Computer and data security is broadly divided into physical security and logical security. Physical security (sometimes referred to as just “security”) includes building and personnel security. Logical security is focused on the data—both in storage and in transit on the network—and is sometimes called cyber security. Cyber comes from the word cybernetics which means the science of communications and automatic control systems. The military uses “cyber” to refer to computers or computer networking.
The general perception that cyber security is a relatively new field is false. Only the current emphasis in the media is new. Cyber security has existed for years; however, it previously received minimal funding and attention due to the costs of cyber defense. It also lacked visibility, because you don’t see attacks that were deflected—nor do organizations want you to be aware of how many times they have been attacked.
This article is a broad overview of cyber security. There are several sub-areas of cyber security, but not all experts classify cyber security the same way. There is not, as of yet, an agreed upon division or taxonomy of the subject. But, relax. This article does not cover all these sub-areas and their sub-areas in detail. There are just enough highlights to make you an informed consumer, employee, or manager.
Cyber security tends to employ military terms like defense in depth, target, attack, offensive, and defensive. The various areas of cyber security use lots of terms that may be foreign to you. Included at the back of this book is a glossary of terms.
The decision of a hacker (or the hacker’s sponsor) to mount an attack is based on the perceived reward versus the risk—in other words, the ability to obtain or manipulate data without negative consequence. A defensive investment in cyber security—or how much you are willing to spend to defend against hacking—is driven by the value of the data versus the perceived risk of it being stolen, changed, or destroyed. As an example of low cost security, I used to have a large dog that accompanied me on trips. To create the illusion of high risk, I would leave a two inch chewed-through bone on the front porch while I was gone. It never failed to work.
So, what reward is worth the risk for a hacker?