Abstract
Ph.D. (Informatics)
Subject to much focus and research, Information Security was initially deemed to be sufficient,
and standards such as ISO 27001 and ISO 27002 were introduced to help organizations
ensure that they did their utmost best to protect their information and electronic assets.
However, with concepts such as “Cloud Computing” and “The Internet of Things”, Information
Security has become a subject of much debate.
While some professionals and academics have argued that we are still in the era of Information
Security, others have stated that we have entered a period of “Cybersecurity”. This new term
– Cybersecurity – has in turn caused much confusion, with some claiming that it is
indistinguishable from Information Security, and others arguing that it is a completely different
concept.
Bodies such as ISO have recognised this uncertainly, as they have thus conducted their own
research. Based on such research, they have created ISO 27032:2013, a standard that
directly addresses Cybersecurity.
In the ISO 27032:2013 standard, and from research done for this PhD, it has become clear
that even though Cybersecurity is contained within Information Security, there is a significant
difference between Information Security and Cybersecurity, as the latter has to do with the
Internet and the wide connectivity that it has introduced. As such, the difference between these
two terms lies in the concept of the Internet.
Owing to the evolution of technology, there are now numerous devices that can communicate
with one another. There are smart cars, home appliances and even bio-medical devices that
are connected to the Internet. Organizations also now increasingly enable and allow more
devices to be connected to their internet.
This situation has introduced vulnerabilities, threats and risks that the information security era
did not have to face. Some vulnerabilities, threats and risks from the Internet Security era have
evolved as well – all owing to the expanded Internet.
Even though various CEOs and their Executive Teams have realised these dangers, they are
struggling to find tools to assist them in catering for this new “Cybersecurity” era. Indeed,
although there are vast amounts of tools available for information security, only a few tools...