5 answers
chinaka
Student
Lake Dallas, Texas
1
Question
Asked
175 views
What is cyber security all about ?
Explain cyber security to me
Login to comment
5 answers
Ryan Rosario
Cyber Security Analyst
5
Answers
Lusby, Maryland
Updated
Ryan’s Answer
Good morning Chinaka,
To put it simply cyber security is all about protecting data. It encompasses a wide range of practices, technologies & measures aimed at providing confidentiality, integrity & availability to that data. Some key parts of cyber security are preventing attacks, securing networks, protecting data & performing risk management. These parts work together in a variety of ways to provide a comprehensive security system to the computer systems, networks & data of individuals or organizations.
To put it simply cyber security is all about protecting data. It encompasses a wide range of practices, technologies & measures aimed at providing confidentiality, integrity & availability to that data. Some key parts of cyber security are preventing attacks, securing networks, protecting data & performing risk management. These parts work together in a variety of ways to provide a comprehensive security system to the computer systems, networks & data of individuals or organizations.
Stephanie Coe
Executive Concierge
5
Answers
Tampa, Florida
Updated
Stephanie’s Answer
Cybersecurity is the practice of protecting computer systems, networks, programs, and data from digital attacks, unauthorized access, theft, damage, or other malicious activities. It encompasses various technologies, processes, and practices designed to safeguard digital assets and ensure the confidentiality, integrity, and availability of information.
Here are key components and concepts of cybersecurity:
1. **Confidentiality**: Ensuring that sensitive data is only accessed by authorized individuals or entities. This involves implementing access controls, encryption, and other measures to prevent unauthorized disclosure of information.
2. **Integrity**: Maintaining the accuracy, completeness, and reliability of data and systems. Integrity measures detect and prevent unauthorized modifications, alterations, or deletions of data, ensuring that information remains trustworthy and unaltered.
3. **Availability**: Ensuring that information and resources are accessible and usable when needed. Availability measures protect against disruptions, downtime, or denial-of-service attacks that could impact the availability of systems and services.
4. **Authentication**: Verifying the identity of users, devices, or entities attempting to access systems or data. Authentication mechanisms include passwords, biometrics, security tokens, and multi-factor authentication to ensure that only authorized users can gain access.
5. **Authorization**: Granting or restricting access rights and privileges to users, based on their authenticated identity and role. Authorization controls specify what actions users are allowed to perform and what resources they can access within a system or network.
6. **Risk Management**: Identifying, assessing, and mitigating cybersecurity risks to protect against potential threats and vulnerabilities. Risk management involves analyzing the likelihood and potential impact of security incidents and implementing controls to reduce risk to an acceptable level.
7. **Security Controls**: Implementing technical, administrative, and physical controls to protect against cybersecurity threats. Security controls include firewalls, antivirus software, intrusion detection systems, encryption, security policies, training, and incident response procedures.
8. **Cyber Threats**: Understanding and addressing various types of cyber threats, including malware (such as viruses, worms, and ransomware), phishing attacks, social engineering, insider threats, and advanced persistent threats (APTs).
9. **Compliance and Regulations**: Adhering to industry regulations, legal requirements, and cybersecurity standards to protect sensitive information and ensure regulatory compliance. Examples include the General Data Protection Regulation (GDPR), Health Insurance Portability and Accountability Act (HIPAA), and Payment Card Industry Data Security Standard (PCI DSS).
10. **Cybersecurity Awareness and Training**: Educating users and employees about cybersecurity best practices, security policies, and potential threats to promote a culture of security awareness and proactive risk mitigation.
Overall, cybersecurity is a critical component of modern technology and business operations, as cyber threats continue to evolve and pose significant risks to organizations, individuals, and society as a whole. Effective cybersecurity practices are essential for safeguarding digital assets, maintaining trust, and minimizing the impact of security incidents.
Here are key components and concepts of cybersecurity:
1. **Confidentiality**: Ensuring that sensitive data is only accessed by authorized individuals or entities. This involves implementing access controls, encryption, and other measures to prevent unauthorized disclosure of information.
