Cyber Security Context Notes

Understand the general context within which cyber security exists
Identify relevant local and international bodies involved with/ responsible for cyber security
Appreciate the opportunities within cyber security and skilled labour shortage in the UK
Identify the different areas of knowledge within cyber security

Definition: Cyber security refers to the protection of computer systems, networks, and data from theft, damage, and unauthorized access.
Importance: Essential for safeguarding sensitive data, maintaining privacy, protecting business operations, and ensuring trust online.
Organisations Involved: Local bodies like NCSC and international bodies like the NSA play critical roles in enhancing cyber security globally.
Skills Required: Includes technical skills (e.g., penetration testing), analytical skills, and a strong understanding of legislation.
Related Laws in the UK: Various laws govern data protection and cyber security, including the Data Protection Act.

Confidentiality: Protecting information from unauthorized access.
Integrity: Ensuring the accuracy and completeness of information.
Availability: Ensuring authorized users have access to information when needed.
Authenticity: Verifying the legitimacy of information and its sources.
Authorization: Granting access rights to information only to authorized personnel.

Vulnerabilities: Weaknesses that can be exploited by threats.
Threats: Potential sources of harm to a system (e.g., cybercriminals, natural disasters).
Countermeasures: Strategies and tools used to protect against vulnerabilities and threats.

Physical Vulnerabilities: Relate to the physical safety of hardware.
Software Vulnerabilities: Weaknesses in applications or systems.
Human Vulnerabilities: Errors or actions by users that create risks (e.g., sharing passwords).

Encryption: Protects data by converting it into a coded format.
Firewalls: Prevents unauthorized access to networks.
Authentication Mechanisms: Verifies the identity of users and devices.
Education and Training: Promotes awareness and proper security practices among staff.

Weakest Link Principle: A security system's overall strength is determined by its weakest component.
Evaluating Security: Identify and strengthen the weakest links in security.

Statistics: 39% of businesses faced cyber attacks in the past year, primarily through phishing.
Costs of Breaches: The average cost of a data breach is about 4.35 million.
Reputation Damage: Consequences extend beyond financial loss, affecting trust and brand reputation.

Certifications such as CISSP, GIAC, and Certified Ethical Hacker demonstrate proficiency in cybersecurity skills.

Over 697,000 businesses have a basic skills gap in cybersecurity, impacting their defense capabilities.

Goals: Strengthen organizational resilience and enhance security across government and enterprise.

A growing resource containing essential knowledge in the field of cybersecurity, covering 19 areas grouped into five categories.

Cybersecurity is vital for safeguarding information and systems against threats, encompassing legal, technical, and human aspects.