Yet another interpretation of 'cyber'

I have railed repeatedly at the vague and often inappropriate or misleading use of 'cyber', in particular cyber-risk and cybersecurity (inconsistently hyphenated, as shown).

Usually, cyber simply means IT - all the usual humdrum risks and controls relating to IT systems and networks. This is everyday stuff, nothing special. Plain IT covers it.

Sometimes cyber alludes to far more extreme and sinster threats associated with highly competent and resourceful adversaries sponsored by governments, organised criminals or terrorists attacking critical national or global infrastructures - the sorts of things that might be experienced during war. Those using the term in this way tend to speak in riddles, trying hard to avoid admitting or disclosing vulnerabilities while denying knowledge of any involvement in such activities. 

Yesterday, I came across a new interpretation: to some, cyber concerns incidents that affect not just the individual or organisation compromised, but also others who also inhabit or depend upon 'cyberspace', meaning peers, business partners and perhaps society at large. Although cyberspace wasn't defined, it is generally taken to mean the Internet. Why it is given the fancy name I don't know. 

Frankly, none of these hold water with me. Information risk and information security are perfectly adequate terms, better defined, less ambiguous, more honest and straightforward.

Conceivably, cyber is a deliberate form of mis-, dis- or mal-information, explicitly intended to confuse people, diverting attention from whatever is really going on, delaying and frustrating efforts to close exploitable vulnerabilities. 

But then maybe my professional paranoia is showing through my scaly exterior, again. 

Popular posts from this blog

Pragmatic ISMS implementation guide (FREE!)

Two dozen information risks that ISO forgot

Philosophical phriday - compliance risk

ISMS internal audit priorities

Reading between the lines of ISO27001 [L O N G]

Passionate dispassion

45 ISO Management Systems Standards

Philosophical phriday - a noncompliance ramble

Adaptive SME security Crowdstrike special