Cyber Security, Information Security, IT Security, InfoSec…which is what?
So the new buzz word seems to be Cyber. I haven’t heard it since the early 2000s really, when it was directly related to MSN Chat rooms, and referred to something that you didn’t want to get caught doing in the University computer room. Now, every customer I have is asking me about our approach to Cyber Security, typically, it seems on the back of an executive presentation by a vendor or consultant who is looking to change the game.
When I look at Cyber Security, the wealth of knowledge that is Wikipedia tells me: “Computer security, also known as cybersecurity or IT security, is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide.”
Now that’s an old definition, but it’s still pretty accurate and it’s refreshing to know that we’ve been providing Cybersecurity for our customers for over 30 years!
This document is a great read and highlights the importance of aligning to a best practice standard. Locally we have seen ISO27001/2 being used as best practice (for those organisations not covered by PCI, APRA, PSPF or other local standards) however we have seen NIST being used more and more, and requests for Cybersecurity Assessments becoming more common.
On another note, those security professionals interested in further education and adding certificates to their resumes, I don’t mind Paul’s Security Podcast. This edition they interview a couple of long term members of GIAC to discuss the benefits of certification and why / why not it matters.