Definition

cybersecurity

Contributor(s): Casey Clark

Cybersecurity is the protection of internet-connected systems, including hardware, software and data, from cyberattacks.

In a computing context, security comprises cybersecurity and physical security -- both are used by enterprises to protect against unauthorized access to data centers and other computerized systems. Information security, which is designed to maintain the confidentiality, integrity and availability of data, is a subset of cybersecurity.

Elements of cybersecurity

Ensuring cybersecurity requires the coordination of efforts throughout an information system, which includes:

One of the most problematic elements of cybersecurity is the constantly evolving nature of security risks. The traditional approach has been to focus resources on crucial system components and protect against the biggest known threats, which meant leaving components undefended and not protecting systems against less dangerous risks.

To deal with the current environment, advisory organizations are promoting a more proactive and adaptive approach. The National Institute of Standards and Technology (NIST), for example, recently issued updated guidelines in its risk assessment framework that recommend a shift toward continuous monitoring and real-time assessments.

Version 1.1 of the Framework for Improving Critical Infrastructure was released in April 2018. The voluntary cybersecurity framework, developed for use in the banking, communications, defense and energy industries, can be adopted by all sectors, including federal and state governments. President Donald Trump issued an executive order mandating that federal agencies adopt the NIST Cybersecurity Framework (NIST CSF) in May 2017.

As a result of security risks, investments in cybersecurity technologies and services are increasing. In 2017, Gartner predicted that worldwide spending on information security products and services would reach $83.4 billion -- a 7% increase from 2016 -- and that it would continue to grow to $93 billion by 2018.

Types of cybersecurity threats

The process of keeping up with new technologies, security trends and threat intelligence is a challenging task. However, it's necessary in order to protect information and other assets from cyberthreats, which take many forms.

  • Ransomware is a type of malware that involves an attacker locking the victim's computer system files -- typically through encryption -- and demanding a payment to decrypt and unlock them.
  • Malware is any file or program used to harm a computer user, such as worms, computer viruses, Trojan horses and spyware.
  • Social engineering is an attack that relies on human interaction to trick users into breaking security procedures in order to gain sensitive information that is typically protected.
  • Phishing is a form of fraud where fraudulent emails are sent that resemble emails from reputable sources; however, the intention of these emails is to steal sensitive data, such as credit card or login information.

What cybersecurity can prevent

The use of cybersecurity can help prevent cyberattacks, data breaches and identity theft and can aid in risk management.

When an organization has a strong sense of network security and an effective incident response plan, it is better able to prevent and mitigate these attacks. For example, end user protection defends information and guards against loss or theft while also scanning computers for malicious code.

Careers in cybersecurity

As the cyberthreat landscape continues to grow and emerging threats, such as the internet of things, require hardware and software skills, it is estimated that there are 1 million unfilled cybersecurity jobs worldwide. IT professionals and other computer specialists are needed in security jobs, such as:

  • chief information security officer (CISO): this individual implements the security program across the organization and oversees the IT security department's operations;
  • security engineer: this individual protects company assets from threats with a focus on quality control within the IT infrastructure;
  • security architect: this individual is responsible for planning, analyzing, designing, testing, maintaining and supporting an enterprise's critical infrastructure; and
  • security analyst: this individual has several responsibilities that include planning security measures and controls, protecting digital files, and conducting both internal and external security audits.
This was last updated in May 2018

Continue Reading About cybersecurity

Dig Deeper on Information security program management

Join the conversation

8 comments

Send me notifications when other members comment.

Please create a username to comment.

How does cybersecurity impact your organization?
Cancel
In Cyber Security, selling the problem has become the preferred approach because there is no convincing Cyber solution to sell. Cyber Security is a problem without a solution. The remedy? Don’t use the Internet for data and information you cannot afford to lose. If an organization is currently using the Internet for data and information it cannot afford to lose, then it must engage in Operation Cyber Pullback.

The approach for industry? Use the Internet only for data and information you can afford to lose. Employ three-factor authentication. Employ keyless encryption based on arbitrary nondeterministic, key-based mathematical methods.

The approach for government? Set a high goal to achieve resilience. Here resilience is the ability to anticipate, avoid, withstand, minimize, and recover from the effects of adversity whether natural or man made under all circumstances of use. Employ integration engineering, a resilience integrator, and intelligent middlemen in the Critical Infrastructure system of systems. Understand and anticipate cascade triggers in the Critical Infrastructure system of systems. Indemnify industry partners to foster information sharing needed for anticipation and avoidance.

In the resilience value proposition, the payoff comes in avoiding consequences, outcomes, and bad actors.
1. Avoidance of consequences includes loss of data and information, loss of privacy, loss of well being, loss of identity, loss of money, loss of life, loss of opportunity, cleanup costs, loss of trust, and loss of availability.
2. Avoidance of outcomes includes unauthorized access, loss of data, tampering with data, erosion of performance, and denial of service.
3. Avoidance of bad actors includes disgruntled employee, hacker, corporate spy, criminal, terrorist, organized crime, and nation state.
Cancel
What is VID as it relates to cybersecurity?
Cancel
Nice.
Cancel
Can I choose a cybersecurity as my minor in b.tech as I'm weak in coding?
Cancel
Are security robots part of the cyber security system?
Cancel
Yes, because it's programmed by cyber criminals.
Cancel
how can i be a worrier in cyber security
Cancel

-ADS BY GOOGLE

File Extensions and File Formats

Powered by:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close