Cyber security : The systems and data to be protected

1  1- Two essential concepts

Information systems: all IT resources to process and disseminate information around the world digital. A computer, a phone, a connected watch, a server, the internal network of a school such as the of a company are therefore information systems.

The concept of "information systems" stems from the concept of "information systems security", which is very similar to that of cybersecurity.

Data: all digital information created, processed, stored, saved, but also accessible, shareable and disseminated.

2  2- What to protect

Asking the question of the information systems and data to be protected implies questioning their importance for a given entity or person. For example:

Personal data of an individual (e.g. name, surname, address, phone number, email, private conversations, photos, bank details, etc.) the use of which for malicious purposes or simply through negligence exposes you to many risks: misuse of data for commercial purposes, damage to reputation, fraud or extortion, identity theft, etc.

Information systems and data from companies, universities and communities, which are essential to their functioning and can be sensitive. An attack on the systems and data could be damage to their proper functioning or to the compromise of secrets. At stake, the interruption of all or part of their activity, sometimes losses in turnover, a damage to reputation...

The information systems of public and/or private operators of critical infrastructures, managing facilities that sometimes play a vital role in the functioning of the nation, such as in the energy, transport and telecommunications sectors.

Classified State Information, namely most sensitive information, including disclosure could be injurious to the national security.

3  3- An increasingly complex digital environment

Two trends are now helping to make the digital space more complex to understand, manage and protect:

-         The digital world is increasingly in the cloud!

In the past, protecting a computer network and the computers that exist on it were connected was primarily about securing the front doors and of an organization's output to the Internet, including the information system was most often installed in its premises. With the development remote working, the increasing interconnection of companies (etc.), Digital technology has become a huge interdependent ecosystem of actors, services, equipment. This is particularly rendered possible through the development of cloud computing making many services remotely accessible and allowing Access to data located in multiple locations at the same time on the planet.

-         The multiplication of actors involved in the provision of digital equipment and services

(the supply chain), including many subcontractors, suppliers or integrators, all of whom have a role to play in securing systems and data. Ensuring that everyone assumes their share of responsibility for securing information systems is not always easy! However, each unsecured link in the chain makes it more vulnerable.