Cybersecurity Awareness: 4 Important Things To Know In 2025

Cybersecurity is based on the principles of protection and defenses.

I have committed my life through research and discovery on what people should know.

Whether you are not in the field or a expert in it you need to know these things.

1. Information Technology (IT)

   “The study, design, development, implementation, support or management of computer-based information systems, particularly software applications and computer hardware”.

• Information Technology is made up of hardware, lots of different kinds of hardware, and software, which comes in a variety of programming languages

  • Attacks on information systems are a daily/hourly/minute to minute occurrence. 

  • Primary mission of information security is to ensure systems and content stay the way they are

  
  
  

• Information security performs four important functions:

• Protects organization’s ability to function

• Enables safe operation of applications implemented on organization’s IT systems

• Protects data the organization collects and uses

• Safeguards technology assets in use at the organization

  
  
  

  2. NIST Cybersecurity Framework

  “A set of standards, guidelines, & best practices for managing cybersecurity-related risk”.

  
  
  

• Recover: Activities necessary to maintain business when an-event is detected

  
  
  

• Identify: Organizational Understanding of Risk

  
  
  

• Protect: Safeguards to maintain & deliver critical services

  
  
  

• Respond: Understand how to take action when an event is detected

  
  
  

• Detect: Develop ways to ID Cybersec Events

  
  
  

  3. Cybersecurity

  “People, process & technical practices to protect infrastructure, digital business & information from internal & external threats”.

  
  
  

• Security Vulnerabilities: Software, hardware, or procedural weaknesses providing an opening to enter a computer or network

• Characterized by the absence or weakness safeguards that could be exploited

  • Unpatched applications or operating system software

  • Default passwords

  • Open port on a firewall

  • Lack of physical security etc.

  
  
  

• Threats: Any potential danger to information or systems

  • A possibility that someone (person, s/w) would identify and exploit the vulnerability

  • The entity that takes advantage of vulnerability is referred to as a threat agent

  • A threat agent could be an intruder accessing the network through a port on the firewall

  
  
  

• Risk & Management: The likelihood of a threat taking advantage of vulnerability and the corresponding business impact

  • Reducing vulnerability and/or threat reduces the risk

  • Firewall with open ports presents a higher likelihood that an intruder will use one to access the network in an unauthorized method

    
    
    

• Exposure: An exposure is an instance of being exposed to losses from a threat agent.

  • Vulnerability exposes an organization to possible damages.

    • If password management is weak and password rules are not enforced, the company is exposed to the possibility of having users' passwords captured and used in an unauthorized manner.

      
      
      

4. Countermeasures

“It is an application or a s/w configuration or h/w or a procedure that mitigates the risk”.

• Strong password management

• A security guard!

• Access control mechanisms within an operating system

• Implementation of basic input/output system (BIOS) passwords

• Security-awareness training.