🚀 Early Adopter Price: $39/mo for lifeClaim Your Price →
Cybersecurity Fundamentals
Coming Soon
Expected availability announced soon

This course is in active development. Preview the scope below and create a free account to be notified the moment it goes live.

Notify me
ISACA CertificatesAssociateComing Soon

Cybersecurity Fundamentals

The Cybersecurity Fundamentals Certificate is ISACA's entry-level credential covering the core concepts and terminology of cybersecurity. It validates baseline understanding of cybersecurity principles, threats and vulnerabilities, controls, and incident response without requiring hands-on practitioner experience.

Who Should Take This

Students, career-changers, and IT generalists exploring cybersecurity. Assumes basic computing literacy. Learners finish able to discuss cybersecurity at a foundational level, understand common terminology used in industry, and recognize common threats and controls.

What's Included in AccelaStudy® AI

Adaptive Knowledge Graph
Practice Questions
Lesson Modules
Console Simulator Labs
Exam Tips & Strategy
13 Activity Formats

Course Outline

1Foundations
3 topics

Core Principles

  • Define confidentiality, integrity, and availability (the CIA triad) and identify which property a given control supports.
  • Define authentication, authorization, and accounting (AAA) and identify representative mechanisms for each.
  • Identify defense in depth and least privilege as design principles and describe how each manifests in real architectures.

Threats and Threat Actors

  • Identify common threat-actor categories: opportunistic external, targeted external, malicious insider, compromised insider, nation-state.
  • Identify common motivations: financial, ideological, espionage, competitive, retaliatory.
  • Apply threat-actor classification to a sample incident description and identify the most likely actor type.

Risk Concepts

  • Define risk as a function of threat, vulnerability, and impact and describe how each component is assessed.
  • Identify the four standard risk responses: avoid, mitigate, transfer, accept.
  • Apply risk-response selection to a sample finding and justify the chosen response with explicit reasoning.
2Threat Landscape
3 topics

Malware Categories

  • Identify the major malware categories: virus, worm, trojan, ransomware, rootkit, spyware, adware, fileless malware.
  • Identify ransomware as the dominant financially-motivated threat and describe typical kill-chain steps.

Social Engineering

  • Identify phishing, spear-phishing, vishing, smishing, business email compromise (BEC), and pretexting as social-engineering categories.
  • Apply recognition guidance for a phishing email and identify red flags (sender mismatch, urgency, unusual link, attachment, mismatched URL).

Application and Network Attacks

  • Identify common application attacks: SQL injection, XSS, CSRF, broken authentication, broken access control.
  • Identify common network attacks: DDoS, MITM, ARP/DNS poisoning, port scanning, lateral movement.
  • Analyze a breach narrative and identify which attack categories were involved and the order in which they occurred.
3Controls and Countermeasures
4 topics

Control Categories

  • Identify the standard control category set: preventive, detective, corrective, deterrent, compensating, recovery.
  • Apply control-category mapping to representative controls (firewall, IDS, backup, security awareness) and identify which categories each represents.

Cryptography Concepts

  • Distinguish symmetric encryption, asymmetric encryption, and hashing and identify what each provides (confidentiality, identity/integrity, integrity).
  • Identify common algorithm names: AES, RSA, ECC, SHA-256, HMAC — and identify which class each belongs to.

Network Defense Concepts

  • Identify firewalls, IDS/IPS, VPN, and network segmentation as core network defenses and describe what each provides.
  • Identify TLS, SSH, and IPsec as the dominant secure-protocol families and describe their typical use cases.

Identity and Access Concepts

  • Identify authentication factors (something you know/have/are) and identify MFA as a baseline expectation for sensitive accounts.
  • Identify RBAC, ABAC, and least privilege as access-control concepts and describe a use case for each.
4Incident Response and Recovery
3 topics

IR Lifecycle

  • Identify the standard IR lifecycle phases: preparation, identification, containment, eradication, recovery, lessons learned (NIST SP 800-61).
  • Apply IR lifecycle to a sample incident narrative and label each step with the corresponding phase.

Detection and Reporting

  • Identify common detection sources: SIEM alerts, EDR alerts, user reports, third-party notifications, threat-intel matches.
  • Apply incident-reporting guidance: who to notify internally (helpdesk, SOC, legal), and when external notification (regulator, customers) is required.

Business Continuity

  • Identify BCP/DR concepts: RTO, RPO, hot/warm/cold sites, backup-and-restore, failover.
  • Apply RTO/RPO selection to a sample workload (regulated database vs internal wiki) and explain the reasoning.
5Governance and Compliance
3 topics

Policies and Frameworks

  • Identify the role of security policies, standards, procedures, and guidelines and describe the differences.
  • Identify NIST CSF, ISO/IEC 27001, and CIS Controls as the most common high-level security frameworks.

