Areas of Cyber Security
Cyber security is made up of three main areas- physical, technical and human. In order to exercise the best practice of cyber security, all three elements need to be understood and considered. Only an approach which secures the physical, technical and human aspects of cyber security can be effective.
The physical area of cyber security refers to the physical existence of our digital technology. It is easy to forget the physicality of technology, though the devices that we use are all physical entities. This also encompasses the locations of our technology, and the security of this location. Cyber security can be compromised physically through people gaining access to devices and infrastructure. This may be through the bypassing of security guards of an organisation, or circumnavigating a lock system to gain access to a computer. IoT devices add another element of risk, as they increase the number of devices available physically, and therefore the number of devices vulnerable to attack.
Technical cyber security is the various ways that we can protect ourselves digitally. This includes everything from antivirus software to the use of ethical hacking to find vulnerabilities. Experts combine knowledge and cutting-edge technology to find ways to protect against attack. For organisations this may come in the form of red team assessments, employed to find the gaps in security systems, or in the form of cyber security strategies. Technical cyber security teams look at threats and vulnerabilities and work to mitigate against them.
Finally, human cyber security is concerned with the ways in which humans can impact cyber security levels. People themselves play a crucial role in their own cyber security, as well as that of others. Humans develop software, humans implement cyber security and humans use technology. Looking at the ways people can improve or worsen cyber security is crucial in understanding where flaws in security may lie. Red team assessments often use ethical social engineers to test how susceptible employees of a company may be to phishing and other scams. Awareness-raising is also very important to the human side of cyber security, as it is only with a strong understanding of how and why we practice good cyber security that this will be implemented.