Cybersecurity

Intermediate

Cybersecurity is the practice of protecting computer systems, networks, programs, and data from digital attacks, unauthorized access, and damage. The modern threat landscape is vast and constantly evolving, encompassing everything from ransomware and phishing campaigns to state-sponsored espionage and zero-day exploits. As organizations increasingly depend on interconnected digital infrastructure, the attack surface grows exponentially, making cybersecurity one of the most critical disciplines in technology today.

Effective cybersecurity relies on a layered defense strategy that combines technical controls, organizational policies, and human awareness. This includes deploying firewalls and intrusion detection systems, implementing strong encryption and authentication protocols, conducting regular vulnerability assessments and penetration testing, and training employees to recognize social engineering attacks. Frameworks such as the NIST Cybersecurity Framework, ISO 27001, and the CIS Controls provide structured approaches for organizations to assess risk, build resilient architectures, and respond to incidents systematically.

Cybersecurity offers diverse and rapidly growing career paths, from security analyst and penetration tester to chief information security officer (CISO) and security architect. With millions of unfilled positions worldwide and the average cost of a data breach reaching into the millions of dollars, the importance of skilled cybersecurity professionals cannot be overstated. Whether you are protecting personal data, corporate intellectual property, or critical national infrastructure, understanding cybersecurity fundamentals is essential for anyone working in or relying on modern technology.

Practice a little. See where you stand.

Part of:AP Cybersecurity AP Cybersecurity AP Cybersecurity

Ready to practice?5 minutes. No pressure.

Take the Quiz Learn First

Quiz

Reveal what you know — and what needs work

Adaptive Learn

Responds to how you reason, with real-time hints

Start here

Flashcards

Build recall through spaced, active review

Cheat Sheet

The essentials at a glance — exam-ready

Glossary

Master the vocabulary that unlocks understanding

Learning Roadmap

A structured path from foundations to mastery

Book

Deep-dive guide with worked examples

Lab

Hands-on practice for this subject

Key Concepts

The CIA triad stands for Confidentiality, Integrity, and Availability, forming the three core principles of information security. Confidentiality ensures data is accessible only to authorized parties, integrity ensures data is accurate and unaltered, and availability ensures systems and data are accessible when needed.

Example

A hospital encrypts patient records (confidentiality), uses checksums to verify records have not been tampered with (integrity), and maintains redundant servers so doctors can always access the system (availability).

Encryption is the process of converting plaintext data into an unreadable format (ciphertext) using mathematical algorithms and cryptographic keys. Only authorized parties with the correct decryption key can reverse the process and access the original data. Encryption is fundamental to securing data both at rest and in transit.

Example

When you visit a website using HTTPS, your browser and the server establish a TLS-encrypted connection so that sensitive data like passwords and credit card numbers cannot be intercepted by eavesdroppers on the network.

A firewall is a network security device or software that monitors and controls incoming and outgoing network traffic based on predetermined security rules. Firewalls establish a barrier between trusted internal networks and untrusted external networks such as the internet. Modern next-generation firewalls (NGFWs) also perform deep packet inspection, intrusion prevention, and application-level filtering.

Example

A company configures its firewall to block all inbound traffic on unused ports, allow only HTTPS traffic to its web servers, and deny access from IP addresses in known malicious ranges.

Malware is any software intentionally designed to cause damage, disrupt operations, or gain unauthorized access to computer systems. Common types include viruses, worms, trojans, ransomware, spyware, and rootkits. Each type has distinct propagation methods and payloads, but all pose serious threats to system security.

Example

The WannaCry ransomware attack in 2017 exploited a Windows vulnerability to encrypt files on over 200,000 computers across 150 countries, demanding Bitcoin payments for decryption keys.

Phishing is a social engineering attack in which an attacker disguises themselves as a trustworthy entity to trick victims into revealing sensitive information such as login credentials, financial data, or personal details. Phishing attacks are commonly delivered via email but also occur through SMS (smishing), voice calls (vishing), and fraudulent websites.

Example

An employee receives an email that appears to be from their company's IT department, asking them to click a link and reset their password. The link leads to a fake login page that captures their credentials and sends them to the attacker.

A zero-day exploit targets a previously unknown vulnerability in software or hardware that the vendor has not yet patched. The term 'zero-day' refers to the fact that developers have had zero days to address the flaw. These exploits are particularly dangerous because no defense or signature exists at the time of attack.

Example

The Stuxnet worm used multiple zero-day vulnerabilities in Windows and Siemens industrial control software to sabotage Iranian nuclear centrifuges, demonstrating how zero-days can be weaponized for critical infrastructure attacks.

