Definition of cybersecurity
Gaps and overlaps in standardisation
In response to the European Union’s Cybersecurity Strategy, the CSCG has published a White Paper with recommendations on digital security as essential capability to digital souverainity and a digital society. The CSCG’s recommendations underline the importance of Cybersecurity standardisation to complete the European internal market and to raise the level of Cybersecurity in Europe in general. CSCG Recommendation #2 proposes a review of the definitions of the term ‘Cybersecurity’. This document analyses the usage of this term by various stakeholders and reviews standardisation activities in... the area of Cybersecurity, providing an overview of overlaps and gaps in available standards. It has been written by CSCG and ENISA experts as a response to the Recommendation #2 and forms a logical entity together with the response to the CSCG Recommendation #1, Governance framework of the European standardisation – Aligning Policy, Industry and Research, published by ENISA at the same time. Both documents will be presented for approval at the next CSCG plenary that is scheduled to take place in Berlin, 14-15 January 2016. As a result of the discussion at the CSCG plenary meeting and feedback received revised versions of the documents might be produced. In language terms ‘Cybersecurity’ or ‘cyber security’, depending on the organization and the spelling of the word within its context, is a rather young term. Originated on the term ‘Cyber Space’, the term ‘Cybersecurity’ was crafted and used by IT professionals, consultants, lobbyists and politics to address security concerns in the ‘Cyber Space’. But what does this mean? Does ‘Cybersecurity’ only address risks originating in the ‘Cyber Space’? Does ‘Cyber security’ only consider the protection of virtual assets within the ‘Cyber Space’? Does ‘Cyber security’ also apply to physical assets, such as Industrial Control Systems, production lines, power plants, etc. although they are not primarily designed to be in the ‘Cyberspace’?
- Corporate author(s): European Union Agency for Network and Information Security Themes: Information technology and telecommunications
- Subject: computer crime, computer network, computer systems, data protection, digital technology, information technology, Internet, standardisation