What is cybersecurity?

8.What is cybersecurity? What are the different types of cybersecurity?

Cybersecurity is the art of protecting networks, devices, and data fromunauthorized
access or criminal use and the practice of ensuring confidentiality, integrity, and availability o
information. It seems that everything relies on computers and the internet now—
communication (e.g., email, smartphones, tablets), entertainment (e.g., interactive video games
social media, apps ), transportation (e.g., navigation systems), shopping (e.g., online shopping
credit cards), medicine (e.g., medical equipment, medical records), and the list goes on. many
of us daily life relies on technology and our personal information is stored either on our own
computer, smartphone, tablet or on someone else's system.
 The Different Types of Cybersecurity

1. Network Security

Most attacks occur over the network, and network security solutions are
designed to identify and block these attacks. These solutions include data and
access controls such as Data Loss Prevention , Identity Access Management,
Network Access Control , and Next-Generation Firewall application controls to
enforce safe web use policies.

Advanced and multi-layered network threat prevention technologies include

Intrusion Prevention System , Next-Gen Antivirus, Sand boxing, and Content
Disarm and Reconstruction. Also important are network analytics, threat
hunting, and automated Security Orchestration and Response technologies.
 2. Cloud Security

As organizations increasingly adopt cloud computing, securing the cloud becomes a

major priority. A cloud security strategy includes cyber security solutions, controls,
policies, and services that help to protect an organization’s entire cloud deployment
(applications, data, infrastructure, etc.) against attack.
While many cloud providers offer security solutions, these are often inadequate to the
task of achieving enterprise-grade security in the cloud. Supplementary third-party
solutions are necessary to protect against data breaches and targeted attacks in cloud
environments.
3. Endpoint Security

The zero-trust security model prescribes creating micro-segments around data wherever it may be. One way to do

endpoint security
that with a mobile workforce is using . With endpoint security, companies
can secure end-user devices such as desktops and laptops with data and network security controls, advanced
threat prevention such as anti-phishing and anti-ransomware, and technologies that provide forensics such as
endpoint detection and response solutions.
4. Mobile Security

Often overlooked, mobile devices such as tablets and smartphones have access to corporate data, exposing
businesses to threats from malicious apps, zero-day, phishing, and Instant Messaging attacks.

Mobile security prevents these attacks and secures the operating systems and devices from
rooting and jail breaking. When included with an Mobile Device Management solution, this enables enterprises to
ensure only compliant mobile devices have access to corporate assets.
5. IoT Security

While using Internet of Things devices certainly delivers productivity benefits, it also exposes organizations to
new cyber threats. Threat actors seek out vulnerable devices inadvertently connected to the Internet for nefarious
uses such as a pathway into a corporate network or for another bot in a global bot network.IoT security protects
these devices with discovery and classification of the connected devices, auto-segmentation to control network activities, and
using IPS as a virtual patch to prevent exploits against vulnerable IoT devices. In some cases, the firmware of the device can
also be augmented with small agents to prevent exploits and runtime attacks.
 6. Application Security

Web applications, like anything else directly connected to the Internet, are targets for threat actors. Application
security also prevents bot attacks and stops any malicious interaction with applications and APIs. With continuous
learning, apps will remain protected even as DevOps releases new content.

7. Zero Trust

The traditional security model is perimeter-focused, building walls around an organization’s valuable assets like a
castle. However, this approach has several issues, such as the potential for insider threats and the rapid
dissolution of the network perimeter.

As corporate assets move off-premises as part of cloud adoption and remote work, a new approach to security is
needed. Zero trust takes a more granular approach to security, protecting individual resources through a
combination of micro-segmentation, monitoring, and enforcement of role-based access controls.
 9.What are the pillars of computer security? Discus them in detail.

Computer security, also known as cyber security or IT security, refers to the practice of protecting computer systems,
networks, and data from unauthorized access, attacks, damage, or theft. It involves implementing measures and safeguards to
ensure the confidentiality, integrity, and availability of information in the digital realm. The primary goal of computer security
is to create a secure computing environment that mitigates risks and protects against a wide range of potential threats.
 pillars of computer security

Confidentiality:Confidentiality in this context means that the data is only available to authorized parties. When
information has been kept confidential it means that it has not been compromised by other parties; confidential
data are not disclosed to people who do not require them or who should not have access to them.

Integrity:Integrity in computer security refers to the methods of ensuring that data is accurate, real, and
safeguarded from unauthorised user modification or destruction. Data integrity also refers to the accuracy and
validity of data over its entire lifecycle.
 Cont..
Availability:Availability guarantees that systems, applications and data are available to users when they need them. The most
common attack that impacts availability is denial-of-service in which the attacker interrupts access to information, system,
devices or other network resources.

authentication:In authentication, the user or computer has to prove its identity to the server or client. Usually, authentication
by a server entails the use of a user name and password. Other ways to authenticate can be through cards, retina scans, voice
recognition, and fingerprints.
 Cont..
Authorization:Authorization is a process by which a server determines if the client has permission to use a resource or access
a file. Authorization is usually coupled with authentication so that the server has some concept of who the client is that is
requesting access.

Auditablity:auditablity involves a comprehensive analysis and review of your IT infrastructure. It detects vulnerabilities and
threats, displaying weak links and high-risk practices. Significant benefits of IT security audits are: Risk assessment and
vulnerability identification.
 Cont..
Security Education and Training:Security education and training focus on raising awareness among users and IT staff about
security best practices and potential threats.security education comes in various flavors, including most-commonly online and
in-person training. This training is designed to train about current threats that employees might encounter online, how to
identify them, and the appropriate actions they should take upon encountering one of these threats.