In the April 16, 2018, Ver 1.1 draft report of the Framework for Improving Critical Infrastructure Cybersecurity, The National Institute for Standards and Technology defined ‘cybersecurity’ as, “The process of protecting information by preventing, detecting, and responding to attacks.”

Cybersecurity should be thought of separately from information or data security. Prior to the interconnectivity of the internet, data security was primarily concerned with personnel errors, the physical plant protecting the data, and natural disasters. Cybersecurity, on the other hand, has to provide a secure environment for the data as it is processed, stored and transmitted around the internet.  The classic considerations for cybersecurity in cyberspace are availability, confidentiality and integrity of the data. (ISO 27032 ¶4.8) Users want the data to be available on demand without interruption, kept confidential without unauthorized access, and be unaltered without unauthorized modification.

‘Cyberspace’ is defined as the complex environment resulting from the interaction of people, software and services on the internet by means of technology devices and networks connected to it. (ISO 27032 ¶4.21) The International Organization for Standardization in Switzerland has published well respected guidelines for Information Security Management Systems (ISO 27000 et al) and more specifically for Cybersecurity (ISO 27032).

Disciplines associated with data security and cybersecurity include cybersafety and cybercrime. The ISO 27032 defines ‘cybersafety’ generally as being protected in the cyberspace against physical, social, spiritual, financial, political, emotional, occupational, psychological, educational or other types or consequences of failure, damage, error, accidents, harm or other event.

Cybercrime is defined as criminal activity where services or applications in the cyberspace are used for or are the target of a crime, or where the cyberspace is the source, tool, target or place of a crime. (ISO 27032 ¶4.8)