New Report Offers Better Cybersecurity Definitions
Trip Wire - The State of Security
The Council of Economic Advisers recently released a report that examines the cost of malicious cyber activity to the U.S. economy. The report cites many of the usual findings from the Verizon DBIR and Ponemon reports. Nothing new to those of us who live and breathe cybersecurity. However, the report caught my eye because it offers some very insightful definitions that may help the infosec community.
According to the report, there is still no common lexicon for categorizing malicious cyber activities. The report does not seek to solve that problem, but the authors may have unintentionally assisted in moving us closer to a common lexicon.
The report cites the NIST definition of a cybersecurity incident as a violation of an explicit or implied security policy. The report authors go on to distinguish the difference between successful attacks, specifically cyberattack and data breach: