

Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
It consists of all concepts and knowledge related to cyber security information which can help you and you can achieve your knowledge from this notes
Typology: Lecture notes
1 / 3
This page cannot be seen from the preview
Don't miss anything!


cybersecurity is the practice of protecting systems, networks, programs, devices, and data from digital attacks. As our world has become fundamentally integrated with digital infrastructure, cybersecurity has evolved from a niche IT concern into a critical pillar of global economics, national security, and daily human life. To truly understand cybersecurity, it helps to look at it through its foundational principles, the threats it fights, and the strategies used to defend the digital frontier.
Every firewall rule, password policy, and encryption algorithm ever created is designed to support one or more legs of a foundational framework known as the CIA Triad.
Cyber threats are no longer just the work of solitary hackers in basements. Today, the threat landscape is highly commercialized and deeply sophisticated, driven by three primary categories of adversaries: cybercriminals (motivated by money), nation-state actors (motivated by espionage and geopolitical leverage), and hacktivists (motivated by political or social causes). The most common weapons in their arsenals include:
Instead of hacking a system, attackers frequently find it easier to "hack" the human using the system. Phishing involves deceptive emails, messages, or calls designed to trick individuals into handing over passwords, clicking malicious links, or transferring funds.
This is an umbrella term for any software intentionally designed to cause damage, steal data, or compromise a device.
Securing a modern digital environment requires a Defense-in-Depth strategy. This means layering multiple independent security controls so that if one layer fails, another stops the attacker.
[ User Awareness / Training ] [ Endpoint Security (Antivirus/EDR) ] [ Network Security (Firewalls, Identity) ] [ Data Security (Encryption, Access Control) ] [ CRITICAL DATA ] ## ``` ### Identity and Access Management (IAM) Identity is the new perimeter. Cybersecurity relies heavily on proving who you are before letting you in. This involves: 1. **Identification:** Claiming an identity (e.g., entering a username). 2. **Authentication:** Proving that identity. Security standardly relies on three factors: *something you know* (a password), *something you have* (a smartphone or security token), and *something you are* (biometrics like a fingerprint or facial scan). 3. **Authorization:** Determining exactly what data and systems that authenticated user is allowed to touch based on the **Principle of Least Privilege** (giving users only the absolute minimum access required to do their job). ### Network & Endpoint Protection * **Firewalls:** Gatekeepers that monitor incoming and outgoing network traffic based on an organization’s internal security rules. * **EDR (Endpoint Detection and Response):** Modern, AI-driven antivirus systems installed on devices (laptops, servers, phones) that constantly monitor behavior to spot and isolate abnormal activity in real time. ### The Shift to "Zero Trust" Historically, security relied on a "castle-and-moat" strategy: protect the outside network, and trust everything inside the perimeter. Modern cybersecurity has discarded this model in favor of **Zero Trust Architecture**. The core operating rule of Zero Trust is simple: *Never trust, always verify.* Every single request for data access must be authenticated and authorized, even if it originates from an internal employee sitting inside the company office. ## 4. The Human Element