For someone working in (broadly speaking) Cyber Security for a long time, gathering its different meanings and nuances was an interesting mission. Not too surprisingly, the definition of Security is only consensual to a limited degree. It should be noted that we reviewed this concept in the wider context of TIPS: Trust, Identity, Privacy, Security.
In order to find a definition of Security, we did a brief and informal survey of online material. We broke down stakeholders in
Perhaps the common element is around the notion of attack: it’s about protecting the organisation against cyber-attacks.
ITU 1 provides a lengthy definition which, summarised, essentially brings an operational definition: it is the collection of measures to protect against a cyber-attack. This notion is supported by the UK’s national agency, NCSC2, and USA’s standards body NIST3. ISO, in its ISO 270014, provides a definition of Information Security in line with the publication.
News agencies, such as TechTarget5, and even household dictionaries such as Merriam-Webster6, use definitions that revolve around protection against attacks.
Businesses and related channels, such as Cisco7 or Kaspersky8, also focus on protection against attacks from assets.
Turning to academic publications, two deserve a special mention. Craigen et al9 propose that Cybersecurity is the organization and collection of resources, processes, and structures used to protect cyberspace and cyberspace-enabled systems from occurrences that misalign de jure from de facto property rights. Schatz et al10 did a survey of literature in finding the commonalities of a definition to essentially find that it conflates around the idea that it is the set of measures to protect digital assets against cyber attacks, either by technology or human practices.
Overall, there is a pattern:
We do not challenge this set of definitions but it gives us a feeling that it is only partial:
We’d welcome your views. What could be missing from this definition? Or is it fairly complete as other aspects fall under the other elements of Trust, Identity or Privacy?
References:
This is the first blog in a series by the SPRITE+ funded Digital Technologies, Power & Control Challenge Working Group.