The three pillars of cybersecurity:
β’ Confidentiality β Keeping data private (only authorized users can access it).
Example: Encryption, passwords, access controls.
β’ Integrity β Ensuring data is accurate and unaltered.
Example: Digital signatures, file checksums.
β’ Availability β Ensuring data and systems are accessible when needed.
Example: Backups, redundancy, DDoS protection.
________________________________________
2. Authentication, Authorization, and Accounting (AAA)
β’ Authentication β Verifying identity (e.g., username + password, biometrics, MFA).
β’ Authorization β Granting permissions (what the user can access/do).
β’ Accounting β Tracking user activity (logs, audits).
________________________________________
3. Threats & Vulnerabilities
β’ Threat β Something that could cause harm (e.g., hacker, malware).
β’ Vulnerability β Weakness that can be exploited (e.g., unpatched software).
β’ Exploit β The actual method of attack.
β’ Risk = Threat Γ Vulnerability Γ Impact.
________________________________________
4. Defense in Depth (Layered Security)
Security should not rely on one layer only.
β’ Physical Security β Locks, CCTV, guards.
β’ Network Security β Firewalls, VPN, IDS/IPS.
β’ Endpoint Security β Antivirus, patches, device encryption.
β’ Application Security β Secure coding, testing.
β’ Data Security β Encryption, backups.
β’ User Awareness β Training against phishing, social engineering.
________________________________________
5. Security Controls
β’ Preventive (stop attacks) β firewalls, access controls.
β’ Detective (identify attacks) β IDS, monitoring, SIEM.
β’ Corrective (fix damage) β patches, backups, disaster recovery.
________________________________________
6. Common Cyber Attacks
β’ Phishing (tricking users into giving info).
β’ Malware (virus, worm, trojan, ransomware).
β’ DDoS (overloading a service).
β’ Man-in-the-Middle (eavesdropping).
β’ SQL Injection & XSS (web app attacks).
β’ Zero-day Exploits (attacks on unknown vulnerabilities).
________________________________________
7. Encryption & Cryptography
β’ Symmetric encryption β Same key for encryption/decryption (AES).
β’ Asymmetric encryption β Public/private key (RSA, ECC).
β’ Hashing β One-way fingerprint of data (SHA, MD5).
β’ Digital Certificates β Used in SSL/TLS for website security.
________________________________________
8. Identity & Access Management (IAM)
β’ Principle of Least Privilege (PoLP) β Give only the access required.
β’ Zero Trust β βNever trust, always verify.β
β’ Multi-Factor Authentication (MFA) β Extra security layer.
________________________________________
9. Incident Response
Steps when something goes wrong:
1. Preparation β Plans, training, backups.
2. Detection β Spot the incident (monitoring, alerts).
3. Containment β Limit the damage.
4. Eradication β Remove the threat.
5. Recovery β Restore systems.
6. Lessons Learned β Improve security.
________________________________________
10. Compliance & Standards
β’ GDPR, HIPAA, PCI-DSS β Regulations for protecting data.
β’ ISO 27001, NIST, CIS β Security frameworks & best practices.
________________________________________
β In short: Cybersecurity = protecting data + systems + people from threats using layers of defense, strong identity controls, and continuous monitoring.