Skip to content
Lesson 1 of 8

What Is Cybersecurity?

3 min read

What Cybersecurity Really Means

Cybersecurity is the discipline of protecting computer systems, networks, devices, and data from unauthorized access, theft, alteration, and destruction. It is not just about installing an antivirus or a firewall: it is a combination of practices, technologies, and processes working together to preserve trust in the digital systems we use every day.

In a world where nearly all economic, social, and governmental activity depends on technology, cybersecurity has stopped being a concern exclusive to IT departments and has become a shared responsibility. From the user who chooses a strong password to the engineer who designs a secure architecture, everyone is part of the chain of defense.

It is important to understand that perfect security does not exist. The goal is not to make a system invulnerable —something impossible in practice— but to manage risk intelligently: reduce the likelihood of an incident and limit its impact when one occurs.

The CIA Triad: Confidentiality, Integrity, and Availability

The foundational model of information security is the CIA triad: Confidentiality, Integrity, and Availability. These three pillars define what it means for information to be protected.

Confidentiality ensures that information is only accessible to those authorized to see it. When we encrypt a message, require a password, or apply access controls, we are protecting confidentiality. A data breach of personal records is, above all, a violation of confidentiality.

Integrity ensures that data is not modified in an unauthorized or accidental way. If an attacker alters a bank account balance or changes the contents of a contract, they are attacking integrity. Mechanisms such as cryptographic hashes (for example SHA-256) and digital signatures let us detect tampering.

Availability ensures that systems and data are accessible when they are needed. A denial-of-service (DoS) attack that takes down a website attacks availability. Backups, redundancy, and disaster recovery plans exist to protect it.

Risk, Threat, and Vulnerability

These three terms are often confused, but they have precise meanings. A vulnerability is a weakness in a system: unpatched software, a weak password, a misconfiguration. It is the door that could be exploited.

A threat is any circumstance or actor with the potential to cause harm by exploiting a vulnerability. An attacker, a piece of malware, or even a careless employee are threats. The threat is the agent that could walk through that door.

Risk is the combination of both: the probability that a threat will exploit a vulnerability, multiplied by the impact it would have. It is often expressed as Risk = Threat × Vulnerability × Impact. A vulnerability with no real threats, or a threat with no vulnerabilities to exploit, represents little risk.

Thinking in Terms of Risk Management

Practical cybersecurity is about prioritization. No organization has infinite resources, so we must focus our defenses where they matter most. This is achieved through risk assessment: identifying valuable assets, the threats they face, and the vulnerabilities that could be exploited.

Once a risk is identified, there are four classic strategies to treat it: mitigate it (reduce the probability or impact with controls), transfer it (for example, through insurance), accept it (when the cost of mitigation outweighs the benefit), or avoid it (by eliminating the activity that generates it).

Adopting this mindset from the start changes how we view security. Instead of looking for a magic solution, we learn to make informed, proportionate decisions. In the coming lessons we will explore networks, threats, and the concrete tools that bring these principles to life.