What is cyber security?
What is cyber security? The technique of securing information by limiting information risks is known as cyber security (cybersecurity) or information security. It’s a component of information risk management. It often entails preventing or limiting the likelihood of unauthorized/inappropriate data access, or the illegal use, disclosure, interruption, deletion, corruption, alteration, inspection, recording, or devaluation of information. But, is that what cyber security is all about?
It also includes activities aimed at mitigating the negative consequences of such situations. Protected information might be electronic or physical, tangible (such as paperwork) or intangible (e.g. knowledge). The fundamental objective of information security is the balanced protection of data confidentiality, integrity, and availability (also known as the CIA triad) while retaining a focus on effective policy execution, all without compromising organisational productivity.
This is generally accomplished through a structured risk management strategy that includes the following steps:
- Identifying information and related assets, as well as potential threats, vulnerabilities, and impacts; evaluating risks;
- Deciding how to address or treat the risks, i.e. to avoid, mitigate, share, or accept them where risk mitigation is required;
- Selecting or designing appropriate security controls and implementing them;
- Monitoring the activities;
- and making adjustments as needed to address any issues, changes, and improvement opportunities.
Academics and cyber security professionals work together to provide guidelines, policies, and industry standards on passwords, antivirus software, firewalls, encryption software, legal liability, security awareness and training, and so on. See factsheets on what is cybersecurity.