What is Cyber Security ?; A Question’s answer heavily confused by authors, you need to just search “what is Cyber, or Cyber Security, or Cyber Space, Cyber Crime etc.” on Google and search engines will blow up with numerous number of results. Let me simplify for you.
A collection of interconnected computers or computer systems (A Computer Network). Generally, referrers to Internet.
Kindly do not ask me what is internet and how it works. Because it is very long story to tell.
But an important thing to understand here is that, it is not only mean to internet. Today, we have numerous types of “collection of interconnected computers or computer systems” such as our Home Computer Networks, Our Office Computer Networks, Small, Mid-Size or Large Organization Computer Networks. These networks may or may not be connected to “The Internet” but still its fall under the definition given.
Cyberspace is the non-physical terrain (Virtual Space) created by interconnected computer systems. Anything related to the Internet also falls under the cyber category.
Before we proceed further to know what is cyber security lets understand first that “what is information security”.
- Information Security: As per ISO/IEC Standard 27000:2014 (Information technology – Security techniques – Information Security Management System – Overview and Vocabulary)’s section 2 Terms and Definition states “preservation of Confidentiality, Integrity, and Availability of information” is referred as information security. Though in same standard section 3 Information security management system further adds “Information security involves the application and management of appropriate security measures that involves considerations of wide range of threats, with aim of ensuring sustained business success and continuity, and minimizing impacts of information security incidents”
- Information Security Management Framework: An information security management system consists of the policies, procedures, guidelines and associated resources and activities, collectively managed by an organization, in pursuit of protecting its information assets. An ISMS is a systematic approach for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving an organization’s information security to achieve business objectives.
(Reference: ISO/IEC Standard 27000:2014 (Information technology – Security techniques – Information Security Management System – Overview and Vocabulary)
Let me again simplify this definition for you.
Information security is term associated with securing critical, sensitive and confidential information assets (either Digital or Physical) of an organization using people, policy & procedures, and technologies with objective to protect confidentiality, integrity, and availability attributes of information assets. Information Security Management System is framework based on PDCA (Plan, Do, Check, & Act) model to plan, implement, Operate, Monitor, & improve information security posture of an organization.
Now come back to our original topic !!!
Cyber security is a subset of information security. It specifically focuses on protecting digital information assets such as computer Network & systems and their components such as hardware, software, data, and other digital infrastructure. Cybersecurity is the practice of protecting systems, networks, and programs from Cyberattacks or unintentional damages. Alike Information Security, Cyber Security also have same 3 pillar for implementation i.e. People, Policy & Procedures, and technologies and have objectives to protect Confidentiality, Integrity, and Availability (CIA) from Unauthorized Disclosure, Alteration, & Destruction (DAD).
Cyberattack: Systematic efforts of malicious individual or Organization/Group usually aimed at accessing, changing, or destroying sensitive & important information of target. Data centers, websites, programs, servers or online accounts can all be exploited through a cyberattack.
Below are some limited list of component of Cybersecurity:
- ICT hardware Security
- Network Security
- Host or Operating System Security
- Application Security
- Digital Data Security
- Identity & Access Management
- Database and Infrastructure Security
- Cloud Security
- Endpoint Security
- Disaster Recovery/Business Continuity
- System Admin & End-User education