Words are hard. English is hard. How we manage to communicate anything is nigh a miracle. Here are list of some commonly misused terms in the field of cybersecurity (these are unofficial descriptions that are meant to be informative):<\/p>\n\n\n\n
Data vs. Information vs. Knowledge<\/em><\/strong><\/p>\n\n\n\n Data<\/em> is usually considered the bits and bytes that information is composed of. Information<\/em> turns multiple bits and bytes into something useful. For example, a temperature sensor may read \u201c102,\u201d but information<\/em> tells us that it\u2019s 102 degrees Fahrenheit on a temperature sensor that was in a human\u2019s mouth. Knowledge<\/em> is what allows information<\/em> to turn into action. It says that 102 degrees Fahrenheit for a human being is much too hot. The lines between data<\/em>, information<\/em> and knowledge<\/em> are blurry, but there are some who argue those lines fiercely.<\/p>\n\n\n\n Threat vs. Risk<\/em><\/strong><\/p>\n\n\n\n A threat<\/em> is either used to mean something bad that could happen or an entity that may cause something bad to happen (also called a \u201cthreat actor\u201d). Risk<\/em> includes the probability that the bad thing could happen and the potential result(s). People often (incorrectly) use these words interchangeably.<\/p>\n\n\n\n Risk Management<\/em><\/strong><\/p>\n\n\n\n The process of responding to the potential that something bad might happen. There are generally four options: accept the risk, transfer it, avoid it or mitigate it. Depending on who you talk to, there are at least eight options<\/a>, but these are the traditional four. When a cybersecurity person talks risk management, they may be referring to the process laid out in the Risk Management Framework<\/a>.<\/p>\n\n\n\n Cybersecurity<\/em><\/strong><\/p>\n\n\n\n Basically, the protection of computer systems (including networks, the internet and anything \u201csmart\u201d). However, it has been used as an umbrella term that also encompasses information assurance, data protection and privacy. This term will likely keep changing until somebody can adequately explain what \u201ccyber\u201d is.<\/p>\n\n\n\n Information Assurance (or Security)<\/em><\/strong><\/p>\n\n\n\n The protection of any facts, news, knowledge, or sometimes data, in any form \u2013 paper, electronic, stone tablet, signals, memorized, etc. Often confused with and put under the cybersecurity umbrella.<\/p>\n\n\n\n Standard<\/em><\/strong><\/p>\n\n\n\n The word standard<\/em> can be used to mean a level of quality or an accepted norm. <\/p>\n\n\n\n Requirements vs. Controls<\/em><\/strong><\/p>\n\n\n\n Both of these terms can be used to identify specific activities, processes, practices or capabilities an organization may have or do to manage their cybersecurity risk. Controls<\/em> may or may not be mandatory, whereas requirements<\/em> generally are. <\/p>\n\n\n\n Audit vs. Assessment<\/em><\/strong><\/p>\n\n\n\n In cybersecurity, the term audit<\/em> often has a more formal and negative undertone than in some other disciplines. Audits<\/em> are done after an incident such as a data breach (generally an internal audit), at the request of a customer (usually an external audit conducted by the customer), or to obtain a certification (a third-party audit). Assessments<\/a><\/em> are typically, but not always, more like a friendly health check-up. Encompassing any number of activities, assessments can be narrow or broad, with as much rigor as the company being assessed desires, or is appropriate to the situation. One exception to this general rule is in the Cybersecurity Maturity Model Certification (CMMC) program, which uses the word assessment<\/em> as the formal method by which a company is evaluated.<\/p>\n\n\n\n Compliance<\/em><\/strong><\/p>\n\n\n\n Compliance<\/em> typically refers to meeting a requirement (internal or external, sometimes regulatory) and often is shown with a certification or attestation of some sort.<\/p>\n\n\n\n Summary<\/em><\/strong><\/p>\n\n\n\n Words in English evolve almost as quickly as memes on the internet. In the field of cybersecurity, it seems this is done with reckless abandon. But understanding some of these key terms<\/a> and how they are used will help in understanding and communicating your cybersecurity needs. Source<\/a><\/p>\n\n\n\n iTM covers all aspects of Cyber Security including but not limited to Home cyber security managed solutions to automated, manage threat intelligence, forensic investigations, Cloud security best practice & architecture and cyber security training. Our objective is to support organisations and consumers at every step of their cyber maturity journey. Contact Us <\/a>for more information.<\/p>\n","protected":false},"excerpt":{"rendered":" Words are hard. English is hard. How we manage to communicate anything is nigh a miracle. Here are list of some commonly misused terms in the field of cybersecurity (these are unofficial descriptions that are meant to be informative): Data vs. Information vs. Knowledge Data is usually considered the bits and bytes that information is … <\/p>\nHow Can ITM Help You?<\/h5>\n\n\n\n