The Tensions And Overlaps Between Cyber And Data Security

Expert Blog Entry by Kirk J. Nahra Cybersecurity is a hot buzz word in Washington these days. Congress debates the impact of cybersecurity risks on a wide range of national concerns. The U.S. Food and Drug Administration (FDA) warns about the risk of cyber attacks on medical devices. The White House is implementing an Executive Order (EO) to develop a cybersecurity framework. The news media reports almost daily on cyber attacks, with ever-increasing levels of frantic concern. But what is cybersecurity? And how is it similar to (and different from) its older sibling ( with a more detailed legislative and regulatory history), data security? Essentially, these concepts are roughly the same, driven by different concerns ( personal privacy versus national security ). The main differences are the scope to where attention is focused in regulations. Data security regulation has sought to prevent the disclosure of personal information; cybersecurity concerns focus on keeping “critical infrastructure” functioning. But any company affected by cybersecurity concerns ( whether in “critical infrastructure’ or not) should understand that the core regulatory framework for compliance and best practices is driven by the wold of data security, where detailed laws and regulations ( as well as enforcement authority) apply to virtually all companies, regardless of industry. Businesses may find the cybersecurity threat to be an effective motivator for action, whether through new resources or gained heightened management attention, but the risks from cyber attacks essentially mirror the risks that have been addressed through data security regulation for more than a decade…. [ Read Complete Article ]

Tags: Cyber and Data, Data Security, Kirk J. Nahra, Privacy and Security, Security