« #DDoSjoke | Main | Must Read for Infosec Pros: Rich Mogull on Apple Security Strategy »

Friday, 31 May 2013


Feed You can follow this conversation by subscribing to the comment feed for this post.

We are not that far from agreement. If I read your comment correctly, we both distinguish cybersecurity and infosec protective measures similarly. I view infosec as then diverging towards wellness and preventative measures (nearly exclusively, because I think that the outcome of dedicated action in this direction reduces anticrime, counterterrorism).

I don't see cybersecurity as really being about controlling infrastructure as much as it is about political control or influence. Infosec IMO can't protect data if it can't control/protect infrastructure: I think of universal adoption of mitigation measures like BPC 38, BCP 140 as innoculations against DDoS, for example, as infosec not cybersec activities.

Cybercrime is basically crime. It's less common to find crimes (against property) perpetrated entirely in meatspace. Cyberwar is basically war: it's convenient to conflate cybersec with infosec for political reasons, and simplistic views of the tools of infosec trade make this an easy sell. Seriously, how many military assets do not have tech and networked components? Why is this different from a "secret IPS" that Chris mentions? Calling the latter out as a unique "cyber" (I so hate that term)activity is IMO no more than a useful finesse to broaden defense spending.

Hmm, my head is now hurting as it appears you are attempting to redefine an already poorly defined term, and good on you for the attempt.

The industry marketers took ownership of the term cyber for their nefarious profit taking reasons. Having done so, the security carpet baggers coined cybersecurity which has now degenerated into something that can be defined depending upon your perspective and thus which stakeholder you represent.

To me, infosec means securely controlling the data upon which information is built in order to manage that information. Cybersec is securely controlling the infrastructure (logical & physical) over which the information traverses, rests or in which it is processed. Of course, you can only control it in so much as you have authority to manage that infrastructure.

Engaging in cyberwar or cybercrime is the act of subverting the controls placed on the infrastructure and data to access information to act upon it in such a way as to gain value from it whether it is an asset or liability for its original owner/custodian.

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.


Post a comment

Comments are moderated, and will not appear until the author has approved them.

Your Information

(Name is required. Email address will not be displayed with the comment.)

Find me on Mastodon and Facebook
My Photo