Skip to content
The Pillars of Cybersecurity

The Pillars of Cybersecurity

Silenciado
Silenciado
@.silenciado.
April 28, 2026

Today I started a deep dive into Fortinet's NSE 1 to bring content to the blog and share some of what I'm learning, starting with Module 1. Unlike other theoretical introductions, Fortinet classifies cybersecurity into critical categories that we must understand to design a coherent defense architecture.

1. The 5 Technical Categories of Cybersecurity

In this module, we break down the battlefield into five main fronts:

  • Critical Infrastructure Security: Systems that keep society operational (energy, water, health). Here the risk is not just data loss, but real-life impact; this specific front is usually known as OT (Operational Technology).
  • Network Security: The traditional focus on protecting data flow. Fortinet highlights that a firewall is no longer enough; internal visibility is required.
  • Cloud Security: Security in shared environments, understanding that shared responsibility is the key concept.
  • Application Security (AppSec): Protecting software from its development. With the rise of APIs, this point has become critical to prevent massive data leaks.
  • IoT Security: The explosion of connected "dumb" devices; these represent the largest and least managed attack surface today.

2. The Glue: People and Processes

The most valuable part of this module is that it recognizes technology alone is useless. Cybersecurity is a compendium of:

  • People: Awareness is our first line of defense.
  • Processes: The frameworks that dictate how to respond to an incident.

3. Principles of Information Security

Known as the CIA triad (Confidentiality, Integrity, and Availability), these make up the tripartite security of data:

  • Confidentiality: Ensuring that data is only accessible to authorized personnel, protected mostly through identity control.
  • Integrity: Guaranteeing that information has not been altered, which is crucial for trust in financial, legal, or health systems.
  • Availability: Ensuring that systems and data are ready when the user needs them; for example, a Ransomware attack directly attacks this pillar.

In turn, I learned about its evil twin, the DAD triad (Disclosure, Alteration, and Denial):

  • Disclosure: This occurs when sensitive or private data is exposed to unauthorized people or entities.
  • Alteration: Happens when information is modified in an unauthorized way, losing its veracity.
  • Denial: Also known as "destruction," it refers to the loss of access to data or its physical or logical deletion.

Seeing how Fortinet integrates these categories under a business vision helps me understand why the Security Fabric is so relevant. We don't protect "computers," we protect critical infrastructures and business processes.

What do you think? Join the conversation on our Discord and share your perspective.

Share

HomeEventsBlogResourcesTeam