Security Concepts

Definition and Terms

1. What is cybersecurity ?

Cybersecurity refers to any technologies, practices and policies for preventing cyberattacks or mitigating their impact. The aim is to protect computer systems, applications, devices, data, financial assets and people against cyberthreats. 1

  1. IBM Topics in cybersecurity - https://www.ibm.com/topics/cybersecurity ↩︎

2. Cybersecurity is very broad indeed. Are there any frameworks or standard guidelines ?

NIST is the National Institute of Standards and Technology at the U.S. Department of Commerce. NIST Cybersecurity Framework (CSF) offers a taxonomy of highlevel cybersecurity outcomes that can be used by any organization — regardless of its size, sector, or maturity — to better understand, assess, prioritize, and communicate its cybersecurity efforts. 1.

Note: CSF is a recommendation and the framework is voluntary.

You can put the NIST Cybersecurity Framework to work in your business in these five areas: Identify, Protect, Detect, Respond, and Recover.

✒️ Mention other frameworks for eg. ISO/IEC 27000.

  1. NIST Cybersecurity Framework (CSF) - https://www.nist.gov/cyberframework ↩︎

3. What is a Threat ?

Threat refers to the danger to an asset. Assets being anything and everything of value to you. For eg. private data, servers, application, app. Examples of threat - data breach, malware infection, targeted cyber attacks, DDoS attacks.

🔮 Natural disasters also counts. Image if a tornado flew away your house and the USB drive containing your BTC.

4. What is a Vulnerability ?

Vulnerability refers to the weakness in an asset. For eg. a weak password on your laptop presents a vulnerability which can potentially be exploited by a threat.

🔮 You lost your house and BTC because your house was in an area where tornado occurs a lot. This was a vulnerability.

✒️ How do you track and identify vulnerabilities in cybersecurity?

4. What is a Risk ?

4. What is an Exploit ?