Cybersecurity refers to "[t]he activity or process, ability or capability, or state whereby information and communications systems and the information contained therein are protected from and/or defended against damage, unauthorized use or modification, or exploitation" (US National Initiative for Cybersecurity Career and Studies, n.d.). Cybersecurity includes a collection of strategies, frameworks, and measures that are designed to: identify threats (i.e., a circumstance that could cause harm) and vulnerabilities (i.e., exposure to harm) of systems, networks, services, and data to these threats; prevent the exploitation of vulnerabilities; mitigate the harm caused by materialized threats; and safeguard people, property, and information and communication technology (ICT) (ITU, 2008; Maras, 2014). Cybersecurity seeks to strengthen the resilience (i.e., the ability to withstand disruptions, adapt to changing conditions, and recover from incidents) of ICT and protect the confidentiality (i.e., prevent unauthorized access), integrity (i.e., preserve accuracy and trustworthiness of data) and availability (i.e., ensure accessibility) of systems, networks, services, and data (see Cybercrime Module 2 on General Types of Cybercrime for information about confidentiality, integrity and availability as they relate to cybercrime). This Module critically explores the cybersecurity strategies countries use to protect ICT, the features and life cycles of these strategies, the frameworks used to assess these strategies and the nature and extent of countries' abilities to protect ICT (practical cybersecurity measures are explored in Cybercrime Module 9 on Cybersecurity and Cybercrime Prevention: Practical Applications and Measures).
The sub-pages to this section provide a descriptive overview of the key issues that lecturers might want to cover with their students when teaching on this topic: