Cybersecurity is the body of technologies, processes and practices designed to protect networks, computers, programs and data from attack, damage or unauthorized access. In a computing context, security includes both cybersecurity and physical security.
Ensuring cybersecurity requires coordinated efforts throughout an information system. Elements of cybersecurity include:
One of the most problematic elements of cybersecurity is the quickly and constantly evolving nature of security risks. The traditional approach has been to focus most resources on the most crucial system components and protect against the biggest known threats, which necessitated leaving some less important system components undefended and some less dangerous risks not protected against. Such an approach is insufficient in the current environment. Adam Vincent, CTO-public sector at Layer 7 Technologies (a security services provider to federal agencies including Defense Department organizations), describes the problem:
The threat is advancing quicker than we can keep up with it. The threat changes faster than our idea of the risk. It’s no longer possible to write a large white paper about the risk to a particular system. You would be rewriting the white paper constantly.
To deal with the current environment, advisory organizations are promoting a more proactive and adaptive approach. The National Institute of Standards and Technology (NIST ), for example, recently issued updated guidelines in its risk assessment framework that recommended a shift toward continuous monitoring and real-time assessments.
According to Forbes, the global cybersecurity market reached $75 billion for 2015 and is expected to hit $170 billion in 2020.
This was last updated in November 2016
Continue Reading About cybersecurity
oneilldon – 17 Jan 2017 2:54 PM
In Cyber Security, selling the problem has become the preferred approach because there is no convincing Cyber solution to sell. Cyber Security is a problem without a solution. The remedy? Don’t use the Internet for data and information you cannot afford to lose. If an organization is currently using the Internet for data and information it cannot afford to lose, then it must engage in Operation Cyber Pullback.
The approach for industry? Use the Internet only for data and information you can afford to lose. Employ three-factor authentication. Employ keyless encryption based on arbitrary nondeterministic, key-based mathematical methods.
The approach for government? Set a high goal to achieve resilience. Here resilience is the ability to anticipate, avoid, withstand, minimize, and recover from the effects of adversity whether natural or man made under all circumstances of use. Employ integration engineering, a resilience integrator, and intelligent middlemen in the Critical Infrastructure system of systems. Understand and anticipate cascade triggers in the Critical Infrastructure system of systems. Indemnify industry partners to foster information sharing needed for anticipation and avoidance.
In the resilience value proposition, the payoff comes in avoiding consequences, outcomes, and bad actors.
1. Avoidance of consequences includes loss of data and information, loss of privacy, loss of well being, loss of identity, loss of money, loss of life, loss of opportunity, cleanup costs, loss of trust, and loss of availability.
2. Avoidance of outcomes includes unauthorized access, loss of data, tampering with data, erosion of performance, and denial of service.
3. Avoidance of bad actors includes disgruntled employee, hacker, corporate spy, criminal, terrorist, organized crime, and nation state.