The 7 Layers of Cybersecurity: A Defense-in-Depth Approach

Q: Define the 7 layers of cyber security. What are vulnerability, its types, threat and harmful acts?

Calculating...

Cybersecurity is not a single product but a stratified strategy known as Defense-in-Depth. By protecting multiple layers, an organization ensures that if one security measure fails, others remain to thwart an attacker.

1. The 7 Layers Explained

  • Mission Critical Assets: The core "crown jewels" (e.g., sensitive govt. databases).
  • Data Security: Protection through Encryption and access controls.
  • Application Security: Hardening software against SQL Injection or Cross-Site Scripting.
  • Endpoint Security: Securing devices like laptops and mobiles using EDR (Endpoint Detection and Response).
  • Network Security: Controlling traffic via Firewalls and VLANs.
  • Perimeter Security: The boundary between the private network and the internet.
  • The Human Layer: The most vulnerable layer; addressed through Security Awareness Training.

2. Vulnerability and Its Types

A Vulnerability is a weakness in an information system, security procedure, or internal control that could be exploited by a threat source.

  • System Vulnerabilities: Bugs in code or unpatched software.
  • Human Vulnerabilities: Lack of awareness leading to Phishing.
  • Network Vulnerabilities: Use of unencrypted protocols like HTTP or Telnet.
  • Configuration Vulnerabilities: Default passwords or open ports.

3. Threats and Harmful Acts

A Threat is any potential occurrence that could cause harm to an asset.

  • Harmful Acts: These include Malware (Ransomware, Trojans), Denial of Service (DoS) attacks, and Data Breaches.
  • Social Engineering: Manipulating individuals into divulging Confidential Information.

Definition of Key Term

Zero-Day Vulnerability: A software flaw that is unknown to the vendor and has no patch available, making it highly dangerous as it can be exploited immediately.

Conclusion

In the era of Digital India, understanding these layers is vital for Cyber Resilience. Robust governance requires a shift from Passive Defense to Active Monitoring, ensuring the CIA Triad (Confidentiality, Integrity, and Availability) of state data.

Word Count: 249 words