Learn about cybersecurity so you can establish a foundation for the rest of the videos. Learn about what cybersecurity really is and how it works as a program for small, medium, and vast corporate entities.
- [Instructor] This lesson will convey background information on what cybersecurity is and help to establish that foundation for the rest of the course by providing a baseline of industry concepts and an overview of what cybersecurity means for business. Since this whole course revolves around cybersecurity, it makes sense to take a moment to discuss what cybersecurity is and provide a brief history lesson. To start with, you should know that cybersecurity goes by many different names and the name most often heard really depends on the sector you work in. An example would be the government sector where the terminology cybersecurity is prevalent.
In a private sector, information security is prevalent. As you can see, there are plenty of choices that can be used to describe the way an organization or agency goes about protecting information, networks, assets, resources, and electronic data. With the exception of information security, each of these terms is not necessarily synonymous or interchangeable with the term cybersecurity but each does portray an area focus within the greater realm of cybersecurity. To be clear though, I'll be using cybersecurity and information security interchangeably throughout this course.
What you should know is that there are many facets to an information security program. When someone says something like we need to update the ciphers and TLS protocol support for PCI compliance, what this means is that settings need to be changed in order to be compliant with PCI regulations. In reality, this can mean server settings, web application settings, network layer settings, and the groups in charge of making this change could range from the IT department to software engineers to security analysts. While the statement has plenty to do with security, it also has to be thought of in a broader context of the business or agency.
The potential for impact and what changes need to be communicated to disparate teams. Expect this to become more clear as the course progresses. Okay, so what is cybersecurity? We, meaning security professionals, often think back to the early days and one thing that comes to my mind is what is known as the CIA triad. Confidentiality, integrity, and availability. Which will be discussed in more detail later. I would like to say that information security is the security of information but it's not that simple.
Info sec is a very deep industry and many talented professionals with specialized skill sets all call it their career. Think of a website. There is the code base, the language that the website is written in, there are servers hosting the website, each running an operating system and applicable software packages. Then there's the underlying network providing the connectivity and encryption medium. There's also a data center or hosting provider with location and employees with access to the facilities and running background checks and vendor managements and security cameras and all of the documentation it processes to ensure compliance and evidence of due diligence.
And the list goes on. This is cybersecurity. All of this. It's a vast field and what it comes down to is protecting information, protecting humans, ensuring hardware and software is stable, and ensuring the integrity and confidentiality of data. Let's move on to a brief history lesson and throughout this lesson, let's keep in mind that information security is not a new trend by any means. We speak of information security in terms of computers but humans have been devising ways to secure information since the days of early civilization.
Where Julius Caesar used a simple substitution cipher that we now call a Caesar cipher. Jump forward a couple of thousand years and we are doing the same thing with more complex algorithms. The goals remain similar. Try and create a system that is hard to break. Enter hackers and crackers. There is a reason why bank faults and personal safes have their strength rated in time. This is because no system is impenetrable. It comes down to how much time and effort one is willing to put into the endeavor. Create a strong safe and someone else creates more powerful acid, stronger explosive, longer drill bit, or smarter way to gain access and this is the same in info sec.
An advanced, persistent threat also known as an APT, is a buzzword yes, and it portrays a reality of security in our time with over three billion internet users, one billion websites, and over nine billion connected devices. Suffice it to say it, that there's a large attack surface and there are always malicious actors willing to take advantage of weak security implementations. Hackers. The original hacker was a good guy. A tinkerer that wanted to learn and discover new information.
If you ever get a chance to hear me present a topic, kind of like now, you might notice that I rarely ever use the word hacker. The media, the late person's ignorance, and the general lack of education around info sec has turned a term of respect and cunning or admiration of skill into a negative connotation in the realm of information security. I won't belabor the point but now you have a little background on this term. A more appropriate word or phrase would be attacker, malicious actor or threat actor. We are just getting started. Next, we will discuss the importance of cyber security and how to protect yourself and your company.
But before we do, here's a question to think about. Protecting the confidentiality, integrity and availability of computer systems is a critical component of all cybersecurity programs. Humans as well as hardware and software all play a key role in securing assets and information. Why do you think businesses both large and small tend to have cybersecurity departments?
This course was created and produced by Mentor Source, Inc. We are pleased to host this training in our library.