Wednesday, November 7, 2012

Defining cybersecurity

Before we can discuss about any subject with shared understanding, we must have a common and shared definition for the concept. At these days cybersecurity is new and hot word at the field of information security. And, as usual, cybersecurity has several definitions. It is also used in daily discussion without exact definition.

International telecommunication union (ITU) has defined cybersecurity (referring to ITU-T X.1205):

Cybersecurity is the collection of tools, policies, security concepts, security safeguards, guidelines, risk management approaches, actions, training, best practices, assurance and technologies that can be used to protect the cyber environment and organization and user’s assets. Organization and user’s assets include connected computing devices, personnel, infrastructure, applications, services, telecommunications systems, and the totality of transmitted and/or stored information in the cyber environment. Cybersecurity strives to ensure the attainment and maintenance of the security properties of the organization and user’s assets against relevant security risks in the cyber environment. The general security objectives comprise the following:
  • Availability 
  • Integrity, which may include authenticity and non-repudiation 
  • Confidentiality 


Online encylopedia defines cybersecurity:

Cybersecurity is the body of technologies, processes and practices designed to protect networks, computers, programs and data from attack, damage or unauthorized access. In a computing context, the term security implies cybersecurity. [...]

Ensuring cybersecurity requires coordinated efforts throughout an information system. Elements of cybersecurity include:
  • Application security 
  • Information security 
  • Network security 
  • Disaster recovery / business continuity planning 
  • End-user education.

ITU sees cyber environment as a key element for the definition of cybersecurity, but concentrates on tools and measures of cybersecurity. The concept of cybersecurity is divided on application, information, network, recovery and education.

Before we can define cybersecurity, we must define cyber environment (aka cyber spce). Cybersecurity definition must include the framework, threats, measures and objectives.

No comments:

Post a Comment