Sunday, November 11, 2012

Approaches to corporate security

Wikipedia divides corporate security to 12 elements:

Core Elements [of corporate security]

Core elements of Corporate Security are:

  • Personal Security
  • Physical Security
  • Information Security
  • Corporate Governance
  • Compliance and Ethics Programs
  • Crime Prevention and Detection
  • Fraud deterrence
  • Investigations
  • Risk Management
  • Business continuity planning
  • Crisis management
  • Environment, Safety and Health


I have seen similar categories with other references. The problem with this kind of approach is, that for example, risk and crisis management are cross sectional elements.

Perhaps more conclusive solution would be to define elements from structural or process approach.

In structural approach elements might be 1) personal security, 2) property security and 3) information security.

With process approach, you could divide elements to 1) production security, 2) sales security) and 3) support security.

And with threat approach you could use 1) crime and 2) fraud security.

Solution approach could be 1) risk management, 2) crisis management, 3) insurance politics, 4) information protection, 5) personnel protection and 6) property protection.

Thursday, November 8, 2012

Cyber space of cyber environment

International Telecommunication Union (ITU) refers to cyber environment, when it defines cybersecurity, but it does not provide a definition for cyber environment. Cyber environment does not seem to be as used as Cyber space, which has more definitions.

Some online encyclopedias define cyber space as a virtual place for communication.

Cyberspace is the electronic medium of computer networks, in which online communication takes place. Wikipedia, http://en.wikipedia.org/wiki/Cyberspace
Cyberspace is the `place` where a telephone conversation appears to occur. Principia Cybernetica, http://pcp.lanl.gov/cybspace.html
A metaphor for describing the non-physical terrain created by computer systems. Online systems, for example, create a cyberspace within which people can communicate with one another (via e-mail), do research, or simply window shop.... Webopedia, http://www.webopedia.com/TERM/C/cyberspace.html
Cyberspace is a domain characterized by the use of electronics and the electromagnetic spectrum to store, modify, and exchange data via networked systems and associated physical infrastructures. In effect, cyberspace can be thought of as the interconnection of human beings through computers and telecommunication, without regard to physical geography. http://searchsoa.techtarget.com/definition/cyberspace

USA government and SearchSOA.com define cyberspace slightly wider:

What is cyberspace?
National Security Presidential Directive 54/Homeland Security Presidential Directive 23 (NSPD-54/HSPD­
23) defines cyberspace as the interdependent network of information technology infrastructures, and includes  the Internet, telecommunications networks, computer systems, and embedded processors and controllers in 
critical industries. Common usage of the term also refers to the virtual environment of information and interactions between people. http://www.whitehouse.gov/assets/documents/Cyberspace_Policy_Review_final.pdf
Cyberspace is a domain characterized by the use of electronics and the electromagnetic spectrum to store, modify, and exchange data via networked systems and associated physical infrastructures. In effect, cyberspace can be thought of as the interconnection of human beings through computers and telecommunication, without regard to physical geography. http://searchsoa.techtarget.com/definition/cyberspace 

 I would like to expand the concept wider than just interaction between human beings. For example, I would like to include the electricity infrastructure, stock exchange robots, online bot services under the definition of  cyber space.

Cyber space of cyber environment
I don't see a big difference between them. However I find space more wider and more suitable concept than just the environment.

Wednesday, November 7, 2012

Defining cybersecurity


Before we can discuss about any subject with shared understanding, we must have a common and shared definition for the concept. At these days cybersecurity is new and hot word at the field of information security. And, as usual, cybersecurity has several definitions. It is also used in daily discussion without exact definition.

International telecommunication union (ITU) has defined cybersecurity (referring to ITU-T X.1205):

Cybersecurity is the collection of tools, policies, security concepts, security safeguards, guidelines, risk management approaches, actions, training, best practices, assurance and technologies that can be used to protect the cyber environment and organization and user’s assets. Organization and user’s assets include connected computing devices, personnel, infrastructure, applications, services, telecommunications systems, and the totality of transmitted and/or stored information in the cyber environment. Cybersecurity strives to ensure the attainment and maintenance of the security properties of the organization and user’s assets against relevant security risks in the cyber environment. The general security objectives comprise the following:
  • Availability 
  • Integrity, which may include authenticity and non-repudiation 
  • Confidentiality 

Reference: http://www.itu.int/en/ITU-T/studygroups/com17/Pages/cybersecurity.aspx

Online encylopedia WhatIs.com defines cybersecurity:

Cybersecurity is the body of technologies, processes and practices designed to protect networks, computers, programs and data from attack, damage or unauthorized access. In a computing context, the term security implies cybersecurity. [...]

Ensuring cybersecurity requires coordinated efforts throughout an information system. Elements of cybersecurity include:
  • Application security 
  • Information security 
  • Network security 
  • Disaster recovery / business continuity planning 
  • End-user education. 

http://whatis.techtarget.com/definition/cybersecurity


ITU sees cyber environment as a key element for the definition of cybersecurity, but WhatIs.com concentrates on tools and measures of cybersecurity. The concept of cybersecurity is divided on application, information, network, recovery and education.

Conclusion
Before we can define cybersecurity, we must define cyber environment (aka cyber spce). Cybersecurity definition must include the framework, threats, measures and objectives.