"There is perhaps no term more overhyped, overused, overloaded and misunderstood in infosec and politics today than cybersecurity. Infosec and cybersecurity are often used interchangeably..."Many InfoSec pros bash the use of the qualifying term "cyber" and consider it a sign of incompetence on the part of the speaker or writer. They also see it as a sign that the field is being over-run by Beltway policy types, military types, and lawyers who really know nothing about it.
Rather than try to banish it, I agree with Dave that it should be used to mean a superset of information security, and not used as a synonym. If enough people use it that way, it might catch on.
Dave suggests this distinction:
"Label as infosec activities that seek to fix actual security defects (i.e., cure, manage or improve health). This would include categories like secure code development, best practices and technology to identify or mitigage suboptimal (vulnerable) configuration, SIEM, identity and data/privacy protection. Label as cybersecurity activities that are offensive, reliatory or surveillance (military intelligence)."This is OK, but I suggest a broader definition:
- "Cyber security" -- the confluence of information security, industrial control security, privacy, identity, and digital rights, along with civil liberties and national/homeland security in the digital domain.
What do you think? If someone can come up with a better umbrella term, I'm all for it.
(Edit 6/26/13: added "identity" to the definition. It's a key integrating thread. Also added "industrial control security".)