What is cyber security?

Cyber-Security is a hot topic these days. Cyber-security is now frequently discussed at board meetings, and members are starting to hold CEOs and other upper-level management responsible for breaches.
But, what does Cyber-Security mean?
I’ll try to give more definitions for Cyber-Security:
? Definition 1: Cyber-Security refers to preventative methods used to protect information from being stolen, compromised or attacked. It requires an understanding of potential information threats, such as viruses and other malicious code. Cybersecurity strategies include identity management, risk management and incident management.
? Definition 2: Measures taken to protect a computer or computer system (as on the Internet) against unauthorized access or attack
? Definition 3: Cyber-Security is the body of technologies, processes and practices designed to protect networks, computers, programs and data from attack, damage or unauthorized access. In a computing context, the term security implies cybersecurity.
We are at a fascinating point in the evolution of what we now call cyber defense. Massive data losses, theft of intellectual property, credit card breaches, identity theft, threats to our privacy, denial of service – these have become a way of life for all of us in cyberspace.
Ironically, as defenders we have access to an extraordinary array of security tools and technology, security standards, training and classes, certifications, vulnerability databases, guidance, best practices, catalogs of security controls, and countless security checklists, benchmarks, and recommendations. To help us understand the threat, we’ve seen the emergence of threat information feeds, reports, tools, alert services, standards, and threat sharing schemes. And to tie it all together, we are surrounded by security requirements, risk management frameworks, compliance regimes, regulatory mandates, and so forth. There is no shortage of information available to security practitioners on how they should secure their infrastructure.
But all of this technology, information, and oversight has become a veritable “Fog of More”: competing options, priorities, opinions, and claims that can paralyze or distract an enterprise from vital action. The threats have evolved, the actors have become smarter, and our users have become more mobile. Our data is now distributed across multiple locations, many of which are not within our organization’s infrastructure anymore. With more reliance on clouds, our data and even our applications are becoming more distributed. The organizational network is now just one of the locations for users to access applications and data. And since in our complex, interconnected world, no enterprise can think of its security as a standalone problem, this situation makes collective action nearly impossible.

Ensuring cybersecurity requires coordinated efforts throughout an information system. Elements of cybersecurity include:

? Application security
? Information security
? Network security
? Disaster recovery / business continuity planning
? End-user education.
One of the most problematic elements of cybersecurity is the quickly and constantly evolving nature of security risks. The traditional approach has been to focus most resources on the most crucial system components and protect against the biggest known threats, which necessitated leaving some less important system components undefended and some less dangerous risks not protected against.
To deal with the current environment, advisory organizations are promoting a more proactive and adaptive approach.

要查看或添加评论,请登录

社区洞察