Cybersecurity Term Use | Internet Business & Consumer Law

Cybersecurity term use may not be as clear as it is used in every day conversation. Cybersecurity as a term has been bouncing around by many without carefully determining what it encompasses. The same can be said of ‘data security,’ it’s sibling. From an operational aspect advising client it is important that there be clear understanding what we are talking about. It is also important as we devise letters to the affected public in the event of a cyber incident, data breach, cyber-attack, or cyber theft. When an entity is developing policies, it is important to define these clearly for the benefit of personnel training, administrative audits, cyber audits, compliance reviews, cloud contracts, data storage agreement, and even insurance coverage.

Unfortunately, the terms have been used interchangeably and been misused. The term ‘cyber’ began to be loosely used after President Obama referred to the subject by using the term ‘cyber’ in seeking to appoint a ‘Cyber Advisor.’ What would have been more appropriate term was ‘data security,’ because the issue was about data and information protection of physical information. Ever since, the terms have been loosely used in state capital legislatures and as well among members of the U.S. Congress in their usual parlance. However, operationally, in practice dealing with clients and their issues, the terms should not be dealt loosely and should be termed appropriately.

This post seeks to clarify the terms to avoid further misuse and mischaracterization of the terms when they are referred to in business and entity operations, policy implementations, and in legal discussions. As they are loosely used, they are given the meaning for protecting information from unauthorized access. The failure to distinguish allows for gaps in insurance coverages and misdiagnosed issues in audits and in personnel evaluation. The same can be said that by failure to make the valid distinction, appropriate information technology performance is as well missed diagnosed.

In governmental policy circles ‘cybersecurity’ is the prevailing nomenclature, however, the provision that addresses cybersecurity is termed as the Federal Information Security Management Act (FISMA). Among information technology professionals and in select industries, i.e., accounting, financial, and medical, the term referred to as ‘information insecurity.’ Yet, that terminology requires clarification, because of the form of the information. The digital age is here and the information that we derive from digital networks and processes means can be termed data, digital documents, digital records, as opposed to physical information. Once that physical information is digitized, it becomes digital data.

For purposes of addressing systems, networks, and platforms, cyber security is most appropriate. For purposes of addressing the element of communication, or what is being transferred, sent, stored, or received, data security is most appropriate. As files are maintained the entity’s concern is its network integrity or network security.

Terms have been treated interchangeably. For instance, because of the interface of servers being accessed amid multiple users accessing, transmitting, and sharing the data, the practical reference is cybersecurity. The term is referring to the integrity of the system managing the activities and functions. What we see then is the digital feature of the data. So, cybersecurity is the macro systemic interface activity of networks, Internet, Intranet, email trunks, and data channels involved in the transmission, storage, and maintenance. Hence, data security is the process of addressing access permission and the scope of that access. As data-security is applied, the issues discussed cover unauthorized disclosure and access, breach of confidentiality, and data misappropriation.

As one refers to data security the reference is most appropriately placed on the information identified. Conversely, when the reference is to activity within a network or involving a network, amid devices transmitting data, then cybersecurity is applied accordingly.