Securing Information
Strengthening Business

De-mystifying Cyber Security Terms

In our business we talk a lot about cyber security, IT security, information risk and information assurance and but what do the terms really mean?

We want you to fully get to grips with Information risk management (there’s another one!) and what it’s all about and so have outlined the core terms below.

Information Risks. Information risksare the threats and vulnerabilities every organisation faces today. When it comes to the information you rely on there is a growing need for protection from loss, damage or malicious attack.

Protection means three things:

  1. Confidentiality – your information should only be accessible to those with a genuine business need.
  2. Integrity – your information needs protection from unauthorised changes.
  3. Availability – your information needs to be available to the right people at the right time.

IT or Computer Security. The technical security controls used to protect the functionality of IT systems or the information they store. These controls are developed to protect the confidentiality, integrity or availability of information.

“ModernIT security: at the basic end of the spectrum, this means keeping all software patched, minimising exposure to attack via un-trusted networks and auditing for unusual behaviour.

At the more complex end, it is about broad and comprehensive monitoring to quickly detect and respond to intrusions.

At both ends, it’s about ensuring you know when an attacker has got into your network, minimising the (temporary) access they enjoy, ensuring you know what they’ve done, knowing you can kick them out quickly, and being sure they can’t get back in the same way.”

Dr Ian Levy, Head of CESG, quoted in the Guardian Government Computing, 25 October 2011.

Information Security. All controls (physical, procedural, personnel and technical) that are used to protect the confidentiality, integrity and availability of information, regardless of form (on IT systems, hardcopy prints, telephone lines etc.) Information security is the term used in the commercial world (for government sectors see IA). It is the result we all want – adequate protection for valued information.

Information Assurance (IA). Information Assurance (IA) expands on Information Security to highlight the need for formal assurance requirements. IA is the term used by most western governments.

“The confidence that information systems will protect the information they handle; function as they need to, when they need to; and be under the control of legitimate users.”

Cyber Security. Expands on Information Assurance or Information RiskManagementto include the ability to proactively respond to the threats. Cyber security involves protecting information by preventing, detecting and responding to attacks.

Information Risk Management (IRM). The solution. The process of identifying, understanding and managing the risks to your information within the context of an organisation’s business needs. It is what we do here at Ascentor (see: Information Risk Management the Ascentor Way ).

“The systematic application of management policies, procedures and practices to the tasks of analysing, evaluating, treating and monitoring information related risks.”

Please let us know of any jargon we’ve missed and that you’d like a definition for. We will add it to our jargon buster .


Article by Dave James , MD of Ascentor

Related Articles:

 

For Further Information

If you have any questions about the topics we've covered, or would like to have a chat about any aspect of your own cyber security strategy, please get in touch with the team at Ascentor.

Please use the contact details below - also found on our Contact Us page.

RECEIVE THE LATEST CYBER SECURITY NEWS AND CONTENT

Fields marked with an * are required
Share this:

You may also be interested in:

Building business resilience - through Information Security, Business Continuity and Disaster Recovery

How would you recover if something went drastically wrong with some, or all of your business operations? When we think of worst case scenarios,

Ascentor’s cyber security review of 2020

2020 wasn’t the first year where a virus emerged causing large scale disruption and opportunities for cybercrime. It was, however, the first time

Cyber security myths putting SMEs at risk

SMEs have long been a favourite hunting ground for cyber criminals. Big enough to be of interest in terms of data held and yet often small enough