Common Regulations

  • Identify HIPAA, GDPR, PCI DSS, SOX, and CCPA as the most common regulations encountered by US-based organizations.
  • Apply regulation mapping for a hypothetical US healthcare organization that takes credit cards and serves California residents (HIPAA + PCI + CCPA).

Privacy Fundamentals

  • Define personal data, sensitive personal data, and de-identified data and describe how each is handled in privacy regimes.
  • Identify data-subject rights commonly granted under modern privacy laws: access, correction, deletion, portability, restriction.
6Career and Industry
5 topics

Career Pathways

  • Identify common entry-level cybersecurity roles: SOC analyst, junior pen-tester, GRC analyst, security engineer (junior).
  • Identify the typical certification ladder: entry (CSX Fundamentals, Security+) → intermediate (CySA+, CSX-P) → advanced (CISSP, CISM, OSCP).

Industry Standards Bodies

  • Identify NIST, ISO, ISACA, ISC2, and SANS as the principal cybersecurity standards and certification bodies and describe what each contributes.

Ethics

  • Identify the ISACA Code of Professional Ethics principles and identify representative violations.
  • Analyze an ethics scenario (e.g., disclosure of a finding, conflict of interest, exceeding authorized access) and identify the appropriate response.

Continuous Learning

  • Identify ongoing-learning resources: SANS reading room, MITRE ATT&CK, NIST publications, CISA advisories, vendor security blogs.
  • Apply a personal continuous-learning plan that mixes structured learning, hands-on practice, and threat-intel awareness.

Communication

  • Identify the value of clear technical writing, structured incident reporting, and audience-aware communication for security professionals.
  • Apply audience-aware translation: explain a phishing incident, a ransomware threat, and a control gap to a non-technical executive.
7Practical Operational Concepts
6 topics

Security Operations Centers

  • Define a Security Operations Center (SOC) and identify common SOC roles: Tier 1 analyst, Tier 2 analyst, threat hunter, SOC manager.
  • Identify the typical SOC tooling stack: SIEM, EDR, SOAR, threat-intel platform, ticketing system.
  • Apply SOC workflow understanding to a sample alert: which tier triages, what enrichment is added, when it escalates.

Security Awareness and Culture

  • Identify the role of security awareness training in reducing human-factor risk and identify common training topics.
  • Apply security-culture concepts: psychological safety to report incidents, just-culture for honest mistakes, gamified phishing drills.

Vendor and Third-Party Risk

  • Identify third-party risk concepts: vendor due diligence, SOC 2 reports, security questionnaires, contract clauses (right to audit, breach notification).
  • Apply third-party risk classification to vendors based on data access and operational dependency.

Cloud Security at a Glance

  • Identify the shared-responsibility model and identify how customer security responsibilities differ across IaaS, PaaS, and SaaS.
  • Identify common cloud-security topics: cloud IAM, encryption keys, public-bucket exposure, metadata-service abuse.

Emerging Topics

  • Identify emerging cybersecurity topics: AI-generated phishing, deepfakes, post-quantum cryptography, cloud-native zero trust, supply-chain integrity.
  • Apply hype-vs-substance evaluation when reading a vendor whitepaper claiming a 'zero-trust AI-native solution' and identify which claims map to standards.

Personal Cyber Hygiene

  • Identify personal cyber hygiene practices: unique passwords with a manager, MFA on critical accounts, OS/browser updates, secure backup, password recovery.
  • Apply personal cyber hygiene to a self-assessment and identify the top three gaps with concrete remediations.
  • Identify common consumer scams (tech-support scam, romance scam, gift-card extortion) and identify the cybersecurity literacy that protects against each.
  • Apply guidance for safe travel: VPN selection, public-Wi-Fi practices, device-loss procedures, border-crossing data minimization.

Scope

Included Topics

  • Core security principles: CIA triad, AAA, defense in depth, least privilege.
  • Threat landscape: malware categories, social engineering, common attack patterns.
  • Controls: preventive, detective, corrective, deterrent, compensating.
  • Cryptography concepts at conceptual depth: symmetric, asymmetric, hashing, signatures.
  • Network security at conceptual depth: firewalls, IDS/IPS, segmentation, secure protocols.
  • Identity and access management concepts: factors, MFA, RBAC, SSO.
  • Incident response lifecycle: preparation, detection, analysis, containment, recovery, lessons learned.
  • Governance, risk, and compliance basics: policies, risk frameworks, common regulations.
  • Career pathways and certification roadmap in cybersecurity.

Not Covered

  • Hands-on tooling and practitioner techniques (covered in CSX-P).
  • Audit-specific depth (covered in CISA).
  • Management/governance depth (covered in CISM, CGEIT).

Cybersecurity Fundamentals is coming soon

Adaptive learning that maps your knowledge and closes your gaps.

Create Free Account to Be Notified