The job market for cybersecurity is hot, hot, hot! There are estimated to be up to 3 million cybersecurity jobs worldwide and the need is growing. Techcomms will play an important role for users in understanding and using cybersecurity applications.
One of the barriers to entry to writing about cybersecurity is its specialised vocabulary. Do you know these key concepts?
Cybersecurity Key Concepts and Terms
How many of these do you know?
Risk
Cybersecurity is practised in the context of Risk. Given that we seldom have the budget (or the desire) to use administrative, technical, or physical controls to protect all information resources in the same way. We use a formal / or informal risk calculation to guide decisions, often looking at Annual Loss Expectancy, which examines likelihood, value, and repercussions.
Cybersecurity enables the business
Don’t assume that the role of cybersecurity is to say, “NO!” Our goal is to enable the business, providing guidance on the best and most secure ways to conduct and manage business goals.
The CIA triad (Confidentiality, Integrity, Availability)
Cybersecurity has three basic goals, confidentiality, integrity, and availability. We’re most familiar with the idea of confidentiality. Integrity is concerned with unauthorised changes to information, whether deliberately or inadvertently. Availability is making sure information resources are available as needed and include backups.
Identity and Access Management (IAM)
Often talked about in the context of authentication and authorization, IAM is concerned with controls that ensure that a user can prove who they are and that they can also interact with information to which they’re authorised to do so.
Passwords and passphrases are one component to ensure that a user is who they say they are. Passphrases are long passwords based on sentences, etc. to which you add numbers, symbols, and upper and lowercase elements.
Threats and vulnerabilities
Threats are potential attackers and their methods of gaining unauthorized information or other malicious activity. Vulnerabilities are inherent weaknesses in software, hardware, and administrative or physical controls that an attacker may exploit to achieve their desired objectives.
Data classification and handling
Different types of data have different values. Some types of data can be publicly accessible with no concerns about its confidentiality. Other types of data can be used for identity theft or to obtain confidential business information. Data handling is how someone handles data dependent on its classification.
Mobile security
Mobile security is concerned with controls for ensuring that mobile devices, such as smartphones, laptops, and other portable devices are adequately protected against attackers and that users of mobile devices can reach any data to which they’ve been authorised to access.
This is just a short list of the terminology you’ll encounter (and be expected to know to work with subject matter experts) when you’re working in cybersecurity.
Firehead offers a course in Cybersecurity for Technical Communicators that will help prepare you for entry into cybersecurity by helping you understand the key terms and concepts you’ll need. It gives a grounding to techcommers in the basics of the field, which will help you navigate to the information channels you want to develop. And it will give you an edge in your interviewing.
Join us as we discuss these concepts in depth and provide you the confidence and competence to start working in Cybersecurity today.
Introduction to Cybersecurity for Technical Communicators
Find out the 10 Practices that you’ll need to adopt to keep yourself (and your family and friends) safer online.