Introduction to cybersecurity

Chapter 2: Introduction to cybersecurity

This chapter introduces students to the goals of cybersecurity and how it is defined and practiced within organizations

Through an exploration of key concepts and practices, this chapter will help students develop a practical understanding of the goals of cybersecurity and how it is defined and practiced within organizations.

The goals of cybersecurity

At the most tactical level, the goals of cybersecurity are to protect the CIA of information assets. At the most strategic level, the goals of cybersecurity are to advance the strategic goals of the corporation. This likely involves creating value for stakeholders and/or serving the interests of stakeholders by aligning cybersecurity practices with the strategic goals of the corporation using QA models/certification standards/industry standards/governmental regulations or organizational policy. In other words, compliance, which typically involves risk assessment, security auditing, and security testing.

How cybersecurity is defined

Information security,

• is concerned with both the protection of information as well as the of technological infrastructure or information systems (Cherdantseva & Hilton, 2013; CNSS, 2010);

• is concerned with access to information (CNSS, 201; ISACA, 2008); and

• aims to provide assurance “that information risks and controls are in balance” (Anderson, J., 2003).

How cybersecurity is practiced

Organizations take a risk-based approach to managing cybersecurity risk.

An organization's information security goals and how to achieve them are typically articulated in a policy document that can be framed as an action plan. Achieving the goals are typically understood in terms of compliance requirements. Defensive and defensive practices are implemented to achieve compliance.