A beginner’s introduction to cyber security & the human aspect of cyber security

This list of free (or cheap) resources is a good introduction to the world of cyber security and the human aspect of cyber security. It’s by no means exhaustive, covering only the most fundamental concepts.

Nevertheless, it’s a great place to start for beginners and those wanting to understand the basics. 

If you don’t have time to look through it all, we’d recommend you start with the things marked ‘recommended’.

Enjoy, and good luck.

Videos

Recommended
video asset

9 cyber security terms to know

A short, simple, jargon-busting video that provides easy-to-understand definitions for terminology commonly used to describe cyber threats and the technology used to protect data.

2 mins
Free

video asset

The five laws of cyber security, - Nick Espinosa

Nick Espinosa explains how internet culture fails to foster a common understanding of cybersecurity and threats online. His five laws, designed to help us think like a hacker, explain why human nature exposes people and businesses to risk.

7 mins
Free

video asset

Cyber Insecurity - why you are the vulnerability - John LaCour

With two decades of cybersecurity experience, LaCour shines a light on the underbelly of internet mischief and malice, with the intent of empowering you to be vigilant and stay safe and protected.

10 mins
Free

Recommended
video asset

Cyber crime and the modern sophistication of cyber criminals - James Lyne

James Lyne talks about the growing gap between the cybersecurity know-how of internet users and the skills and tactics of professional cyber criminals. .

55 mins
Free

Recommended
video asset

Cyber crime isn’t about computers: it’s about behaviour - Adam Anderson

Having a computer hacked can be life altering. We’re often fearful of hackers and those who want to engage in identity theft.

Adam Anderson is an ex-NSA agent and IT specialist and explains how hacking can be prevented.

13 mins
Free

video asset

Demo: the anatomy of ransomware - James Lyne

Ransomware has become increasingly pervasive, but effective, as a form of cybercrime. James Lyne, steps through a demo of how ransomware victimises unsuspecting users, showing how cyber criminals use the internet to piece together ransomware to create cryptocode.

11 mins
Free

video asset

The 1s and 0s behind cyber warfare - Chris Domas

Chris Domas is a cybersecurity researcher, operating on what’s become a new front of war, “cyber.” In this engaging talk, he shows how researchers use pattern recognition and reverse engineering to understand a chunk of binary code whose purpose and contents they don’t know.

16 mins
Free

video asset

State Sanctioned Hacking - The Elephant in the Room - Frank Heidt

Frank Heidt, cyber defense professional, offers a sobering historic, economic and demographic overview of the growing threat to the U.S. from Chinese cyber invasions. Heidt mixes humor with intellect as he places the audience on “high alert” through stories of espionage and intrigue.

18 mins
Free

Recommended
video asset

Your Human Firewall – The Answer to the Cyber Security Problem - Rob May

Personal data is a precious commodity but can we sometimes share too much? Rob May thinks we need to develop our human firewall in an age where so much of our lives are online.

16 mins
Free

video asset

Where is cybercrime really coming from? - Caleb Barlow

Cybercrime netted a whopping $450 billion in profits last year, with 2 billion records lost or stolen worldwide. Security expert Caleb Barlow calls out the insufficiency of our current strategies to protect our data. His solution? We need to respond to cybercrime with the same collective effort as we apply to a health care crisis, sharing timely information on who is infected and how the disease is spreading. If we’re not sharing, he says, then we’re part of the problem.

14 mins
Free

video asset

Why privacy matters - Glenn Greenwald

Glenn Greenwald was one of the first reporters to see — and write about — the Edward Snowden files, with their revelations about the United States’ extensive surveillance of private citizens. In this searing talk, Greenwald makes the case for why you need to care about privacy, even if you’re “not doing anything you need to hide.”

21 mins
Free

video asset

Fighting viruses, defending the net - Mikko Hypponen

It’s been 25 years since the first PC virus (Brain A) hit the net. What was once an annoyance has become a sophisticated tool for crime and espionage. Computer security expert Mikko Hyppönen tells us how we can stop these new viruses from threatening the internet as we know it.

17 mins
Free

video asset

Why good hackers make good citizens - Catherine Bracy

Hacking is about more than mischief-making or political subversion. As Catherine Bracy describes in this spirited talk, it can be just as much a force for good as it is for evil. She spins through some inspiring civically-minded projects in Honolulu, Oakland and Mexico City — and makes a compelling case that we all have what it takes to get involved.

10 mins
Free

Whitepapers

whitepaper icon

Meaningful Metrics for Human Cyber Risk - CybSafe

Most organisations fail to measure their human cyber risk.

Some measure security training uptake. Some go a little further and measure suspicious link-clicks or report-rates. But very few can answer key security questions such as “How has our human cyber risk changed over time?” and “Which security interventions reduce most risk?”.

This whitepaper explains that to answer such questions, the security industry needs meaningful metrics: to be able to benchmark; to be able to see progress; and to measure success and impact.

1 hour
Free

Recommended
whitepaper icon

Measuring Cyber Security Culture - CybSafe

Much has been written about the benefits of a secure culture. By contrast, very little has been written about how to develop a secure culture.

This whitepaper reveals how today’s security teams can build a people-centric secure culture – one that places your people at the heart of cyber security. It also introduces C-CAT, CybSafe’s world-first Culture Assessment Tool that generates personalised recommendations for advancing the people-centric security culture of individual organisations.

Highlights include:

  • Why security awareness training in its current form isn’t working
  • The importance of “security ABC”
  • How to measure and develop a people-centric security culture
  • C-CAT – CybSafe’s Culture Assessment Tool
  • C-CAT’s seven key dimensions scientifically proven to influence human cyber risk

1 hour
Free

whitepaper icon

Behaviour Change whitepaper - CybSafe

In this whitepaper, we outline the CybSafe approach to applying behavioural science, how it’s embedded in everything we do and how our products drive behaviour change in employees.

