Cybersecurity Techniques Unit 1

(January 2026 onwards until the end of the school year is cybersecurity techniques)

Security

An ongoing process of protecting systems, networks, and data through assessment, implementation, monitoring, response, and deterrence.

Security Controls

Safeguards or countermeasures put in place to protect information systems and data assets.

Security Posture

An organizations overall security strength based on its policies, controls, and frameworks

Confidentiality

Ensures that data is not disclosed to unauthorized persons.

Integrity

Ensures that data is accurate and has not been modified or tampered with.

Availability

Ensures that systems and data are accessible when needed by authorized users.

Sophisticated Attacks

Complex attacks that use common tools and varying behaviors, making them difficult to detect.

Proliferation of Attack Software

The widespread availability of attack tools that allows many users to launch attacks.

Attack Scale and Velocity

The speed and size at which modern attacks can spread across large numbers of systems.

Managerial Controls

Controls that provide oversight, planning, and decision making for security systems.

Operational Controls

Controls that are primarily implemented and performed by people.

Technical Controls

Controls implemented through hardware, software, or firmware to protect systems and data.

Physical controls

Non-technical controls that protect facilities and hardware, such as locks, alarms, and cameras.

Preventive Controls

Controls that operate before an attack to reduce the likelihood of success

Detective Controls

Controls taht identify and record attacks while they are occurring.

Corrective Controls

Controls used after an attack to reduce impact and restore systems or data.

Directive Controls

Controls that enforce rules of behavior through policies, standards, or procedures.

Deterrent Controls

Controls that discourage attacks by warning of consequences rather than stopping access.

Compensating Controls

Alternative controls used when required controls cannot be implemented, providing equivalent protection.

Security Policy.

A formal document that defines how an organization protects its data and systems.

Best Practice Frameworks

Established guidelines that help organizations implement effective security controls.

Compliance

Meeting legal, regulatory, and standards-based security requirements.

Security Operations Center (SOC)

A centralized location where security professionals monitor and protect information assets.

DevOps

A collaborative approach that integrates software development and IT operations.

DevSecOps

An extension of DevOps that embeds security into every stage of development and deployment.

Shift Left

The practice of addressing security early in the planning and development process.

Computer Incident Response Team (CIRT / CSIRT / CERT)

A dedicated team responsible for handling and responding to security incidents.

Risk Assessment

The process of identifying threats, vulnerabilities, and potential impacts.