Cybersecurity Overview - All You Need to Know

This section provides an overview of Cybersecurity technologies, including a formal definition and information about Cybersecurity core concepts, origins, characteristics, enabling technologies, and variations.

Please contact us regarding any additions or corrections to be made to this page.

CYBERSECURITY SYNOPSIS
Definition:
Cybersecurity is the collection of technologies, processes, and practices that protect networked computer systems from unauthorized use or harm. Broadly speaking, cybersecurity topics can be subdivided into two complementary areas: cyber attacks, which are essentially offensive and emphasize network penetration techniques; and cyber defenses, which are essentially protective and emphasize counter-measures intended to eliminate or mitigate cyber attacks.

Cyber attacks can take aim at the enterprise, government, military, and other infrastructural assets of a nation or its citizens, where these assets can include physical infrastructure (e.g., power grids, nuclear reactors) as well as computational infrastructure (e.g., computers, networks). Cyber attacks can be classified by their participating actors (states vs. non-states) and their attack mechanisms (e.g., direct attack, malware, exploits). See the Cyber Attack Classifications and Cyber Attack Mechanism Taxonomy sections on the Cyber Threats page for more information.

Correspondingly, cyber defenses must protect the enterprise, government, military, and other infrastructural assets of a nation or its citizens. As is the case with cyber attacks, cyber defenses can be classified by their participating actors (states vs. non-states) and their attack mechanisms (e.g., direct attack, malware, exploits). See the Cyber Defense Classifications and Cyber Defense Countermeasure Taxonomy sections on the Cyber Defenses page for more information.
Aliases:
a.k.a. Cyber Security, Computer Security, Network Security, Internet Security.
Security Classification:
Security Paradigms IT Security Cybersecurity
Core Concepts:
Some core cybersecurity concepts are defined below:
cyber attack: An offensive action by a malicious actor that is intended to undermine the functions of networked computers and their related resources, including unauthorized access, unapproved changes, and malicious destruction. Examples of cyber attacks include Distributed Denial of Service (DDoS) and Man-in-the-Middle (MITM) attacks.

cyber threat: A potential cyber attack, which may be assigned a probability of occurrence that can be used for cyber risk assessment.

cyber risk: A risk assessment that has been assigned to a cyber threat, such as DDoS attack or a data breach. A cyber risk assessment may be either qualitative or quantitative, where the latter should estimate risk (R) as a function of the magnitude of the potential loss (L) and the probability that L will occur (i.e., R = p * L).

The terms cyber attack, cyber threat, and cyber risk are interrelated as follows. A cyber attack is an offensive action, whereas a cyber threat is the possibility that a particular attack may occur, and the cyber risk associated with the subject threat estimates the probability of potential losses that may result.

For example, a Distributed Denial of Service (DDoS) cyber attack by a botnet is a cyber threat for many enterprises with online retail websites, where the associated cyber risk is a function of lost revenues due to website downtime and the probability that a DDoS cyber attack will occur.

cyber defense: Activities intended to eliminate or mitigate the effects of a cyber attack.

cyber countermeasure: A cyber defense activity that is aimed to eliminate or mitigate the effects of a specific cyber attack. e.g., Anti-Virus software is designed to act as a cyber counter-measure for a computer virus attack.

† Cyber Prefix: The cyber- prefix generally denotes something to do with cyberspace, the virtual environment that consists of all networked computers, whose interconnections comprise the Internet-of-Things (IoT). For example, in the context of cybersecurity (= cyber + security) it is common to speak of cyber threats, cyber attacks, cyber defenses, and cyber counter-measures.
Origin:
Etymology
cybersecurity = cyber- + security
• cyber- cybernetics [Weiner 1948]
• security Middle English securite French: sécurité Latin securitas Latin securus "safe, secure".
For a comprehensive and colorful explanation of how cybersecurity and its variants (cyber security and cyber-security) evolved as the preferred term for computer and network security, especially in a military-aerospace context, see ‘Cyber' Dons A Uniform [Zimmer 2013].
Technology Characteristics:
CHARACTERISTIC
RATING/EXPLANATION
• General purpose?
[Can be applied to any networked computer system]
• Multi-disciplinary?
[Combines computer science, computer engineering, network architecture & design disciplines]
• Rigorous discipline?
/ [Currently more black art than science!]
• Mature open standards?
[Standards and frameworks relatively immature]
• Mission critical?
[Critical for both commercial and defense applications.]
• Automated tool support?
/ [Continues to evolve, but still can’t keep up with the cyber villains.]
Enabling Technologies:
• Computer Software
• Computer Hardware
• Computer Networks
Usages:
• Commercial applications
• Personal applications
• Military-Aerospace applications
Variations:
• Cyberwarfare
• Information security
• Mobile security
• Network security
• World Wide Web Security

CYBERSECURITY FORUM and CyberSecurityForum.com are trademarks of PivotPoint Technology Corporation. All other product and service names mentioned are the trademarks of their respective companies.