Security Concepts

Cybersecurity refers to any technologies, practices and policies for preventing cyberattacks or mitigating their impact. The aim is to protect computer systems, applications, devices, data, financial assets and people against cyberthreats. ¹

NIST is the National Institute of Standards and Technology at the U.S. Department of Commerce. NIST Cybersecurity Framework (CSF) offers a taxonomy of highlevel cybersecurity outcomes that can be used by any organization — regardless of its size, sector, or maturity — to better understand, assess, prioritize, and communicate its cybersecurity efforts. ¹.

Note: CSF is a recommendation and the framework is voluntary.

Threat refers to the danger to an asset. Assets being anything and everything of value to you. For eg. private data, servers, application, app. Examples of threat - data breach, malware infection, targeted cyber attacks, DDoS attacks.

🔮 Natural disasters also counts. Imagine if a tornado flew away your house along with the USB drive containing your BTC.

Vulnerability refers to the weakness in an asset. For eg. a weak password on your laptop presents a vulnerability which can potentially be exploited by a threat.

✒️ How do you track and identify vulnerabilities in cybersecurity?

Risk is the chance/possibility/potential for a loss when a threat occurs. It is often described by the equation¹:

Vulnerability x Threat = Risk

✒️ Use scenarios to explain risks in cybersecurity.

‘To exploit’ means to take advantage. Given a vulnerability, an attacker will use a method (code,technique,steps) to take advantage of such weakness. Such malicious methods are called exploits.

Once the security flaw is exploited, the attacker might gain access to your data, system or server. At this point, maintaining access and installing other bad stuff (think of malwares, key-loggers) becomes a priority.

Recommended read: Sentinel One - What is an exploit in cybersecurity?

✒️ Examples of exploit. What is a zero-day (0day) exploit?