Cybersecurity can be defined as the body of processes, practices, safeguards, and technologies an organization uses in the protection and defense of information systems. Along with information systems protection, cybersecurity is also concerned with protecting the software and hardware against attack.
The main goal of cybersecurity is to ensure that an organization's assets are well-protected. In addition, it ensures that the code and infrastructure supporting the assets lack vulnerabilities that could negatively effect the cornerstones of security: Availability, Integrity, and Confidentiality. The term cybersecurity is interchangeable with the terms Information Security, Computer Security, or IT Security, as they describe the same goal of defending and protecting information systems. There are several different elements that make up the security landscape, including:
- Application Security
- Network Security
- Risk Management
- Developer & User Education
The threats facing organizations have increased and shifted at an alarming rate over the past several years. Hackers have moved from attacking the network layer, increasingly aiming for the application layer, which may be riddled with any number of high-risk security vulnerabilities. In response, the cybersecurity community in general, and the application security industry specifically, has grown rapidly. Especially as applications are being embedded into every area of our lives, from
hospitals to our
homes, from
public infrastructure to our
cars, keeping our systems secure from attack is becoming important. To help establish standards around cybersecurity processes, best practices, and needs for different verticals, various
cybersecurity organizations have popped up over the past 20 years.
OWASP,
SANS,
ISACA, the
Cloud Security Alliance, The National Institute of Standards and Technology (
NIST), and
The CERT Division are just a few of the organizations that offer valuable content, surveys, and other research to help enable other organizations to improve their cybersecurity standing. Threats come in many guises, from
SQL injection to
Cross-Site Scripting, from session hijacking to session fixation, and the rapid growth of the application economy makes it nearly impossible to ensure that code is secure with automation. That, compounded by the varying levels of security knowledge and remediation skills developers come to the workplace with, offers the most compelling reasons for organizations to take cybersecurity seriously. When one high-risk security issue can be impossibly costly or could even take down the company, it's vital for organizations to begin paying more attention to the state of their information and application security.
