WEEK 1 — Why Is Computer Security So Hard?
INFO30006 — Enhanced Master Notes
(Based on your notes + Lecture 1b slides + instructor commentary)
1. Big Picture: What Makes Cybersecurity Hard?
⭐ Core Question: Why is defence so much harder than attack?
1.1 Defender–Attacker Asymmetry
Attackers:
Only need 1 weak link
Adaptive, intelligent, creative
Have no rulebook
Low cost, high payoff
Defenders:
Must protect every point of failure
Operate under budget/time constraints
Face shifting regulations, systems, and user behaviour
📌 Memory Aid — “AOD”
Attacker needs A single point
Organisation must guard Own everything
Defender must succeed Daily
1.2 Scale of Attack (Internet Amplification)
Internet = global attack surface
High bandwidth → attacks replicate quickly
Malware, phishing, DDoS scale automatically
💡 Real-world example:
WannaCry worm (2017) spread automatically to 230k machines within
hours.
,1.3 Pace of Technology Evolution
Rapid hardware + software churn
Continuous patching needed
Leads to patch lag → vulnerability window
📌 Eric Johnson’s lesson (Week 6 preview):
→ “Cyber hygiene must keep up with innovation.”
1.4 Software Complexity Increases Attack Surface
More features → more bugs
More integrations → more misconfigurations
Requires tools like Splunk SIEM to detect anomalies
(see W6 guest lecture )
🔎 Example:
Log4j vulnerability spread because complex Java logging systems
are embedded everywhere.
1.5 “Features Beat Security”
Companies and users prioritise:
Convenience
Time-to-market
User experience
over security.
IoT example from lecture :
“Cats need food hourly → smart feeders online → IoT with weak security.”
1.6 Market Economics Misalign Incentives
Who pays ≠ who benefits
Vendors ship products fast; users bear the breach cost
Hard to justify security ROI until after disaster
Instructor example (Chris Gatford talk):
,Vendors don't earn revenue from reducing your attack surface.
1.7 Missing Context of Danger (Human Factors)
Users cannot sense digital risk:
No physical cues
No risk intuition
Susceptible to phishing/whaling
(Will connect to Week 2 Human Factors).
1.8 Human Factors (Huge Topic)
From lecture and your notes:
8a. User Non-compliance
Password reuse
Ignoring VPN
Circumventing security for convenience
→ Fix: Use MFA/passkeys, automate updates, least privilege.
8b. Error-inducing Design
Misleading UI
Confusing warnings
Unsafe defaults
→ Fix: Good UX, clear risk prompts, undo/confirm actions.
8c. Non-expert Users
Don’t understand threats
Can't identify phishing
→ Fix: Simulated phishing training, easy report buttons.
This category alone explains 30–50% of major breaches.
2. Threat Protection Lifecycle (Detect → Defend → Respond)
(From lecture slides: )
2.1 Detect
, Real-time monitoring
SIEM (Splunk, Elastic)
Logging visibility
2.2 Defend
Firewalls, access control
Encryption
Patching
Segmentation
2.3 Respond
Incident response plans
Backups
Forensics
Recovery
📌 Mnemonic — DDR:
Detect → Defend → Respond.
3. Security Goals — CIA + AAA (CIAAAA Model)
(Mapped from NIST + lecture slides )
3.1 CIA Triad
Confidentiality — “No unauthorised reading”
Methods:
Encryption (TLS/HTTPS, AES, RSA)
Access control
Least privilege
Integrity — “No unauthorised modification”
Methods:
MACs (Message Authentication Codes)
Checksums
INFO30006 — Enhanced Master Notes
(Based on your notes + Lecture 1b slides + instructor commentary)
1. Big Picture: What Makes Cybersecurity Hard?
⭐ Core Question: Why is defence so much harder than attack?
1.1 Defender–Attacker Asymmetry
Attackers:
Only need 1 weak link
Adaptive, intelligent, creative
Have no rulebook
Low cost, high payoff
Defenders:
Must protect every point of failure
Operate under budget/time constraints
Face shifting regulations, systems, and user behaviour
📌 Memory Aid — “AOD”
Attacker needs A single point
Organisation must guard Own everything
Defender must succeed Daily
1.2 Scale of Attack (Internet Amplification)
Internet = global attack surface
High bandwidth → attacks replicate quickly
Malware, phishing, DDoS scale automatically
💡 Real-world example:
WannaCry worm (2017) spread automatically to 230k machines within
hours.
,1.3 Pace of Technology Evolution
Rapid hardware + software churn
Continuous patching needed
Leads to patch lag → vulnerability window
📌 Eric Johnson’s lesson (Week 6 preview):
→ “Cyber hygiene must keep up with innovation.”
1.4 Software Complexity Increases Attack Surface
More features → more bugs
More integrations → more misconfigurations
Requires tools like Splunk SIEM to detect anomalies
(see W6 guest lecture )
🔎 Example:
Log4j vulnerability spread because complex Java logging systems
are embedded everywhere.
1.5 “Features Beat Security”
Companies and users prioritise:
Convenience
Time-to-market
User experience
over security.
IoT example from lecture :
“Cats need food hourly → smart feeders online → IoT with weak security.”
1.6 Market Economics Misalign Incentives
Who pays ≠ who benefits
Vendors ship products fast; users bear the breach cost
Hard to justify security ROI until after disaster
Instructor example (Chris Gatford talk):
,Vendors don't earn revenue from reducing your attack surface.
1.7 Missing Context of Danger (Human Factors)
Users cannot sense digital risk:
No physical cues
No risk intuition
Susceptible to phishing/whaling
(Will connect to Week 2 Human Factors).
1.8 Human Factors (Huge Topic)
From lecture and your notes:
8a. User Non-compliance
Password reuse
Ignoring VPN
Circumventing security for convenience
→ Fix: Use MFA/passkeys, automate updates, least privilege.
8b. Error-inducing Design
Misleading UI
Confusing warnings
Unsafe defaults
→ Fix: Good UX, clear risk prompts, undo/confirm actions.
8c. Non-expert Users
Don’t understand threats
Can't identify phishing
→ Fix: Simulated phishing training, easy report buttons.
This category alone explains 30–50% of major breaches.
2. Threat Protection Lifecycle (Detect → Defend → Respond)
(From lecture slides: )
2.1 Detect
, Real-time monitoring
SIEM (Splunk, Elastic)
Logging visibility
2.2 Defend
Firewalls, access control
Encryption
Patching
Segmentation
2.3 Respond
Incident response plans
Backups
Forensics
Recovery
📌 Mnemonic — DDR:
Detect → Defend → Respond.
3. Security Goals — CIA + AAA (CIAAAA Model)
(Mapped from NIST + lecture slides )
3.1 CIA Triad
Confidentiality — “No unauthorised reading”
Methods:
Encryption (TLS/HTTPS, AES, RSA)
Access control
Least privilege
Integrity — “No unauthorised modification”
Methods:
MACs (Message Authentication Codes)
Checksums