2. **Integrity**: Maintaining the accuracy, completeness, and reliability of data and systems. Integrity measures detect and prevent unauthorized modifications, alterations, or deletions of data, ensuring that information remains trustworthy and unaltered.
3. **Availability**: Ensuring that information and resources are accessible and usable when needed. Availability measures protect against disruptions, downtime, or denial-of-service attacks that could impact the availability of systems and services.
4. **Authentication**: Verifying the identity of users, devices, or entities attempting to access systems or data. Authentication mechanisms include passwords, biometrics, security tokens, and multi-factor authentication to ensure that only authorized users can gain access.
5. **Authorization**: Granting or restricting access rights and privileges to users, based on their authenticated identity and role. Authorization controls specify what actions users are allowed to perform and what resources they can access within a system or network.
6. **Risk Management**: Identifying, assessing, and mitigating cybersecurity risks to protect against potential threats and vulnerabilities. Risk management involves analyzing the likelihood and potential impact of security incidents and implementing controls to reduce risk to an acceptable level.
7. **Security Controls**: Implementing technical, administrative, and physical controls to protect against cybersecurity threats. Security controls include firewalls, antivirus software, intrusion detection systems, encryption, security policies, training, and incident response procedures.
8. **Cyber Threats**: Understanding and addressing various types of cyber threats, including malware (such as viruses, worms, and ransomware), phishing attacks, social engineering, insider threats, and advanced persistent threats (APTs).
9. **Compliance and Regulations**: Adhering to industry regulations, legal requirements, and cybersecurity standards to protect sensitive information and ensure regulatory compliance. Examples include the General Data Protection Regulation (GDPR), Health Insurance Portability and Accountability Act (HIPAA), and Payment Card Industry Data Security Standard (PCI DSS).
10. **Cybersecurity Awareness and Training**: Educating users and employees about cybersecurity best practices, security policies, and potential threats to promote a culture of security awareness and proactive risk mitigation.
Overall, cybersecurity is a critical component of modern technology and business operations, as cyber threats continue to evolve and pose significant risks to organizations, individuals, and society as a whole. Effective cybersecurity practices are essential for safeguarding digital assets, maintaining trust, and minimizing the impact of security incidents.
Edmond Momartin ☁️
Public Cloud Security & Compliance AT&T | MBA InfoSec | OWASP-LA Board
65
Answers
Los Angeles, California
Updated
Edmond’s Answer
"Cyber" is the simplified version of "Cybernetics", coined in a book published in 1948 that explained how systems within machines and animals regulate themselves and interact w/ their environment. It has since become more about computers and digital communication. So cybersecurity would be primarily addressing all aspects of security in those systems.
To get a big picture of what that means specifically with a perspective tailored to students in general, the "Career Options" section of https://niccs.cisa.gov/education-training/cybersecurity-students would be a good place to start.
To get a big picture of what that means specifically with a perspective tailored to students in general, the "Career Options" section of https://niccs.cisa.gov/education-training/cybersecurity-students would be a good place to start.
James Constantine Frangos
Consultant Dietitian & Software Developer since 1972 => Nutrition Education => Health & Longevity.
3970
Answers
Gold Coast, Queensland, Australia
Updated
James Constantine’s Answer
Dear Chinaka,
Deep Dive into Cyber Security
Understanding Cyber Security: Simply put, cyber security, also referred to as IT security or computer security, is the shield that protects systems, networks, applications, and data from digital assaults. The primary objective of these cyber attacks is to infiltrate, alter, or destroy sensitive information, extort money, or disrupt regular business operations.
Why Cyber Security Matters: In our digital age where businesses, governments, and individuals heavily depend on digital data, cyber security is not just important, it's essential. Without robust cyber security defenses, organizations become easy targets for cyber threats, potentially leading to financial loss, damage to reputation, legal issues, and even threats to national security.
Essential Elements of Cyber Security:
Data Protection: This involves safeguarding data confidentiality, integrity, and availability through encryption, access control, and regular backups.
