When talking about cybersecurity, people often take the basic terms and definitions for granted. However, cybersecurity is a relatively new topic, even in the world of information technology, which itself didn’t exist until the mid 20th century. Therefore, we will start a series of articles which define and explain some of the security basics. While the content of these articles might not be new to most of our readers, they will provide both a good starting point for anyone interested in getting into cybersecurity. Also, even professionals will discover some aspects of security they were’t aware of or potentially a strategy they hadn’t known before. This first article here will cover they basic definition of security, with more details and more depth coming up in subsequent posts. 

Security often takes a backstage when it comes to functionality of any products but the success of any product is dependent on it. Any attack on a system leads to mistrust by customers and thus decrease in business. 

One of the most prominent mistakes in the design of any system is the consideration that security is a feature that can be added. This is a flawed way of thinking that often only leads to several issues in a latter phase. The issues can lead to billions of dollars loss or simply loss of trust in a company or product. It is extremely important to consider the complete system and look at the business and usage scenarios so as to determine the security vulnerabilities.

So as to implement security mostly a few steps are taken: (1) determine the assets (2) determine the threats and risks to each asset and thereby set security requirements (3) design and implement countermeasures for the threats and residual risks to economical level (4) monitor, manage and update the implementation and finally (5) deter, detect and react against any attacks. These steps lead to security solutions during the complete product lifetime.

Before proceeding further let us look at some definitions:

  • Asset: Anything that is of value
  • Vulnerability: is any weakness that could be exploited to violate the security of a system or of the information that it contains
  • Threat: is a potential violation of security; accidental (e.g., program bug) or intentional (e.g., hacking) or active (e.g., unauthorized data modification) or passive (e.g., wiretapping)
  • Attack: realisation of threat, successful or not; active or passive
  • Intrusion: successful attack
  • Risk: potential that a given threat will exploit vulnerabilities to cause damage to assets
  • Risk management or sometimes security management: is the balancing of the appropriate actions to be taken in order to protect the organization to an appropriate level
  • Countermeasures or safeguardsmechanisms used to protect assets from harm or decrease effect of intrusion
  • Residual risks: risks that are accepted and are not planned to be mitigated due economical or other considerations

This text is an excerpt from the book Security for Mobile Networks and Platforms

With the definition of these terms we have now set the stage to look into different aspects of cyber security in more detail – the next article will elaborate further on threats and attacks specifically. 

Print Friendly, PDF & Email
CEO and Founder at wenovator LLC

Dr. Anand R. Prasad is a global leader and expert in information and cyber security who has delivered security solutions for 5G, 4G, virtualization, SOC, Wi-Fi, mobile devices, enterprise and built GRC processes from scratch.

Anand is Founder and CEO of wenovator LLC, a global provider of cybersecurity services and consulting with top-tier clients right across the telecommunications industry.  Dr. Prasad is also a Senior Security Advisor of NTT DOCOMO, providing advise on all aspects of cybersecurity for the company, Advisor to CTIF and Advisory to GuardRails. Prior to which he was Chief Information Security Officer of Rakuten Mobile,  the world's leading MNO with the very first cloud-native 4G / 5G network implementation. As CISO of Rakuten Mobile Anand led all aspects of enterprise and mobile network security from design, deployment to operations.

With over 20 years of experience, Anand has also held key roles in NEC, Genista, Lucent Technologies and Uniden. He is an innovator with over 50 patents, a recognized keynote speaker (RSA, GWS, MWC, ICT etc.) and a prolific writer with 6 books and over 50 peer reviewed publications. Anand was the Chairman of 3GPP SA3 where he led the standardization of 5G security. He did his ir (MScEE) and PhD from Delft University of Technology, The Netherlands. He is a Fellow of IET, Fellow of IETE and CISSP. Anand is Editor-in-Chief of the Journal of ICT Standardization and Co-Founder & Co-Editor of Cybersecurity Magazine.

One thought on “Security Basics

Leave a Reply

Your email address will not be published. Required fields are marked *