Grade 11 ITC · Term 4 · Digital Security Textbook
Unit 1 · Security Concepts & Threats · Chapter 3

Case Study — Analysing a Real Cyber Incident

Week 1 · Day 3 · Benchmark 11.4.2.1 Explain core security concepts and identify common threats
Essential question

What can we learn when a real organisation is hacked?

Learning objectives
  • Read and summarise a news report of a cyber incident
  • Identify the assets lost and CIA pillars affected
  • Suggest one control that could have prevented it

Overview

Real incidents teach more than any textbook example. When a hospital, bank or school is hit, journalists usually describe what was stolen, how the attackers got in, and who was responsible. If we read carefully, we can map every incident onto the vocabulary we already know: assets, threats, vulnerabilities, CIA pillars, and controls. Practising this on real stories trains you to think like a security analyst.

Reading a Cyber Incident

Look for four things in any report: (1) What was attacked? (2) How did the attackers get in? (3) What was lost — data, money, service? (4) What did the victim do afterwards?

Mapping to CIA

Stolen customer records = Confidentiality. Altered financial records = Integrity. Websites offline for hours = Availability. Many attacks damage more than one pillar.

Who is Responsible?

Responsibility is shared: users who click bad links, IT staff who did not patch, and vendors who shipped weak software. Blame is less useful than lessons learned.

Activity

Case Study Discussion

  1. In groups of four, read the provided news article about a recent cyber incident.
  2. List the assets lost, the CIA pillars affected, and who was responsible.
  3. Present one control that could have prevented the incident.
Review questions
  1. What is the difference between an incident and a breach?
    Reveal answer

    A breach is a specific type of incident involving unauthorised access to data.

  2. Name two things a company usually does after a major breach.
    Reveal answer

    Notify affected users; patch the vulnerability; sometimes offer credit monitoring.

  3. Why is 'blaming the user' rarely the full answer?
    Reveal answer

    Systems should be designed to reduce user error; multiple layers usually failed.

Take it home

Find and summarise one cyber incident from the last year (100 words). Identify the CIA pillar most affected.