Week 1, Lecture 1 — What is Cybersecurity?
Module: COMP09031 — Cybersecurity & Secure Programming
Before the lecture
Read Chapter 1 — Week 1, Lecture 1: What is Cybersecurity? in the book PDF (approximately 12 pages, 25 minutes reading time). The chapter opens on the HSE 2021 ransomware attack and the parallel with Colonial Pipeline; the rest of the lecture rests on that anchor.
If this is your first contact with the module, also skim:
- The Preface (5 pages) — how to use the book and the practicals
- The course schedule (Home → Schedule)
Slides
- Download
wk01_lecture01.pptx— open in PowerPoint, Keynote, or LibreOffice Impress to deliver. Speaker notes carry the talking points and time hints. - Download
wk01_lecture01.pdf— PDF export for printing or quick reference.
Lecture timing
This is the first lecture of the module. The chapter content runs to about 30 minutes; the remaining 20 minutes of the W1 L1 slot are best spent on module welcome, syllabus walkthrough, Moodle / VLE setup, and student Q&A — all of which earn their place at the start of any new module.
| Block | Time | Notes |
|---|---|---|
| Module welcome and Moodle setup | 0–10 min | Get students unblocked on Moodle access first |
| HSE / Colonial opening | 10–20 min | The parallel between the two incidents lands more deliberation than the page can give it |
| CIA triad | 20–30 min | Tension example: encrypt everything → kills availability |
| Threat vs vulnerability vs risk | 30–35 min | Treat risk = threat × vulnerability × impact as a working tool, not as something to memorise |
| Threat-actor taxonomy | 35–40 min | Brisk; we return to actors throughout the module |
| Module logistics, expectations, Q&A | 40–50 min | Reading list, the W1 Practical, the take-home project shape |
Embedded interlude
This lecture has no embedded hands-on interlude — Week 1 is intentionally the lightest week, and module welcome / admin fills the remaining 20 minutes of the slot. The first interlude lands in Week 1, Lecture 2 (live OWASP Top 10 movement page).
If you want an optional 3-minute everyone-on-keyboards moment to break up the lecture, the cleanest one is to have students open the ICO public breach register (https://ico.org.uk/action-weve-taken/data-security-incident-trends/) and find the most recent UK NHS-related entry — it grounds the HSE story in a UK regulatory context. Skip it if running tight.
Links from this lecture
Every external reference cited in the chapter, organised by topic. Open these in tabs before class.
On the HSE 2021 attack
- PwC. Conti cyber attack on the HSE: Independent Post Incident Review. Department of Health, Ireland, 3 December 2021. — The single best source. Search
gov.iepublications for the official PDF. - Krebs on Security. Conti Ransomware Group Diaries — March 2022 series on the leaked Conti chat logs. Search
krebsonsecurity.com.
On the Colonial Pipeline 2021 attack
- Joseph Blount testimony before the U.S. Senate Committee on Homeland Security and Governmental Affairs, Threats to Critical Infrastructure: Examining the Colonial Pipeline Cyber Attack, 8 June 2021. Senate hearings are archived on
hsgac.senate.gov.
On the CIA triad
- Anderson, James P. Computer Security Technology Planning Study, ESD-TR-73-51, Vol. II (Hanscom Air Force Base, October 1972). The earliest joint articulation of the three properties.
csrc.nist.govhosts a digitised copy in their historical archive. - Bishop, Matt. Computer Security: Art and Science, 2nd ed. (Addison-Wesley, 2018), Chapter 1 — the standard textbook discussion of the triad’s origins and the various “fourth properties” sometimes added to it.
On security as a process
- Schneier, Bruce. Crypto-Gram Newsletter, 15 May 2000. Available in the Crypto-Gram archives at
schneier.com.
Pre-lecture link check. Two minutes before class, click each link above and confirm it loads. Government PDFs and old testimony pages occasionally move; better to know now than to fumble live.
Common student questions (and short answers)
These come up every cohort — answers ready in case they surface mid-lecture.
- “Should we have paid the HSE ransom?” — There is no clean answer; the discomfort is the point. Use it as a discussion prompt, not a debate to resolve. The Department of Health PIR notes that paying would have set a precedent; not paying cost over €100m. Both costs are real.
- “Why didn’t they have backups?” — They did, but the backups were reachable from the production network and were also encrypted by Conti. The PIR is explicit on this. Air-gapped, immutable backups are the lesson.
- “What ransomware is it now?” — Conti formally disbanded in 2022 after the leaks. The same operators reappeared in BlackCat / ALPHV, Royal, Black Basta, and others. The model — encrypt + exfiltrate + double-extort — is unchanged.
- “Are we doomed?” — No. The HSE recovered without paying. Colonial recovered most of its ransom. The lesson is that resilience is achievable; the cost of getting it wrong is what motivates the rest of this module.
End-of-lecture self-check
Optional, formative — not graded. A 2-minute self-check on what the lecture covered. Click an option to see immediate feedback.
Going Further
Annotated reading for students who want to go deeper after the lecture.
- PwC. Conti cyber attack on the HSE: Independent Post Incident Review. Department of Health, Ireland, 3 December 2021. — The single best source on the HSE attack; ~60 pages, written in plain prose, includes the timeline and the technical chain that enabled the breach.
- Krebs, Brian. Conti Ransomware Group Diaries. KrebsOnSecurity, March 2022. — A four-part series on what the leaked chat logs reveal about how a ransomware-as-a-service operation actually runs. The HR records alone are an education.
- Bishop, Matt. Computer Security: Art and Science, 2nd ed. (Addison-Wesley, 2018) — The reference textbook for graduate cybersecurity. Chapter 1 covers the triad and its critics; the book overall is the deeper companion to ours.
- Schneier, Bruce. Secrets and Lies (Wiley, 2000; reissued with new preface 2015) — Where the “process, not product” argument was developed at book length. Twenty-five years on, almost every observation still lands.