Computer security, often referred to as cybersecurity, involves multiple specialized areas designed to safeguard hardware, software, networks, and data from threats like malware, unauthorized access, and data breaches. While classifications can vary, the following are the most commonly recognized types, based on established frameworks and expert sources.
This focuses on protecting computer networks from intrusions, ensuring the confidentiality, integrity, and availability of data transmitted across them. It includes tools like firewalls, intrusion detection systems, and virtual private networks (VPNs) to block unauthorized access and monitor traffic.
2. Application Security
Involves securing software applications against vulnerabilities during development, deployment, and runtime. Measures include code reviews, encryption, and input validation to prevent exploits like SQL injection or cross-site scripting (XSS).
3. Endpoint Security
Targets individual devices (e.g., laptops, desktops, and servers) connected to a network, defending against malware, ransomware, and phishing. It often uses antivirus software, endpoint detection and response (EDR) tools, and device management policies.
4. Cloud Security
Protects data, applications, and infrastructure hosted in cloud environments from breaches and misconfigurations. Key practices include identity and access management (IAM), encryption, and compliance monitoring for services like AWS or Azure.
5. IoT Security
Secures Internet of Things (IoT) devices, such as smart home gadgets or industrial sensors, which often have limited built-in protections. It emphasizes firmware updates, network segmentation, and authentication to mitigate risks from weak defaults or remote exploits.
6. Information (or Data) Security
Centers on protecting sensitive data throughout its lifecycle, regardless of where it’s stored or transmitted. This includes encryption, data loss prevention (DLP), and access controls to ensure confidentiality and prevent leaks.
7. Physical Security
Involves safeguarding physical hardware and facilities from theft, damage, or tampering. Examples include locked server rooms, biometric access controls, and surveillance to prevent unauthorized hardware access.
Additional Classifications
Security can also be categorized by controls rather than domains:
• Technical Controls: Software and hardware-based (e.g., firewalls, encryption).
• Administrative Controls: Policies and procedures (e.g., training, audits).
• Physical Controls: Environmental protections (e.g., locks, guards).
Emerging types like Zero Trust (continuous verification of all access) and GenAI Security (protecting AI models from prompt injection or data poisoning) are gaining prominence as technology evolves. For a tailored implementation, organizations often combine these based on their specific risks.