Network Security: This means protecting networks from unauthorized access and constantly monitoring for suspicious activities using firewalls, intrusion detection systems (IDS), and intrusion prevention systems (IPS).
Application Security: This is about defending software applications from vulnerabilities that hackers could exploit.
Endpoint Security: This involves protecting endpoints like laptops, smartphones, and other network-connected devices from malware and unauthorized access.
Cloud Security: This ensures the safety of data stored in cloud services through strong authentication methods and encryption protocols.
Incident Response: This involves creating effective plans and procedures to respond to cyber incidents like data breaches or malware infections.
Common Cyber Threats to Watch Out For:
Malware: This is harmful software designed to disrupt operations or infiltrate systems.
Phishing: These are deceptive emails or messages intended to trick individuals into disclosing sensitive information.
Ransomware: This is a type of malware that locks files until a ransom is paid.
DDoS Attacks: These attacks overload a system with traffic, making it unavailable.
Insider Threats: These are harmful actions taken by employees or contractors within an organization.
In Summary: Cyber security is a critical shield that protects digital assets from a variety of cyber threats that are continually evolving in complexity and sophistication. By putting in place strong cyber security defenses and staying alert to emerging threats, organizations can defend themselves from potential damage and maintain the integrity and confidentiality of their data.
Top 3 Reliable Sources Used:
National Institute of Standards and Technology (NIST): A non-regulatory federal agency within the U.S. Department of Commerce, NIST develops standards and guidelines to enhance the cyber security posture of organizations.
Cybersecurity & Infrastructure Security Agency (CISA): As part of the U.S. Department of Homeland Security, CISA works to strengthen the resilience of the nation’s critical infrastructure against cyber threats.
Symantec Internet Security Threat Report (ISTR): Symantec’s ISTR offers insights into global cyber security trends, drawing from real-world data collected by Symantec’s extensive threat intelligence network.
These sources were invaluable in providing accurate and current information on various aspects of cyber security for this detailed explanation.
MAY GOD BLESS YOU!
JC.
Deep Dive into Cyber Security
Understanding Cyber Security: Simply put, cyber security, also referred to as IT security or computer security, is the shield that protects systems, networks, applications, and data from digital assaults. The primary objective of these cyber attacks is to infiltrate, alter, or destroy sensitive information, extort money, or disrupt regular business operations.
Why Cyber Security Matters: In our digital age where businesses, governments, and individuals heavily depend on digital data, cyber security is not just important, it's essential. Without robust cyber security defenses, organizations become easy targets for cyber threats, potentially leading to financial loss, damage to reputation, legal issues, and even threats to national security.
Essential Elements of Cyber Security:
Data Protection: This involves safeguarding data confidentiality, integrity, and availability through encryption, access control, and regular backups.
Network Security: This means protecting networks from unauthorized access and constantly monitoring for suspicious activities using firewalls, intrusion detection systems (IDS), and intrusion prevention systems (IPS).
Application Security: This is about defending software applications from vulnerabilities that hackers could exploit.
Endpoint Security: This involves protecting endpoints like laptops, smartphones, and other network-connected devices from malware and unauthorized access.
Cloud Security: This ensures the safety of data stored in cloud services through strong authentication methods and encryption protocols.
Incident Response: This involves creating effective plans and procedures to respond to cyber incidents like data breaches or malware infections.
Common Cyber Threats to Watch Out For:
Malware: This is harmful software designed to disrupt operations or infiltrate systems.
Phishing: These are deceptive emails or messages intended to trick individuals into disclosing sensitive information.
Ransomware: This is a type of malware that locks files until a ransom is paid.
DDoS Attacks: These attacks overload a system with traffic, making it unavailable.
Insider Threats: These are harmful actions taken by employees or contractors within an organization.
In Summary: Cyber security is a critical shield that protects digital assets from a variety of cyber threats that are continually evolving in complexity and sophistication. By putting in place strong cyber security defenses and staying alert to emerging threats, organizations can defend themselves from potential damage and maintain the integrity and confidentiality of their data.