Contents:

  • About CybSafe Research and Analysis
  • Collaborations & Partnerships
  • Tackling the Human Aspect of Cyber Security: The need for effective behaviour change
  • The psychology of cyber security: How to think about behaviour change 
  • The CybSafe Method: From human cyber risks to human cyber resilience
  • Behaviour Change: The CybSafe Way

1 hour
Free

Blogs, articles and other reading

blog icon

Cyber security glossary - Cybrary

Cybrary’s cyber security glossary provides the cyber security community with knowledge of and insight on the industry’s significant terms and definitions. 

This list contains key terminology and is one of the most extensive cyber security glossary/vocabulary resources online.

N/A
Free

Recommended
blog icon

Typical roles in cybersecurity - Cyber Security Challenge UK

Cyber security encompasses a much bigger, broader range of roles than most people realise. From operations to risk analysis to law, there are a huge variety of interesting career options – and you don’t necessarily have to study STEM subjects or have a degree in cyber security.

Cyber Security Challenge UK exists to inspire and enable more people from diverse backgrounds to become cyber security professionals. 

Their website offers free resources and information on typical roles within the industry, development paths and career advice.


N/A
Free

blog icon

Cybersecurity Culture Guidelines: Behavioural Aspects of Cybersecurity

This report is concerned with human aspects of cybersecurity including not only psychology and sociology, but also ethnography, anthropology, human biology, behavioural economics and any other subject that takes humans as its main focal point.

2 hours
Free

Recommended
blog icon

The ‘ABC’ guide to improving information security

Most security awareness training attempts to raise awareness only. This blog explains the importance of security awareness training raising awareness, changing behaviour and building a culture of security, in order for it to be successful in decreasing risk.

3 mins
Free

blog icon

Security Awareness Training: The Old Definition and the New

Here, CybSafe explains why the old definition of security awareness training is too rudimentary – because it talks only of educating people and says nothing of ensuring they actually do anything with this security knowledge. 

Instead, of assuming people’s awareness will automatically change their behaviour, this blog explains the importance of behaviour training and a secure culture in successfully decreasing risk.


3 mins
Free

Recommended
blog icon

What actually is “the human aspect of cyber security”?

The definition of the human aspect of cyber security is changing. Cyber security strategies are typically sub-divided into sections on technology, processes and the human aspect of cyber security.

Definitions of both technology and processes are relatively uniform. The human aspect, however, is unique and can actually mean different things to different people.
This blog set out what the “human aspect” means in a traditional sense, as well as what it will mean in the future.

3 mins
Free

Training courses

training courses icon

Cyber Security for Executives

This course in cyber risk management provides practical, to-the-point training in everyday language, complete with examples that are easy to understand. 

It covers big picture events driving cybercrimes and the top cyber risks affecting executives and their organizations. It provides examples of common cyberattacks; explains how good “security hygiene” helps to combat security threats; outlines key actions to avoid threats such as phishing, identity theft, hacking, and financial fraud; and explains how contract “firewalls” and third-party cyber risk management can help mitigate the most common cyber risks.

1 hour 46 mins
£7.00

training courses icon

Information Security Course

With the advent of information systems, information has become the life-blood of the modern world. And yet organisations aren’t always as careful as they could be with it. Whether it’s their customer details, details of their business transactions or their intellectual property, information is – almost casually – shared when it shouldn’t be.

In this course you’ll explore what makes information so valuable and how information security is about the balance of the CIA Triad: Confidentiality, Integrity and Availability.

10 hours
Free

Recommended
training courses icon

Introduction to cyber security course

We shop online. We work online. We play online. We live online. As our lives increasingly depend on digital services, the need to protect our information from being maliciously disrupted or misused is really important. 

This course will help you to understand online security, recognise threats, and take steps to protect your digital life, whether at home or work. 

The course will also frame your online safety in the context of the wider world, introducing you to different types of malware, including viruses and trojans, as well as concepts such as network security, cryptography, identity theft and risk management.

16 hours
Free

training courses icon

BCS Foundation Certificate in Information Security Management Principles

This course is aimed at anyone with an interest in Information Security, whether as a career or for general business knowledge. 

It delivers an understanding of Information Security management issues including risk management, security standards, legislation, frameworks and business continuity.

3 days
Tbd

training courses icon

Foundations of Cybersecurity course - Springboard

This course offers a high-level overview of the security landscape. 

It covers foundational concepts for the field of cybersecurity; 

examines various types of common threats and attacks; ways to protect our environments through tools and design; explains some advanced topics such as penetration testing; and provides context for the cybersecurity jobs market and key roles within the industry.

38 hours
Free

Recommended
training courses icon

Cyber security awareness training delivery course - Cybrary

This introduction to end-user information and cyber security awareness is designed to teach the principles and practices that mobile, desktop and gaming device users need to keep themselves safe, at home and at work.

Based on the principle that a company’s most valuable assets are its people and its data, the course outlines why cyber security training is a means to protect both.

1 hours
Free

training courses icon

Social Engineering course - Cybrary

This course outlines the basic components of social engineering and how it is used.

Addressing different types of social engineering attacks, it provides hands-on experience using the Social Engineering Toolkit (SET). 

The course teaches behavioural and technical controls that can be implemented to reduce the likelihood of a successful social engineering attack. It explores fake social media profiles, phishing emails and malicious payload and gives you the experience of playing the “victim” by opening a malicious file.

The course explains why you should limit the information you share on social media and covers some basic items to include in your security awareness program. 

By the end of the course, you should understand:

  1. Different types of social engineering attack
  2. Behavioural and technical controls that can be used against them
  3. How to communicate basic security awareness to others

2 hours
Free