The word cyber-security has been increasingly floating around to describe protection against an imminent and dangerous threat, but what is this threat and what is the specific solution that "cybersecurity" offers against the threat?
A recent poll by Identity Management Institute (IMI) confirmed my recent contemplation about the meaning of cybersecurity. Although we all think that we are on the same page when it comes to the definition of cybersecurity, not everyone agrees about what cybersecurity means yet many are using this scary buzzword to sell old solutions as new ones for the same problems which have existed for years.
Cyber security often refers to cyber defenses against major cyber threats or cyber attacks, cyber terrorism, cyber warfare, and cyber espionage. We all know what the word "security" means and how it fits into the overall definition of data protection vs. security as we have previously analyzed, but what does the word “cyber” really mean?
According to many definitions on the Internet, the word "Cyber" is a prefix used to describe a person, thing, or idea as part of the computer and information age. Taken from kybernetes, Greek for "steersman" or "governor," it was first used in cybernetics, a word coined by Norbert Wiener and his colleagues. Common usages include cyberculture, cyberpunk, and cyberspace.
Now that we tie the word "cyber" to computers, systems, and everything digital, when we combine the words cyber and security, it seems as though cybersecurity is just a new name for Information Technology (IT) security or system security and digital data protection. This is of course nothing new and as information security professionals, we have been increasingly involved with computer security risks since the day computers started playing major roles in our businesses.
Granted, the biggest threat to digital data seems to be from the Internet as evidenced by the latest hack attacks, however, if some refer to the Internet as cyber as evidenced in the IMI poll above, then why not call cyber-security for what we think it is and use Internet-Security instead?
That said, internet security is protection against attacks originating from the internet targeting digital data including transactions processed or transferred over the internet. On the other hand, cybersecurity refers to the protection of systems and digital data regardless of where the attacks originate from or where digital data resides.
In other words, internet security is a subset of cyber security because a cyber threat does not necessarily involve the Internet, and, cyber-security is a subset of information security which is just the security of any system or digital data excluding all other forms of data.
Regardless of what everyone thinks about the scope and meaning of cyber-security, we can all agree that it's about information security and the field appears to be growing and evolving very fast. Forbes recently listed the top national cyber security salary at $380,000, and it appears that there is a serious shortage of qualified chief information security officers which will get worse in the coming year.
Identity Management Institute certified members are at the forefront of digital identity and access management for protecting systems and data.