Cyber security refers to the protection of information systems (hardware, software and associated infrastructure), the data on them, and the services they provide, from unauthorised access, harm or misuse. This includes harm caused intentionally by the operator of the system, or accidentally, as a result of failing to follow security procedures.(Cabinet Office, 2016, p. 16)
Strictly speaking, cyber security is a subset of information security (often abbreviated to infosec): the protection of all information, not solely that processed by computer systems. While ‘cyber security’ and ‘information security’ are often used interchangeably by cyber security practitioners, it is worth remembering that information security long predated the invention of the computer.
During the next four weeks you will build a vocabulary of cyber security language that will allow you to understand and describe this rapidly developing field. By the end of this block, you should be able to understand and use all the terms in the following paragraph:
The DNC attack represents a major breach of confidentiality with massive political and reputational consequences. The attackers initially exploited a vulnerability in the DNC’s poor understanding of the human factors of security; but the hacking group remained within the DNC computers for many months, compromising individual machines and exfiltrating confidential information as a textbook example of an advanced persistent threat.
Some of those terms may be familiar; many will be new – but by the end of this block you will be able to use terms such as ‘breach’, ‘confidentiality’ and ‘vulnerability’ with assurance. So, let’s get started with two words that are going to be used on a frequent basis and that can be found in almost all media stories about cyber security: incident and breach. The two terms are often used on an interchangeable basis; however, to cyber security professionals they have specific and different meanings:
An incident is a security event that potentially compromises an individual or organisation. For example, ‘incident’ should be used where there is a possibility that data has been stolen, altered or deleted – but this cannot be confirmed; or where data has been left exposed to such risks.
-
A breach is a type of incident resulting in the confirmed compromise of an individual or organisation.
-
In the context of the attack on the DNC – while this could be described as an incident, events should be described as a breach since confidential emails were stolen from the organisation causing serious damage.
-