40 What Every Engineer Should Know About Cyber Security
Whether you are a manager that needs to establish and implement an
information security program or an engineer that wants to understand the
information security program where you work, this chapter is a great place
to start, as it is an overview of the major components that are recommended
to be part of any security program. First, let us dene two terms: information
security and cyber security. Information security is the process of protecting
data against unauthorized access while ensuring its availability, privacy, and
integrity. Cyber security is the body of technologies, processes, and practices
designed to protect networks, computers, programs, and data from attack,
damage, or unauthorized access; in other words, it implies more than the
protection of data. Therefore, information security can really be consid-
ered a subset of cyber security. However, in reality, these terms are used
interchangeably. We can conclude that the difference between information
security and cyber security is that cyber security includes a few additional
elements such as application security, network security, disaster recovery,
and business continuity planning. Just in case there are any linguists
reading this chapter, the history of the word “cyber” was explained by Ed
Felten in his 2008 article, “What’s the Cyber in Cyber-Security?” Essentially,
it started with a Greek word that implies a boat operator; then Plato used it
to mean “governance,” and then, in the twentieth century, Norbert Wiener
used “cybernetics” to refer to the robot controller. Finally, William Gibson in
his novels about the future coined the word “cyberspace.” Now it seems that
the word “cyber” is put in front of anything and everything associated with
the Internet.
3.2 Information Security
Information security is a system consisting of many parts: software, hard-
ware, data, people, procedures, and networks (Whitman and Mattord 2012).
Each component of the system clearly has different security requirements,
but they are all based on the CIA Security Triad Model (44 United States
Code, Section 3542). The following are the ofcial denitions of the security
characteristics as well as the model (Figure3.1):
Availability: Ensuring reliable access to and use of information at all
times
TABLE3.1
Large Data Breaches
Global Payments January 2012 1.5 Million accounts
CardSystems Solutions January 2005 40 Million accounts
TJX Companies January 2007 90 Million accounts