Cybersecurity
Overview
Cybersecurity protects systems, networks, and data from unauthorized access, abuse, and disruption. Practice areas span strategy (risk acceptance), controls (prevent/detect/respond), compliance, and culture (training, secure SDLC).
Key concepts
- CIA triad — Confidentiality, integrity, availability.
- Threat vs vulnerability vs risk — Actor intent, weakness, and business impact.
- Defense in depth — Layered controls so one failure does not equal total breach.
- Zero trust — Verify explicitly; least privilege; assume breach.
- Incident response — Preparation, detection, containment, eradication, recovery, lessons learned.
Security operations loop
Sample: basic security checklist (web app)
- Enforce HTTPS everywhere; HSTS on public sites.
- Hash passwords with a modern algorithm (e.g. Argon2/bcrypt) + unique salt.
- Validate and encode all untrusted input; use CSRF tokens on state-changing requests.
- Apply least privilege to service accounts and API keys; rotate secrets.