Foundation Certificate in Cyber Security

Developed with QA
This content is developed in partnership with QA
Duration10h 50m
star star star star star


Learning Path Overview

The QA Foundation Certificate in Cyber Security (FCCS) aims to provide a comprehensive but necessarily high-level overview across industry-standard technology and platforms, illuminating the technology and its specific cyber governance, risk and assurance challenges without technically challenging the learner with hands-on labs. 

The course takes the learner back to computer basics to build the individual's understanding of common technology platforms through to the network layer and on via virtualization technologies, cloud systems, telecoms, and modern communications. 

It then moves into the fundamentals of cyber security, focussing on common methods of attack, protective monitoring, encryption, and how digital footprints are often exploited.  

The third module takes the learner into the world of cyber and legal governance, focusing on cyber law and the context in which security practitioners and organizations have to operate within.  

In the final module, we go into the other kinds of security that are important to take into account, and best practice for security architecture.  

Each module provides insight into the technical subject matter with the crucial security subtext. Knowledge check exercises are used throughout to make sure that learners are ready to take the QA FCCS examination when they choose to.  

Please note: this content was produced in the UK and may include the use of British English.

Intended Audience

Although perceived as an IT issue, cyber security is, in fact, a subject relevant to all business units. The FCCS course is relevant to anyone requiring an understanding of cyber security management as well as those with an interest in cyber security, either as a potential career, or as an additional part of their general business knowledge; including members of Cyber security management teams, IT managers, security and systems managers, information asset owners and employees with legal compliance responsibilities.  

The course acts as a foundation for more advanced managerial or technical qualifications and provides a thorough general understanding to enable businesses to ensure they are secure.  

Prerequisites of the Certifications

There are no prerequisites for this course, however, participants are expected to have a basic understanding of computers and the internet. 


Learning Objectives

The FCCS course is GCHQ certified course, and covers the following areas: 

  • Computing Foundation, Data Storage & Memory 
  • OSI Protocol Stack 
  • TCP/IP 
  • Network Architecture 
  • Internet Primer 
  • Network Security 
  • Modern Communications 
  • Virtualisation & Cloud Technologies 
  • Protective Monitoring 
  • Common Methods of Attack 
  • Encryption 
  • Cyber and the Legal Framework 
  • Digital Footprints 
  • Information Assurance landscape 
  • Risk Management 
  • Risk Treatment 
  • Physical Security 
  • Personnel Security 
  • Service Assurance & Standards 
  • Software Security Assurance 
  • Secure Development Process 
  • Threat Modelling 
  • STRIDE Mitigation 
  • Security Best Practices 
  • Introduction to Security Architecture 


This Learning Path contains videos, quizzes and other resources for four courses. Each course has exam quizzes for you to test your knowledge as you work through the Learning Path. 


Course Introduction

We begin with an introduction to the course and what you can expect from the videos and quizzes in this Learning Path.  

Module 1 – Computing and Networking Fundamentals

  • Introduction to Computing and networking fundamentals 
  • Computing foundation, data storage and memory 
  • Network computing 
  • Network communications 
  • Internet primer 
  • Network security 
  • Modern communications 
  • Virtualization & cloud technologies 


Module 2 – Cyber Security Fundamentals

  • Introduction to cyber security fundamentals 
  • Common methods of attack 
  • Protective monitoring 
  • Encryption 
  • Digital footprints (parts 1 and 2) 

Module 3 – Governance and Risk

  • Introduction to governance and risk 
  • Cyber and the legal framework 
  • Information assurance 
  • Risk management and risk treatment 
  • Service assurance & standards 
  • Software security assurance 
  • Threat modeling and stride 

Module 4 - Security

  • Introduction to Security 
  • Physical security 
  • Personnel security  
  • Secure development process 
  • Security best practice 
  • Introduction to security architecture 

Preparing for the Examination

This course will prepare you for the QA FCCS examination. You can get all the information you need on your exam by contacting your QA account manager. 


We welcome all feedback and suggestions - please contact us at if you are unsure about where to start or if would like help getting started. 


Your certificate for this learning path

Learning Path Steps

1 courses

We begin with an introduction to the course and what you can expect from the videos and quizzes in this Learning Path.

2 courses

This course introduces the basic ideas of computing, networking, communications, security and virtualization and will provide you with an important foundation for the rest of the course.

3 exam-filled

Module 1 - Knowledge Check: Computing foundation, data storage, and memory

4 exam-filled

Module 1 - Knowledge Check: Network computing

5 exam-filled

Module 1 - Knowledge Check: Network communications

6 exam-filled

Module 1 - Knowledge Check: Internet primer

7 exam-filled

Module 1 - Knowledge Check: Network security

8 exam-filled

Module 1 - Knowledge Check: Modern communications

9 exam-filled

Module 1 - Knowledge Check: Virtualization & cloud technologies

10 courses

This course provides a strong foundation on the fundamentals of cybersecurity, taking you through cyber risks, how to protect against them, and how cybercriminals can use their target's digital footprint to find exploits.

11 exam-filled

Module 2 - Knowledge Check: Common methods of attack

12 exam-filled

Module 2 - Knowledge Check: Protective monitoring

13 exam-filled

Module 2 - Knowledge Check: Encryption

14 exam-filled

Module 2 - Knowledge Check: Digital footprints

15 courses

This takes a deeper look at the governance and risk elements of cybersecurity: cyber and legal frameworks, information assurance, risk management and treatment, service assurance, software security assurance, and threat modeling.

16 exam-filled

Module 3 - Knowledge Check: Cyber and the legal framework

17 exam-filled

Module 3 - Knowledge Check: Information assurance

18 exam-filled

Module 3 - Knowledge Check: Risk management and risk treatment

19 exam-filled

Module 3 - Knowledge Check: Service assurance & standards

20 exam-filled

Module 3 - Knowledge Check: Software security assurance

21 exam-filled

Module 3 - Knowledge Check: Threat modeling and stride

22 courses

This course looks at the other facets of security that come into play when thinking about cybersecurity in general. Starting with physical and personnel security, it then moves into the secure development process, security best practice and ends with an int...

23 description

Physical, technical, and procedural controls.

24 exam-filled

Module 4 - Knowledge Check: Physical and personnel security

25 exam-filled

Module 4 - Knowledge Check: Secure development process

26 exam-filled

Module 4 - Knowledge Check: Security best practice

27 exam-filled

Module 4 - Knowledge Check: Introduction to security architecture

About the Author

Learning paths1

Paul began his career in digital forensics in 2001, joining the Kent Police Computer Crime Unit. In his time with the unit, he dealt with investigations covering the full range of criminality, from fraud to murder, preparing hundreds of expert witness reports and presenting his evidence at Magistrates, Family and Crown Courts. During his time with Kent, Paul gained an MSc in Forensic Computing and CyberCrime Investigation from University College Dublin.

On leaving Kent Police, Paul worked in the private sector, carrying on his digital forensics work but also expanding into eDiscovery work. He also worked for a company that developed forensic software, carrying out Research and Development work as well as training other forensic practitioners in web-browser forensics. Prior to joining QA, Paul worked at the Bank of England as a forensic investigator. Whilst with the Bank, Paul was trained in malware analysis, ethical hacking and incident response, and earned qualifications as a Certified Malware Investigator, Certified Security Testing Associate - Ethical Hacker and GIAC Certified Incident Handler. To assist with the teams malware analysis work, Paul learnt how to program in VB.Net and created a number of utilities to assist with the de-obfuscation and decoding of malware code.