It is no secret that there are volumes of books written on the topic of cybersecurity, some of which I have been fortunate enough to provide content for. This section is not meant to be a doctoral thesis on cybersecurity, but rather a survey to provide the baseline of information for the remaining topics of the book. As a result, I will periodically reference other material or books to provide you with the ability to do a deeper dive into certain topics to prevent this handbook from becoming a tome.

Let’s face it, depending on who you ask, you will get varying definitions of the term cybersecurity. This can range from protecting systems, networks, and programs from digital attacks, to reducing the risk level of an organization, or even calling cybersecurity by another name such as information assurance, security, or cyber, and the list could go on. The reason for the varied definitions or synonyms is it comes down to the perspective of the individual...

I happen to prefer CISA’s definition of cybersecurity, because it is concise and encompasses most other definitions, including my little nutshell. I also like the fact that it includes the CIA triad as the basis of the definition. No, this is not the United States’ spy agency, but rather the fundamental foundation of security. That is Confidentiality, Integrity, and Availability (CIA).

We will get to the CIA triad in more detail shortly, but consider our previous discussion about cybersecurity. How does a company maintain its business? Customers support the business because the company provides services acceptable to the customers. What happens if the business is not able to deliver on promised services or the business openly releases customer data? The business would not last long because the customers would quickly transition to competitors. In this example, the business needs to improve reliability or availability and establish...

Ultimately, the reason for security is the protection of data at rest or in motion for a business. As such, it requires an objective analysis of the current state of the business or enterprise. The architecture, from a security perspective, is not vendor- or technology-specific but based on best practices. Likewise, it looks at the security requirements by device or technology type to meet the functionality necessary for flexibility in a changing infrastructure while implementing the most appropriate security model for the environment.

In the world of cybersecurity, networking and operating systems play a crucial role in safeguarding digital assets. This aims to provide an accessible overview of networking and operating systems within the context of cybersecurity, explaining their significance, functions, and potential vulnerabilities.

Networking fundamentals

Networking forms the foundation of modern digital communication and is essential for...

Applications play a critical role in today’s digital landscape, enabling various tasks and services on computers, smartphones, and other devices. However, they can also pose security risks if not properly designed and secured. This report aims to provide an accessible overview of applications and application security within the context of cybersecurity. The content is tailored for individuals with a high school education level to ensure understanding and comprehension.

Understanding applications

Applications, also known as software programs or apps, are computer programs designed to perform specific tasks or provide specific services. They can range from simple applications such as calculators and word processors to complex applications such as web browsers and online banking platforms. Here are key aspects related to applications.

Types of applications

Applications can be categorized into various types, including desktop applications, mobile applications...

In today’s complex and interconnected business environment, organizations face numerous challenges related to GRC. GRC refers to the framework and processes that organizations establish to ensure ethical conduct, adhere to laws and regulations, and mitigate risks. This topic aims to provide a comprehensive overview of GRC, explaining its key components, significance, and the role it plays in organizations. The content is presented in a manner that can be easily understood by individuals with a high school education.

Governance

Governance refers to the set of policies, processes, and procedures that guide the overall management and decision-making within an organization. It encompasses the establishment of a clear organizational structure, the definition of roles and responsibilities, and the implementation of effective oversight mechanisms. Good governance ensures that an organization operates in an ethical and transparent...

In this chapter, we discussed some of the foundational concepts around cybersecurity. This included a brief discussion that provided insights into various aspects of cybersecurity. It aimed to ensure that individuals entering into or starting a career can understand the content around the topics covered.

Highlighting the exponential growth expected in the cybersecurity field, making it an attractive career choice with numerous job opportunities, it emphasized the importance of building a strong foundation in cybersecurity and provided additional resources for further learning. The chapter delved into essential areas such as the following:

• Cybersecurity basics: It explored the definition of cybersecurity and its significance in today’s interconnected world. This highlighted how individuals encounter cybersecurity concepts in their daily lives, emphasizing the growing demand for cybersecurity professionals.
• CIA Triad: The CIA triad forms the foundation of...

While formal education and training programs provide an excellent foundation, independent reading and research can greatly accelerate learning. Books allow you to immerse yourself in topics at your own pace and as deeply as you desire. They can expose you to new ideas, reinforce concepts, and inspire new directions to explore.

For technologists at any career stage, regularly reading industry books keeps knowledge sharp and perspectives current in a rapidly evolving field. Technical books help build hands-on skills with topics not covered in certifications or coursework. Books on soft skills such as leadership, communication, and career advancement provide crucial complementary knowledge.

Security professionals in particular benefit from reading across a diversity of focus areas to develop well-rounded capabilities. Books on application security, governance frameworks, incident response, secure DevOps, and other domains reveal the interconnectedness and expand...