The Cyber Security Journal

The concept of Cyber Security is significantly evolved from what has been traditionally viewed as IT security. The practice of Cyber Security remains to a large extent undefined and untested. We are at a crossroads, we understand the scope of the problem and we understand at a high level the types of things that need to be done to address it, but we’re still having difficulty moving from this strategic realization to a tactical reality.

More than a decade ago, the first attempt to capture a comprehensive description of IT security was undertaken in the United Kingdom. The outcome of that effort was the ITIL framework. ITIL represents first a taxonomy of IT related terms and capabilities. Security related elements are embedded within the larger framework. Other Enterprise Architecture (EA) frameworks have attempted to capture the enterprise security components (within a typical organization or infrastructure) and their relationships as well. All of these efforts have greatly improved our understanding of current IT practice, however they’ve done little to help prepare us for future practice.

The implied requirements surrounding Cyber Security are unique. We must view security as a continuous lifecycle and as an all-pervasive element which has the potential to impact every business process and every technical element we manage. The very same trends that have led to the convergence of IT capability with every other activity in every organization; cyber connectivity and solution standardization, have as a result led to ‘any point of failure’ situation. In other words, any failure in security anywhere can lead to a failure of all security everywhere.

As with any new practice, the problem space and the solution space require complete definition before solutions can be developed and implemented on a consistent basis. For that reason, we’ve decide to explore or create an update vocabulary for IT or Cyber Security. Over the coming year, the CCS Journal will introduce new or updated terms with each edition. The dictionary will include descriptions of how these terms or concepts might apply to current or future solutions and will map to related terms.