What exactly is security?
The term "Security" comes from the Latin securitas / sine cura + tutus /,in part, the word is derived from the German Sicherheit. Those terms mean carelessness, safety, security, peace, protection, security, indisputability. In every sense of the word, it is a condition in which safety, order or the protection of life, health, the environment or
property, ie when the protected assets and objects are owned by an entity. The term "security" can be interpreted dynamically or statically. So, be it for sure current state, or vice versa, as a running process, a living social domain, continuously ongoing area of human activity.
An understanding of security in the social sciences, for example, is interesting. In the sense of internal security, it is the sum of social relations which is governed by law and which it protects the rights and legitimate interests of natural and legal persons, the interests of society and the constitutional establishment, the actual level of how these relationships are protected, the category in which security is understood, as permissible level of danger. In this dynamic perception, it is the process that ensures security, integrity, inviolability (safe); protection, defense.
The resulting static security state can be viewed in two ways:
a / objective - given by the actual absence of threat,
b / subjective - as a consequence of the absence of perception of threat.
Security itself is therefore a rather broad concept, which is used to be different areas of human activity are given different meanings. In the area of threats affecting information assets, this term has its own specifics and a different, more radical meaning than it is commonly attributed to this term, e.g. in connection with police functions or other phenomena
within the state.
But whatever security subdomain we are talking about, I mean a certain one "Security status", an objectively descriptive state of relative security against threats and risks for a certain group of people, whether it means the state, city, workplace, house, system…
Data becomes information when it acquires meaning and value. The value of information it is always determined by their owner, ie the one for whom the information is relevant. Whether for teaching, creation profit, production line management, transport or energy dispatching, or management social relations. The latter is as little as possible in our, almost Orwellian world automated .If the information is data that have an owner, context and value, then information security means information security. This is the state in which the information is considered secure, it is part of information management regardless of physical condition data, regardless of their format, regardless of the method of their interpretation and regardless of the medium, through which they are stored and transmitted. A valid definition for information security is also the
management of threats and risks that affect information assets. Or - managing the threats and risks that affect the data.
Cybersecurity, cybercrime, cyber defense…
The orelácia not causality, and it would be incorrect to say that the prefix "cyber" or "Cyber" we give to every human activity for which data and their processing are important. It wouldn't be either the truth is that any human activity in which there are threats to data is an activity "Cybernetic" because there seems to be no real-world activity today that would it could not be influenced by cyberspace activity. In short, IT has penetrated to all areas of life. Of course, even the most sensitive ones - the national defense, the criminal activity, critical infrastructure, basic services, life and health citizens.
If we want to find the boundary between what is and what is (or what else) is no longer cybernetic security, we must distinguish whether we look at the definition of cyber security from a perspective the entity (ie observer) to whom the electronically processed information relates, or from the point of view of the object (ie the object of observation).
The subject is the owner of the information. However, neither observation nor ownership arises without existence object - in this case the data itself. From a military-political point of view, security is expressed by survival, preservation of existence and fundamental human values. But what subject we discuss cyber defense cyber defense protection against cyber warfare crime? Undoubtedly about the data. Important, even extremely important, but about data. Data in this relationship is an object, while people are the ones who perceive the impact of threats. Humans are therefore the subject of observation. Even in legal theory, an object is an object to be achieved by the legal relationship. They consider goods, assets to be objects. In this case, the so-called information assets. In all three cases mentioned in the title, this is undoubtedly important human activities, all of which focus on the protection of data relating to those activities or data
affected by these activities. And data protection is information security . If it happens malicious manipulation of data, their confidentiality or integrity, or availability, is compromised, whatever
are the basic attributes of reliability, ie information security. The same applies to unauthorized, malicious, unethical handling, or algorithmization of data.
In technical fields, the authoritative reference for nomenclature is appropriate
international technical standard. Nomenclature and description of relations in the field of cybernetics security, a description of the unique aspects of this activity, the relationship to other security domains and basic procedures for all cyber stakeholders, it provides International Standard: ISO / IEC 27032: 2012 Information technology - Security techniques -Guidelines for cybersecurity. Apart from the fact that ISO 27032 applies, it can still be argued that the adjective
"Cyber" is only suitable for security if we are talking about the security of electronically processed ones give. Electronically processed is also electronically controlled - so of course the same logic also applies to control systems.
It should be noted that technical standardization in information security is does not deal with some specific sectors. Such as national defense and forensics.Due to the high level of specialization, these activities are naturally left to development separate sectors, with no question from the professional public.
However, they still are sectors that have been derived from information security. Because the object of protection is guarantee security of information, not the feeling of security of their owners.
Prepared by: T.Szabo on 01.10.2020 slovacchia