Introduction: Evolution of Cyber Security
In today’s world, for most organizations, if not all, information is the most important asset. Thus it is critical that information is protected against any type of incidents, whether malicious, accidental or natural. In essence, this is what cyber security is about.
But, we also hear terms such as computer security, information technology (IT) security or information security. How is cyber security different from these terms and is there a better and more comprehensive definition of cyber security?
To explain the meaning of each of these terms, first the evolution of the field of cyber security should be discussed. In the early days of computing, computers were rare, massive and very expensive for the organizations. Thus computers needed to be protected from any harm, thus the term of computer security showed up. As computers became cheaper and widespread in the organizations, thanks to the advent of personal computers and improvements on the network technologies, the term of IT security gained widespread usage, since it was the responsibility of the IT departments to protect computers and its underlying hardware and software components. In time, computer hardware became significantly cheap and information itself emerged as the most valuable asset for the organizations. As a result of this, the term information security was coined to describe the protection of both information and the computers.
Today, information security and cyber security is used interchangeably. However, cyber security focuses on protecting information in digital form, while information security is a broader category that deals with the protection of all information assets, whether in hard copy or digital form.
What is Cyber Security?
After giving a brief overview of the related terminology, let’s try to define cyber security in more detail.
“To choose a definition is to plead a cause.”Charles Leslie Stevenson (1908-1979)
In the past, a number of definitions were made to describe what cyber security really is and what it deals with. But these terms mostly had a predominant perspective only on the technical aspect of the cyber security rather than capturing its multidimensionality. Only recently, cyber security has started to be regarded as a multidimensional discipline taking into account the components of people and processes in addition to the traditional and fundamental component of the technology.
In this respect, a comprehensive definition of cyber security can be given as follows:
Cyber security is the protection of the confidentiality, integrity and availability of information, whether it’s in transit, in processing or at store, and the underlying information systems (both hardware and software), in a cyber space where people, processes and technology are involved, through the application of policy, training & awareness and technology.
To really grasp what the above given definition means, let’s dissect it to smaller units and try to digest it.
- What Are We Trying to Protect? The ultimate goal is essentially to protect the information itself together with its underlying components of computers, network and the software.
- Which Properties of the Information Are We Aiming to Protect? In doing so, we are trying to protect against unauthorized access and disclosure (confidentiality), unauthorized modification (integrity) and denial of use (availability).
Confidentiality: Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information. (1)
Integrity: Guarding against improper information modification or destruction, and includes ensuring information non-repudiation and authenticity. (1)
Availability: Ensuring timely and reliable access to and use of information. (1)
- In Which Form Could be the Assets that We Strive to Protect? Ideally, information should be protected while in any form, whether it is being processed, sent over a communication channel or when it is not in use and stored.
- What Are the Threats? Threats could arise from malicious actors such as black hat hackers, malicious insiders or inadvertently due to undereducated/trained users/employees. Moreover, threats could possibly occur due to natural disasters, such as earthquakes, hurricanes etc. rather than having a human origin.
- In Which Environment We Need to Secure Information? Most importantly, the cyber space does not consist of only technology. People and the processes are at least equally important components of cyber security. This is because, humans are the core components that interact with the technology and this interaction is defined as the process component of the cyber space.
- What Are the Protection Mechanisms that We Can Use? Since, we are dealing with three different dimensions in the cyber space, we should have matching controls for each of them. People need to be educated and trained against cyber threats. Technical countermeasures are traditionally indispensable in protecting information and the IT systems. And, policies should be prepared to define how the technical controls are managed and how people interact with the technology.
As a final remark, the takeaway is people and processes are at least equally important in addition to the technical aspect of the cyber security. Since, humans are the weakest link, we should take them into more account while designing our security mechanisms.
A system is as secure as its weakest link and the humans are the weakest link.
If you think you know-it-all about cybersecurity, this discipline was probably ill-explained to you.Stephane Nappo
Read more educational and inspirational cyber quotes at our page 100+ Best Cyber Security & Hacker Quotes.
- 44 U.S.C., SEC. 3542 Definitions
To learn more about fundamental cyber security terminology, you could also read our article What is Identification, Authentication and Authorization?