Securing Jenkins is a little lengthy process, and there are two aspects of securing Jenkins:
(i) Access Control which includes authenticating users and giving them an appropriate set of permissions, which can be done in 2 ways.
Security Realm determines a user or a group of users with their passwords.
Authorization Strategy defines what should be accessible to which user. In this case, there might be different types of security based on the permissions granted to the user such as Quick and simple security with easy setup, Standard security setup, Apache front-end security etc.
(ii) Protecting Jenkins users from outside threats.