8.What is cybersecurity? What are the different types of cybersecurity?

What is cybersecurity?
Cybersecurity is the art of protecting networks, devices, and data from
unauthorized access or criminal use and the practice of ensuring
confidentiality, integrity, and availability of information. It seems that
everything relies on computers and the internet now—communication
(e.g., email, smartphones, tablets), entertainment (e.g., interactive video
games, social media, apps ), transportation (e.g., navigation systems),
shopping (e.g., online shopping, credit cards), medicine (e.g., medical
equipment, medical records), and the list goes on. many of us daily life
relies on technology and our personal information is stored either on our
own computer, smartphone, tablet or on someone else's system.
The Different Types of Cybersecurity

1. Network Security

Most attacks occur over the network, and network security solutions are
designed to identify and block these attacks. These solutions include data
and access controls such as Data Loss Prevention , Identity Access
Management, Network Access Control , and Next-Generation Firewall
application controls to enforce safe web use policies.

Advanced and multi-layered network threat prevention technologies

include Intrusion Prevention System , Next-Gen Antivirus, Sand boxing,
and Content Disarm and Reconstruction. Also important are network
analytics, threat hunting, and automated Security Orchestration and
Response technologies.

2. Cloud Security

As organizations increasingly adopt cloud computing, securing the cloud

becomes a major priority. A cloud security strategy includes cyber
security solutions, controls, policies, and services that help to protect an
organization’s entire cloud deployment (applications, data, infrastructure,
etc.) against attack.

While many cloud providers offer security solutions, these are often
inadequate to the task of achieving enterprise-grade security in the cloud.
Supplementary third-party solutions are necessary to protect against data
breaches and targeted attacks in cloud environments.

3. Endpoint Security
The zero-trust security model prescribes creating micro-segments around
data wherever it may be. One way to do that with a mobile workforce is
using endpoint security. With endpoint security, companies can secure
end-user devices such as desktops and laptops with data and network
security controls, advanced threat prevention such as anti-phishing and
anti-ransomware, and technologies that provide forensics such as
endpoint detection and response solutions.

4. Mobile Security

Often overlooked, mobile devices such as tablets and smartphones have

access to corporate data, exposing businesses to threats from malicious
apps, zero-day, phishing, and Instant Messaging attacks. Mobile
security prevents these attacks and secures the operating systems and
devices from rooting and jail breaking. When included with an Mobile
Device Management solution, this enables enterprises to ensure only
compliant mobile devices have access to corporate assets.

5. IoT Security

While using Internet of Things devices certainly delivers productivity

benefits, it also exposes organizations to new cyber threats. Threat actors
seek out vulnerable devices inadvertently connected to the Internet for
nefarious uses such as a pathway into a corporate network or for another
bot in a global bot network.

IoT security protects these devices with discovery and classification of

the connected devices, auto-segmentation to control network activities,
and using IPS as a virtual patch to prevent exploits against vulnerable IoT
devices. In some cases, the firmware of the device can also be augmented
with small agents to prevent exploits and runtime attacks.

6. Application Security

Web applications, like anything else directly connected to the Internet,

are targets for threat actors. Application security also prevents bot attacks
and stops any malicious interaction with applications and APIs. With
continuous learning, apps will remain protected even as DevOps releases
new content.

7. Zero Trust
The traditional security model is perimeter-focused, building walls
around an organization’s valuable assets like a castle. However, this
approach has several issues, such as the potential for insider threats and
the rapid dissolution of the network perimeter.

As corporate assets move off-premises as part of cloud adoption and

remote work, a new approach to security is needed. Zero trust takes a
more granular approach to security, protecting individual resources
through a combination of micro-segmentation, monitoring, and
enforcement of role-based access controls.

9.What are the pillars of computer security? Discus them in detail.

Computer security, also known as cyber security or IT security, refers to
the practice of protecting computer systems, networks, and data from
unauthorized access, attacks, damage, or theft. It involves implementing
measures and safeguards to ensure the confidentiality, integrity, and
availability of information in the digital realm. The primary goal of
computer security is to create a secure computing environment that
mitigates risks and protects against a wide range of potential threats.
Confidentiality:Confidentiality in this context means that the data is only
available to authorized parties. When information has been kept
confidential it means that it has not been compromised by other parties;
confidential data are not disclosed to people who do not require them or
who should not have access to them.

Integrity:Integrity in computer security refers to the methods of ensuring

that data is accurate, real, and safeguarded from unauthorised user
modification or destruction. Data integrity also refers to the accuracy and
validity of data over its entire lifecycle.

Availability:Availability guarantees that systems, applications and data

are available to users when they need them. The most common attack that
impacts availability is denial-of-service in which the attacker interrupts
access to information, system, devices or other network resources.

authentication:In authentication, the user or computer has to prove its

identity to the server or client. Usually, authentication by a server entails
the use of a user name and password. Other ways to authenticate can be
through cards, retina scans, voice recognition, and fingerprints.
Authorization:Authorization is a process by which a server determines if
the client has permission to use a resource or access a file. Authorization
is usually coupled with authentication so that the server has some concept
of who the client is that is requesting access.

Auditablity:auditablity involves a comprehensive analysis and review of

your IT infrastructure. It detects vulnerabilities and threats, displaying
weak links and high-risk practices. Significant benefits of IT security
audits are: Risk assessment and vulnerability identification.

Security Education and Training:Security education and training focus

on raising awareness among users and IT staff about security best
practices and potential threats.security education comes in various
flavors, including most-commonly online and in-person training. This
training is designed to train about current threats that employees might
encounter online, how to identify them, and the appropriate actions they
should take upon encountering one of these threats.