Jay Heiser

A member of the Gartner Blog Network

Jay Heiser
Research VP
6 years at Gartner
24 years IT industry

Jay Heiser is a research vice president specializing in the areas of IT risk management and compliance, security policy and organization, forensics, and investigation. Current research areas include cloud and SaaS computing risk and control, technologies and processes for the secure sharing of data… Read Full Bio

Coverage Areas:

Everything is more better with Cyber on it

by Jay Heiser  |  September 13, 2013  |  2 Comments

I’m feeling the walls of our linguisitic purity come crashing down, battered by the waves of language evolution.  In short, I’m ready to acknowledge an increasingly popular usage, and start using the trendy term ‘Cybersecurity’.  

Such terminological transitions are no new thing in a space that could still legitimately be labeled as ‘computer security’.  Working for a beltway bandit in 1995, I have vivid memories of a passionate beer-fueled discussion over the relatively new term ‘information security’, and whether that was an appropriate designation for an increasingly significant discipline, or just a pretentious and hyped new label. 

Since that time, my friends in the military-industrial ghetto have recharacterized the holistic approach to ensuring that nothing bad happens to stored communications as ‘information assurance,’ and arguably arriving several years later,  the commercial world has an essentially equal set of expectations for the term ‘information risk management’.

Meanwhile, Gartner is fielding a record number of calls on ‘CYBER’ security topics.  Unsurprisingly, the answers vary when we try to dig deeper into the underlying questions. When I asked one Cybersecurity vendor just what they thought the term meant, they explained that it referred to ‘computer security–with the Internet’.  Given that I’ve been on the Internet, and involved in security topics, since 1987, I just didn’t find that a satisfactory answer at the time.  Yet, the more I think about it, the more it rings true.

In today’s parlance, ‘cyber’ clearly equates to ‘digital’.   With all due respect to Norbart Wiener, and his groundbreaking work in the field of cybernetics, a prefix inspired by the Greek word for ‘steersman or rudder’ has been hijacked by 30 years of speculative fiction, losing its association with the esoteric concepts of ‘control’ and ‘systems’.

For the overwhelming majority of people, ‘cyberspace’ refers to the Internet, and by extension, anything with an IP address.  Cybersecurity essentially applies to the realm of all that is digital, be it an office computer, a personal table, operational technology, or next year’s digital refrigerator. While the term certainly implies the role of Internet connectivity, that distinction is becoming less significant for the inhabitants of an ‘Internet of things’. 

The good news is that we no longer have to be worried about paper.  The self-identified practitioners of ‘Information Security’ have spent the last 20 years grappling with the dilemma of the printed page, and to a lesser degree, with the implications of human memory.  Cybersecurity means freedom from the thankless task of trying to protect information outside of the digital realm.

Computer Security is dead; long live computer security.  I wonder what they will come up with next.

2 Comments »

Category: risk management security     Tags: , ,

2 responses so far ↓

  • 1 Anton Chuvakin   September 13, 2013 at 11:31 am

    Few analysts read analyst blogs, apparently, but here is what I stated on the same subject: http://blogs.gartner.com/anton-chuvakin/2013/03/27/too-late-to-fight-cyber/

  • 2 Jay Heiser   September 13, 2013 at 11:40 am

    I’m strangely comforted to know that I’m not the only one here who feels this way. This is actually my second blog post this year of the same title and topic. It seems to be approaching the linguistic peak of inflated expectations.