Top 3 Reliable Sources Used:
National Institute of Standards and Technology (NIST): A non-regulatory federal agency within the U.S. Department of Commerce, NIST develops standards and guidelines to enhance the cyber security posture of organizations.
Cybersecurity & Infrastructure Security Agency (CISA): As part of the U.S. Department of Homeland Security, CISA works to strengthen the resilience of the nation’s critical infrastructure against cyber threats.
Symantec Internet Security Threat Report (ISTR): Symantec’s ISTR offers insights into global cyber security trends, drawing from real-world data collected by Symantec’s extensive threat intelligence network.
These sources were invaluable in providing accurate and current information on various aspects of cyber security for this detailed explanation.
MAY GOD BLESS YOU!
JC.
Bruce Bonnick
Cyber Security
6
Answers
Washington, Washington
Updated
Bruce’s Answer
If we eliminate all the hype, buzzwords, and misinformation, Cyber Security is simply the implementation of Security on or relating to technology.
The root principle of security, is the balance between accessibility and security. I say balance because you can't have both. If something is secure, it is not accessible, and if it is accessible it is not secure.
For example, if you had information on your cellphone and wanted it completely secure. Take the cell phone, put it in a furnace and melt it down completely, and while it is still heated to a malleable state compress it into a ball or wafer, then break and distribute the pieces around the globe. The information is now secured and nobody can get to it.
To achieve balance, information security and by extension cyber security has at its core 3 tenets which represent the goals or points of assurance.
This is the CIA triad: Confidentiality, Integrity, and Availability
Confidentiality: Information is protected from being viewed by those it is not intended for.
Integrity: Information is protected from being modified, or changed by those who are not supposed to change it.
Availability: Information is available to those who are supposed to have access to it, when they want to have access to it.
Those 3 principles are leveraged alone or in some combination to provide security to a system, device, application, web site, etc.
How do you keep information confidential? Encryption
How do you maintain integrity? Track and account for changes
How do you maintain availability? Backups, fail over, shields and defensive measures
The Cyber Security industry is about implementing measures towards ensuring the CIA principles within the available budget.
This gets into Risk Management which is essentially a cost comparison between how much you spend on fixing a point of vulnerability versus the likely-hood that vulnerability will be exploited, and how much that being exploited will cost the organization
If you can wrap your head around these concepts as I've explained them and adopt a mindset to apply that to your view of cyber security, you should find it pretty easy to learn and explore.
The root principle of security, is the balance between accessibility and security. I say balance because you can't have both. If something is secure, it is not accessible, and if it is accessible it is not secure.
For example, if you had information on your cellphone and wanted it completely secure. Take the cell phone, put it in a furnace and melt it down completely, and while it is still heated to a malleable state compress it into a ball or wafer, then break and distribute the pieces around the globe. The information is now secured and nobody can get to it.
To achieve balance, information security and by extension cyber security has at its core 3 tenets which represent the goals or points of assurance.
This is the CIA triad: Confidentiality, Integrity, and Availability
Confidentiality: Information is protected from being viewed by those it is not intended for.
Integrity: Information is protected from being modified, or changed by those who are not supposed to change it.
Availability: Information is available to those who are supposed to have access to it, when they want to have access to it.
Those 3 principles are leveraged alone or in some combination to provide security to a system, device, application, web site, etc.
How do you keep information confidential? Encryption
How do you maintain integrity? Track and account for changes
How do you maintain availability? Backups, fail over, shields and defensive measures
The Cyber Security industry is about implementing measures towards ensuring the CIA principles within the available budget.
This gets into Risk Management which is essentially a cost comparison between how much you spend on fixing a point of vulnerability versus the likely-hood that vulnerability will be exploited, and how much that being exploited will cost the organization
If you can wrap your head around these concepts as I've explained them and adopt a mindset to apply that to your view of cyber security, you should find it pretty easy to learn and explore.