In this video, Kip Boyle dissects what cybersecurity means in modern terms. Learn about the origins of the practice and the history of securing information in cyberspace.
- Cybersecurity is a hot buzzword these days, but what is it? The term cybersecurity first emerged into our collective consciousness in 1994 according to the Merriam-Webster Dictionary, so it's a pretty new idea. We can't even agree how to spell it yet. Is it one word? Do we use a hyphen? It is two words? Does it matter? While the term first showed up in 1994, it didn't really enter the mainstream until 2010. And even then it was considered by information security professionals to be a highly sensationalized term, more appropriate for television and movies.
Although it's gained some legitimacy in professional circles, the definition of cybersecurity is not as widely agreed to as the definition of information security. Some people think the two terms are synonymous or that cybersecurity is a subset or a superset of information security. Some people say cybersecurity is just a newer and possibly more silly term for computer security or network security. But the term cybersecurity is important for implementing an information security program, so I'm going to define it.
The National Institute of Standards and Technology in the United States defines it as the ability to protect or defend the use of cyberspace from cyber attacks. Now, the NIST definition's okay, but when they say cyberspace, we'll say Internet. Also, their definition doesn't talk about risk, and we'll need to deal with that, because risk is an important input to prioritizing where we'll deploy the limited resources we have for our information security program.
So for our purposes, let's define cybersecurity as the actions we take to reduce the risks of being connected to the Internet down to a level that's acceptable to our employer or customer. And that's cybersecurity.
- Goals and components of an information security program
- Measuring and managing information risks
- Reducing risks to an acceptable level
- Using a workflow to organize your work
- Communicating progress with executives and stakeholders
- Demonstrating compliance