Cybersecurity is the practice of protecting computer networks, devices, and information from damage, loss or unauthorized access. It is important to note that cybersecurity protects digital information from cyberthreats. The protection of information means the preservation of confidentiality, integrity, and availability of information in the cyberspace.
Cybersecurity professionals act to protect servers, endpoints, databases, and networks by finding security gaps and misconfigurations that create vulnerabilities.
Cybersecurity can be divided into five categories: critical infrastructure security, application security, network security, cloud security, and the Internet of Things (IoT) security.
Note that other organizations may categorize the types of cybersecurity differently or label them differently. In addition to these five categories there are the people and processes that use technology to defend computer systems, networks, and the information therein.
These different categories reflect the extent that computer technologies have transformed the world.
From online management of gas pipelines or electrical grids to applications that allow you to buy and sell goods online to collaborating with work colleagues irrespective of geography to renting data storage in the cloud to tracking printer toner and maintenance, all of these technologies have transformed how people live and how they
do business.
The digital transformation has realized enormous efficiencies, expanded unheard of conveniences, supplied omnipresent access to information, and exponentially increased productivity, which has grown wealth and improved the quality of life. For example, people living in remote areas of the world can access medical experts using computer technologies. Personal medical information can be collected locally and transferred to medical experts to assist in diagnosis and remedies. Without securing computer networks and the links that connect them, all of these advances are at risk.
Information security, also known as InfoSec, is the practice of protecting information. InfoSec includes the tools and processes used for preventing, detecting, and remediating attacks and threats to sensitive information, both digital and physical. InfoSec also includes documenting the processes, threats, and systems that affect the security of information. The nature of the information is inclusive and broad. It includes information stored electronically on a computer, or information laying on someone’s desk, or stored in a file cabinet. Information that might require protection could also include everything from mission-critical data to HR policies to legal contracts.
IT security scrutinizes all information within an organization in order to categorize and prioritize its sensitivity. Some information is labelled as unprotected, meaning that no controls are necessary, while some information is labelled as protected, meaning that some level of protection and control is required. Depending on the protected information’s criticality, it could be labelled confidential, secret, or top secret. Each successive protected level requires more rigorous control and safeguards.
Information systems security is a part of InfoSec. It is defined as the protection of information systems against unauthorized access, modification, destruction, or the denial of access to authorized users. Information systems include the devices, computer networks, and physical locations that store or transmit sensitive information. The form of the information can be digital or physical.
Given what you now know about the terms discussed in this lesson, you can conclude that information systems security is a subset of InfoSec and cybersecurity is a subset of information systems security.
Given the importance of protecting this cyber infrastructure, which is vital to the continued prosperity and quality of life to much of the world, certain precautions can be taken. It starts with people and education. Numerous studies have identified human error as the leading cause of network and computer breaches. This situation can be addressed by educating people at work and at home to think before clicking and to help them identify phishing attacks and other common attack methods by bad actors.
Another first line of defense, both at work and at home is to prepare for disaster and plan for recovery. If you do regular backups of your data and these are kept safely offline, then should your data be deleted or corrupted by malware, or encrypted by ransomware, you can restore your data with the least amount of data loss and interruption.
Comments