Basic Cybersecurity Principles (continued)
Defense in Depth refers to having multiple layers of protection in order to provide extra layers of security. Even if one layer of defense is penetrated by a hacker or malicious actor, the other layers will still be able to defend against the attack. There are many different tools and defenses you can utilize when online (more about this in Lesson #4), but here are some simple examples:
Multi Factor authentication- having more than one way of authenticating (this itself is defense in depth); Anti-virus software coupled with physical control over devices; Firewalls and VPNs.
Think Like an Adversary is a principle that encourages you to think in the mindset of a hacker or potential cyberthreat. When you do this, you are essentially trying to “hack” your own system. This can expose vulnerabilities that you were previously unaware of, before they get exploited, and help you make necessary changes to your system.
Ex. Ethical hacking is a process where companies hire “good hackers” to hack into their systems and applications to help the company find flaws in their program. So in this situation, hacking is a good thing because it helps you understand how your enemies might be able to break your defenses.
These six principles are the foundations of cybersecurity. Having a good understanding of them will equip you to be cautious while you are online, and will promote you to build stronger defenses. Now that we know about the “why” behind cybersecurity, let’s talk more about the “what” or specifically, “what tools can I use to defend myself online?”
Back