Penetration testing (pen testing) is an authorized, simulated cyberattack performed on a system to evaluate its security posture. Pen testers use the same tools and techniques as malicious hackers but operate within a defined scope and legal agreement. The goal is to identify vulnerabilities before real attackers can exploit them.

Example

A financial institution hires a penetration testing firm to attempt to breach its online banking platform. The testers discover an SQL injection vulnerability in the login form and report it so the development team can remediate it before launch.

Authentication is the process of verifying the identity of a user, device, or system before granting access to resources. It typically relies on one or more factors: something you know (password), something you have (security token), or something you are (biometrics). Multi-factor authentication (MFA) combines two or more factors for stronger security.

Example

When logging into a corporate VPN, an employee enters their password (something they know) and then approves a push notification on their phone (something they have), completing a two-factor authentication process.

Network security encompasses the policies, practices, and technologies designed to protect the usability, reliability, integrity, and safety of a network and its data. It involves both hardware and software solutions and addresses threats that seek to enter, spread within, or exfiltrate data from a network.

Example

An organization deploys a combination of firewalls, intrusion detection systems (IDS), virtual private networks (VPNs), and network segmentation to protect its internal network from external and lateral threats.

Incident response is the organized approach to addressing and managing the aftermath of a security breach or cyberattack. The goal is to handle the situation in a way that limits damage, reduces recovery time and costs, and prevents future occurrences. A typical incident response plan includes preparation, identification, containment, eradication, recovery, and lessons learned phases.

Example

When a company detects unauthorized access to its database, its incident response team isolates the affected servers, analyzes logs to determine the attack vector, removes the attacker's access, restores data from backups, and documents findings to improve future defenses.

One concept at a time.

Explore your way

Choose a different way to engage with this topic — no grading, just richer thinking.

Explore your way — choose one:

Explore with AI →

Curriculum alignment— Standards-aligned

Grade level

Grades 9-12College+Adult / Professional

Learning objectives

•Identify common attack vectors including phishing, malware, and social engineering techniques used against organizations
•Apply defense-in-depth strategies to design layered security architectures that protect enterprise networks from advanced persistent threats
•Analyze security incidents using forensic methodologies to determine root causes and attack timelines
•Evaluate organizational risk posture and recommend prioritized remediation strategies based on threat modeling

Recommended Resources

This page contains affiliate links. We may earn a commission at no extra cost to you.

Books

The Web Application Hacker's Handbook

by Dafydd Stuttard and Marcus Pinto

Hacking: The Art of Exploitation

by Jon Erickson

Cybersecurity and Cyberwar: What Everyone Needs to Know

by P.W. Singer and Allan Friedman

Practical Malware Analysis

by Michael Sikorski and Andrew Honig

Courses

Google Cybersecurity Professional Certificate

CourseraEnroll

CompTIA Security+ (SY0-701) Complete Course

UdemyEnroll

My Progress Focus Mode

Interdisciplinary

Network Security

The practice of protecting computer networks from unauthorized access, attacks, and data breaches through policies, technologies, and architectural design.

Intermediate

Interdisciplinary

Information Security

The practice of protecting information from unauthorized access, disclosure, alteration, and destruction through technical, administrative, and physical controls built around the principles of confidentiality, integrity, and availability.

Intermediate

Interdisciplinary

Cryptography

The science of securing information through mathematical algorithms and protocols, ensuring confidentiality, integrity, and authentication in digital communications.

Intermediate

Tech & Computing

Computer Science

The study of computation, algorithms, data structures, and the design of software systems, encompassing everything from theoretical foundations to artificial intelligence and software engineering.

Intermediate

Tech & Computing

Cloud Computing

The delivery of computing services over the internet, enabling on-demand access to servers, storage, databases, and applications without owning physical infrastructure.

Intermediate

Tech & Computing

Software Engineering

The systematic application of engineering principles to software design, development, testing, and maintenance, encompassing methodologies like Agile, design patterns, DevOps, and quality assurance practices.

Intermediate

Cybersecurity

Quiz

Adaptive Learn

Flashcards

Cheat Sheet

Glossary

Learning Roadmap

Book

Lab

Key Concepts

CIA Triad

Encryption

Firewalls

Malware

Phishing

Zero-Day Exploits

Penetration Testing

Authentication

Network Security

Incident Response

Explore your way

Grade level

Learning objectives

Recommended Resources

Books

The Web Application Hacker's Handbook

Hacking: The Art of Exploitation

Cybersecurity and Cyberwar: What Everyone Needs to Know

Practical Malware Analysis

Courses

Google Cybersecurity Professional Certificate

CompTIA Security+ (SY0-701) Complete Course

Related Topics

Network Security

Information Security

Cryptography

Computer Science

Cloud Computing

Software Engineering