The word Cybersecurity is thrown around so much these days it has almost become overused in many conversations. This is due to the vast number of topics associated with its meaning. So how can we define it better? Traditionally Cybersecurity has described as a process for securing information or assets owned by governments, organizations, and individual people. The term itself can be considered a discipline that drives security initiatives and categorizes risks, vulnerabilities, and threats. Assente and Tobey (2011) describe Cybersecurity as people (both defenders and attackers), engaged in a contest of playing out on a field of information systems and technology. Cybersecurity influences organizational processes, policies and overall strategy through principles and frameworks. This better informs and fosters the awareness of threats, management of risk, and development of resilient multi-layered security systems. Homeland Security describes the importance of cybersecurity in protecting infrastructure that is vulnerable to a wide range of risk stemming from both physical and cyber threats and hazards. DHS (2016). These threats can include internal personnel within an organization, external people, and natural threats such as electricity outages. Within the organization, employees are typically categorized as the highest threat.
Over the years, cybersecurity has influenced laws and regulations within the United States as well as across the globe. One of the most comprehensive laws in the US is the Federal Information Security Act (FISMA), which was put in place to require “all government agencies to develop security management systems.” Vacca (2010). In order to comply with FISMA, the agency must perform a risk assessment to determine what controls will be needed and then implementation of these controls must be carried out. Frameworks such as the National Institute of Standards and Technology (NIST) provides a comprehensive list of security controls based on different security classifications to assist Federal agency meet FISMA requirements.
To summarize, the term cybersecurity can refer to functions, tasks, strategies, and policies. It describes defenses, criminal intent, risk and mitigation approaches, and provides standards and frameworks for security defense. The term has become a catch-all for much of what traditionally fell under the ‘information assurance’ category, in addition to the other areas mentioned here. The term itself will continue to be used to describe emerging technologies, approaches and strategies into the foreseeable future.