Identity management includes frameworks, processes, and activities that enables authentication and authorization of legitimate individuals to information systems within an organization. Data security involves implementing strong information storage mechanisms that ensure security of data at rest and in transit.
Network security involves implementing both hardware and software mechanisms to protect the network and infrastructure from unauthorized access, disruptions, and misuse. Effective network security helps protect organizational assets against multiple external and internal threats.
Disaster recovery/business continuity planning: In the event of a breach, natural disaster or other event data must be protected and business must go on. For this, you’ll need a plan.End-user education: Users may be employees accessing the network or customers logging on to a company app. Educating good habits (password changes, 2-factor authentication, etc.) is an important part of cybersecurity.
The most difficult challenge in cyber security is the ever-evolving nature of security risks themselves. Traditionally, organizations and the government have focused most of their cyber security resources on perimeter security to protect only their most crucial system components and defend against known treats. Today, this approach is insufficient, as the threats advance and change more quickly than organizations can keep up with. As a result, advisory organizations promote more proactive and adaptive approaches to cyber security. Similarly, the National Institute of Standards and Technology (NIST) issued guidelines in its risk assessment framework that recommend a shift toward continuous monitoring and real-time assessments, a data-focused approach to security as opposed to the traditional perimeter-based model.

A cyber-attack is a deliberate attempt by external or internal threats or attackers to exploit and compromise the confidentiality, integrity and availability of information systems of a target organization or individual(s). Cyber-attackers use illegal methods, tools and approaches to cause damages and disruptions or gain unauthorized access to computers, devices, networks, applications and databases.

More info: what is f5