Cyber security is the application of technologies, processes and controls to protect systems, networks, programs, devices and data from cyber-attacks.
Its aim is to reduce the risk of cyber-attacks, and protect against the unauthorized exploitation of systems, networks and technologies.
Major areas covered in cyber security include:
1) Application Security
2) Information Security
3) Disaster recovery
4) Network Security
5) Operational security
6) End-user education
1- Application Security
This encompasses measures or counter-measures that are taken during the development life-cycle to protect applications from threats that can come through flaws in the application design, development, deployment, upgrade or maintenance.
Some basic techniques used for application security include:
a) Input parameter validation.
b) User/Role Authentication & Authorization.
c) Session management, parameter manipulation & exception management.
d) Auditing and logging.
2- Information Security
This protects information from unauthorized access to avoid identity theft and to protect privacy.
Major techniques used include:
a) Identification, authentication & authorization of user
3- Disaster recovery
This is a process that includes performing risk assessment, establishing priorities, developing recovery strategies in case of a disaster. Any business should have a concrete plan for disaster recovery to resume normal business operations as quickly as possible after a disaster.
4- Network Security
This includes activities to protect the usability, reliability, integrity and safety of the network. Effective network security targets a variety of threats and stops them from entering or spreading on the network.
Network security components include:
a) Anti-virus and anti-spyware.
b) Firewall, to block unauthorized access to your network.
c) Intrusion prevention systems (IPS), to identify fast-spreading threats, such as zero-day or zero-hour attacks.
d) Virtual Private Networks (VPNs), to provide secure remote access.
5- Operational security
This includes the processes and decisions for handling and protecting data assets. The permissions users have when accessing a network and the procedures that determine how and where data may be stored or shared all fall under this umbrella.
6- End-user education
This addresses the most unpredictable cyber-security factor: people. Anyone can accidentally introduce a virus to an otherwise secure system by failing to follow good security practices. Teaching users to delete suspicious email attachments, not plug in unidentified USB drives, and various other important lessons is vital for the security of any organization.