De-mystifying Cyber Security Terms

In our business we talk a lot about cyber security, IT security, information risk and information assurance and but what do the terms really mean?

We want you to fully get to grips with Information risk management (there’s another one!) and what it’s all about and so have outlined the core terms below.

Information Risks. Information risksare the threats and vulnerabilities every organisation faces today. When it comes to the information you rely on there is a growing need for protection from loss, damage or malicious attack.

Protection means three things:

  1. Confidentiality – your information should only be accessible to those with a genuine business need.
  2. Integrity – your information needs protection from unauthorised changes.
  3. Availability – your information needs to be available to the right people at the right time.

IT or Computer Security. The technical security controls used to protect the functionality of IT systems or the information they store. These controls are developed to protect the confidentiality, integrity or availability of information.

“ModernIT security: at the basic end of the spectrum, this means keeping all software patched, minimising exposure to attack via un-trusted networks and auditing for unusual behaviour.

At the more complex end, it is about broad and comprehensive monitoring to quickly detect and respond to intrusions.

At both ends, it’s about ensuring you know when an attacker has got into your network, minimising the (temporary) access they enjoy, ensuring you know what they’ve done, knowing you can kick them out quickly, and being sure they can’t get back in the same way.”

Dr Ian Levy, Head of CESG, quoted in the Guardian Government Computing, 25 October 2011.

Information Security. All controls (physical, procedural, personnel and technical) that are used to protect the confidentiality, integrity and availability of information, regardless of form (on IT systems, hardcopy prints, telephone lines etc.) Information security is the term used in the commercial world (for government sectors see IA). It is the result we all want – adequate protection for valued information.

Information Assurance (IA). Information Assurance (IA) expands on Information Security to highlight the need for formal assurance requirements. IA is the term used by most western governments.

“The confidence that information systems will protect the information they handle; function as they need to, when they need to; and be under the control of legitimate users.”

Cyber Security. Expands on Information Assurance or Information RiskManagementto include the ability to proactively respond to the threats. Cyber security involves protecting information by preventing, detecting and responding to attacks.

Information Risk Management (IRM). The solution. The process of identifying, understanding and managing the risks to your information within the context of an organisation’s business needs. It is what we do here at Ascentor (see: Information Risk Management the Ascentor Way ).

“The systematic application of management policies, procedures and practices to the tasks of analysing, evaluating, treating and monitoring information related risks.”

Please let us know of any jargon we’ve missed and that you’d like a definition for. We will add it to our jargon buster .

Article by Dave James , MD of Ascentor

Related Articles:


You may also be interested in:

Building business resilience

Building business resilience - through Information Security, Business Continuity and Disaster Recovery

How strong is your business resilience to threats to IT, information and physical security? And how can security standards like ISO 27001 and ISO 22301 help?

Ascentor's cyber security review 2020

Ascentor’s cyber security review of 2020

It was the year a different kind of virus dominated. But that didn’t stop cyber criminals exploiting it. We look back at 2020.

Cyber security myths of SMEs

Cyber security myths putting SMEs at risk

SMEs have long been a favourite hunting ground for cyber criminals and, in the worst case scenario, may not survive. We look at some of the myths that put SMEs at risk of cyber crime.