Risk: Medium · ID: M5

Classification

Best FIRST action

Most impacted CIA area

Hint: Random credential prompts during browsing are a major red flag.

Why: This may be a fake login overlay. Close it, go to the real site via typed URL, and scan. CIA is Confidentiality (credential theft).

6) “CEO needs gift cards”

From: ceo@yourcornpany.com (note spelling)
“I’m in a meeting. Buy $500 in gift cards and send me the codes ASAP.”

Risk: High · ID: M6

Classification

Best FIRST action

Most impacted CIA area

Hint: This is business email compromise/social engineering.

Why: Classic BEC scam: urgency + authority + unusual request. Report it. CIA maps best to Integrity (manipulating business process/decisions).

7) “MFA prompt you didn’t trigger”

You receive an MFA push notification asking to approve a login… but you aren’t logging in.

Risk: High · ID: M7

Classification

Best FIRST action

Most impacted CIA area

Hint: Unexpected MFA prompts often mean your password is already compromised.

Why: Treat it as an active attack attempt. Deny, secure the account from a known-safe device, notify IT. CIA is Integrity (unauthorized access/change attempts).

8) “Files renamed and won’t open”

User reports documents now end in .locked and a note demands payment.

Risk: Critical · ID: M8

Classification

Best FIRST action

Most impacted CIA area

Hint: Ransomware is a containment-first situation.

Why: Ransomware destroys Availability (you can’t use your files). First step is containment: isolate from network, then report and follow IR process.

Lesson 11 Quiz (Advanced)

10 questions. Score ≥ 75% to unlock the Next Lesson button.

Progress note: Your score/unlock is saved to this browser only using localStorage. Clearing browser data, using Incognito, or switching devices will reset progress.

Quiz Progress 0/10

Next Lesson

Complete the quiz with a score of 75%+ to unlock.

🔒 Locked — Score 75%+ required

Next Lesson →

Tip: Review CIA + phishing red flags, then try again.

1) The CIA Triad (Your Security “Compass”)

2) Threats You MUST Recognize

Social engineering (most common)

Malware (common categories)

3) Safe Habits That Beat Most Attacks

4) If You Suspect a Security Incident

Practical: Phish or Legit Simulator

Lesson 11 Quiz (Advanced)

Next Lesson

Leave a Comment Cancel reply