Thursday 7 January 2016

What is Cyber Security?

Information Security, IT Security, ISO 27001, PAS 555, Cyber Security... What does it all mean? What's the difference? Is this something new you need to know about, or is it knowledge you already have?

What's this new cyber security thing all about?

For those well versed in IT security you'll be pleased to know it's nothing new at all - it's the same stuff we've been doing for many years!

So why the new synonym?

The cynical might sight it as a marketing initiative, creating new opportunities to sell the same old stuff under a new wrapper, and I have to say very little has in reality changed to warrant a new term.

Is there a difference between cyber security and IT security?

Some, but not a lot! Cyber security is essentially a subset of IT security, focusing only on cyber threats. For the most part that means things to do with the Internet, but cyber-space does extend to any computer to computer communcations, USB devices containing malware and the like.

So is IT security all about technical controls?

No. While the vast majority of defensive controls will be technical in nature, training and education, personnel vetting and so on are all relevant to IT and cyber security. Remember that these are themselves a subset of Information Security which covers all aspects of secure information management.

What does cyber security achieve?

Essentially it focuses on protecting computers, networks, programs and data from unintended or unauthorised access, change or destruction, ensuring the confidentiality, integrity and availability of information systems.

Why is cyber security suddenly so topical?

As the numbers of mobile users, digital applications and interconnected networks increase, so do the opportunities for exploitation. Network outages, computer viruses, data compromise and other incidents affecting our lives and businesses are becoming increasing more common. As more and more of our world becomes connected and the speed of connection increases, the risk grows. The impact, whether causing inconvenience, material losses, or threats to life, is also growing.

Is cyber security important?

Yes! SMEs, corporates, governments, military, educational, healthcare and financial institutions, and most other businesses all collect, process and store a great deal of confidential information on networked computer systems. With the growing volume and sophistication of cyber attacks, continuous effort is required to maintain the security of sensitive business and personal information, as well as safeguarding critical national infrastructure.

AgilityIS Cyber Capability

Our cyber specialists can assist you in all aspects of cyber security assurance. From secure design architecture reviews, infrastructure and web application penetration testing to assurance and due diligence reviews. We have decades of experience that we can bring to your projects.