Cyber security is the practice of protecting systems, networks, and programs from digital attacks. It’s also known as information technology security or electronic information security.
Cyber-attacks are often aimed at accessing, changing, or destroying sensitive information. Final goal of these attacks is extorting money from users, or interrupting normal business processes in organizations, governments and countries.
There has even been a new branch of cyber-attacks in recent years called cyber terrorism. This naming has two aspects. First, cyber-attacks are sometimes so devastating that they are no different from a physical terrorist attack. The second aspect is that sometimes these attacks are carried out to obtain military information and national security, and ultimately lead to a physical and deadly terrorist incident.
So, cyber-security is very important because government, military, corporate, financial, and medical organizations store large amounts of information on their network computers. Cyber security create the disciplines dedicated to protecting that information and the systems used to process or store it. In the world of cyber-security, of course, there are many powerful technologies, but humans still play a key role. Expert, intelligent, trained and committed human beings.
What is the main feature of a powerful cyber security system? A strong cyber security system has multiple layers of protection spread across computers, devices, networks and programs.
Cyber-security can be divided into a few common categories:
- Network security (Computer Security): This type of security is the practice of securing a computer network from targeted attackers, and malware. Network security uses hardware and software to protect any data that’s sent through your computer and other devices to the network. Example of network security include the implementation of two-factor authentication (2FA). You can read this post about 2FA and MFA.
- Application security: This type of cyber-security focuses on keeping software and devices free of threats, and it uses software and hardware to defend against external threats. Application security is very critical because a compromised application could provide access to the data it’s designed to protect. Examples of application security include anti-malware programs, firewalls and also data encryption.
- Information security (InfoSec): It protects the integrity and privacy of data in any form (physical and digital) from unauthorized access, change, disclosure, or other forms of abusement.
- Cloud Security (Cloud Computing Security): A software-based tool that protects and monitors data in the cloud. Cloud security involves the procedures and technology that secure cloud computing environments against threats. These security measures are configured to protect cloud data, setting authentication rules for individual users and devices, and protect customers’ privacy.
- Endpoint Security: An endpoint is any device that is physically an end point on a network. Laptops, desktops, mobile phones, tablets, servers, and virtual environments can all be considered endpoints. Endpoint security is the services of securing endpoints. These services may include anti-malware, email filtering, web filtering, and firewall services. Today, most well-known manufacturers of anti-malware products offer endpoint versions for both home users as well as network endpoints.
- Disaster recovery and business continuity: How an organization responds to a cyber-security incident or any other event that causes the loss of operations or data. We have provided detailed training on these two topics in the CISSP Training Course. In recent years, Disaster Recovery, and business continuity have more important role in enterprise computing budgets.
- End-user education: This education refers to most unpredictable cyber-security factor: people (Employees). We can easily, and confidently claim that end-user education is the most important element in implementing a cyber-security system. Many businesses spend a large amount of money on software, hardware, and services to help prevent cyber-attacks but forget about end-user training. Attackers have understood that engaging the end-user is the easiest way to through the powerful defense layers of cyber security systems. End-user education involves teaching users to follow best practices to prevent cyber-attacks. Examples of these practices include teaching users to delete suspicious email attachments, and not plug in unidentified USB drives. In our recent posts (for example “Confidence and Romance Fraud attacks” post), we have shown it is very important that personnel to be aware of the concepts of cyber-security.
———————————
Sources:
