What is Cybersecurity? - Definition & Principles

Instructor: Moses Weda

Moses has an MS in mobile telecommunication in innovation and a BS in information sciences.

Cybersecurity is of foremost concern given the prevalent use of cyberspace for daily activities including socializing and business operations. This lesson defines cybersecurity, explains its basic principles and advises how to keep confidential information secure in cyberspace.

What is Cybersecurity?

For most people, cybersecurity is the same in meaning to information security. This, however, is not true, as we will establish in this lesson. Cybersecurity is the ability to protect or defend the use of cyberspace from cyber attacks. To better understand this definition, we first need to understand what cyberspace and cyber attacks are.

Cyberspace is a global virtual environment, mostly on the internet, created by computer systems. A cyber attack is an attempt to disrupt, disable, destroy or maliciously control a computing system via cyberspace in order to destroy the integrity of data or steal access-restricted information.

Therefore cybersecurity is about protection of sensitive information, specifically those stored or accessed via the Internet, from cyber attack.

Difference between Cybersecurity and Information Security

Information security is the protection of information and information systems from unauthorized access, use, disclosure, disruption, modification or destruction in order to provide confidentiality, integrity and availability. The information to be protected can reside on the Internet, a Local Area Network (LAN) or Wide Area Network (WAN), computer, or mobile computing device.

If you have information secured on a LAN that is not connected in any way to the Internet, only information security applies, not cybersecurity. Cybersecurity comes into play when security measures are implemented through cyberspace. Cybersecurity is a subset of the larger field of information security.

Types of Cyber Attack

Cyber attacks can be implemented through different channels, such as:

Phishing - A phishing attack entails use of email or websites for tricking users into giving required information by masquerading as a genuine entity known to the user.

Malware - Malware is a computer program that performs malicious actions on another computer. Malware, when downloaded from the Internet, is disguised as a genuine application. Once it gets access to a user's computer, it can perform malicious acts including secretly retrieving data on the computer or destroying existing data.

Man-in-the-Middle - This a cyber attack where the data to be exchanged between communicating parties is compromised by an attacker. The attacker gains access to the communication and changes part or all of the data, thereby impersonating the communicating parties. The users remain unaware of the intrusion by the attacker.

Brute Force- This is a cyber attack where the attacker tries guessing system access credentials like passwords by trying different character combinations until a correct combination is identified.

Principles of Cybersecurity

When implementing cybersecurity, there are two specific goals to be attained: first, confidential information must be kept out of reach of potential cyber attackers and other unauthorized individuals. Second, cybersecurity measures must not hinder authorized users' access to the information. The following are the three main principles of cybersecurity.

Confidentiality - Cybersecurity should ensure that the information to be secured is only accessible to authorized users and prevents the disclosure of information to unauthorized parties. For example, to implement confidentiality of company information on a cloud-based Customer Relationship Management (CRM) system, access can be restricted to users with the right username-password combination. Most systems also implement confidentiality through data encryption, which is an additional layer of security. Decryption of the data requires an individual or system to attempt access using the requisite key.

Integrity - Cybersecurity efforts should ensure information remains accurate, consistent and not subject to unauthorized modification. For example, from the CRM example provided, integrity is achieved when measures are put in place to ensure that email communication between a sales representative and a customer is not intercepted and modified by an intruder when it is still in transit.

Availability - Efforts to secure information in cyberspace should not hinder its access by an authorized party. Additionally, cybersecurity implementation has to provide for redundancy access in case of any outage. For example, the company using the cloud-based CRM system can implement proxy servers and firewalls as a security measure against Denial of Service (DoS) attacks, which would create system unavailability if successful.

Best Practices for Securing Confidential Information

Formulating a Cybersecurity Policy

Cybersecurity policies define measures taken to avoid information security breaches and to deal with an identified breach should one occur. Cybersecurity policies are different from information security policies, as they specifically address information safety in cyberspace.

A robust cybersecurity policy includes both human- and technology-focused measures. Both information and how it is accessed and used must be addressed. This includes defining how information is to be sent through and received from the Internet, which file types can be downloaded from the Internet on a company network, and how often security updates are to occur.

Employee Awareness Training

An organization needs to train its employees, the network users, on information security to enable them do their part in maintaining the security of organizational information. Training includes awareness of information security risks, processes for securing information and usage of implemented security processes.

Implementing Software and Systems Updates

Systems with known vulnerabilities are a cybersecurity risk, given the fact that an attacker can use them as launch pads for a cyber attack. Implementing constant updates ensures that vendor-released updates that address known vulnerabilities are put into place.

User Access Policy

A user access policy defines who is able to access what information in an organization. This prevents unauthorized access to information and ensures data confidentiality.

To unlock this lesson you must be a Study.com Member.
Create your account

Register to view this lesson

Are you a student or a teacher?

Unlock Your Education

See for yourself why 30 million people use Study.com

Become a Study.com member and start learning now.
Become a Member  Back
What teachers are saying about Study.com
Try it risk-free for 30 days

Earning College Credit

Did you know… We have over 200 college courses that prepare you to earn credit by exam that is accepted by over 1,500 colleges and universities. You can test out of the first two years of college and save thousands off your degree. Anyone can earn credit-by-exam regardless of age or education level.

To learn more, visit our Earning Credit Page

Transferring credit to the school of your choice

Not sure what college you want to attend yet? Study.com has thousands of articles about every imaginable degree, area of study and career path that can help you find the school that's right for you.

Create an account to start this course today
Try it risk-free for 30 days!
Create an account