Grasping cybersecurity

Abstract

For most people, cybersecurity is a hard to grasp notion. Traditionally, cybersecurity has been considered as a technical challenge and still many specialists view it equivalent with information security, with the notions of confidentiality, integrity and availability as starting points of thinking. And although others searched for a broader perspective, the complexity and ambiguity of the notion still thwarts a common understanding. While developing and executing a MSc cybersecurity program for professionals, the lack of a common understanding of what cybersecurity entails was again observed. Stimulated by this, we started to look for and define a new, transdisciplinary conceptualization of cybersecurity that everyone can agree upon. It resulted in two scientific papers published. This paper describes the outcomes of the continuation of our research journey. It turned out that the earlier introduced description of two key notions, namely that of cyberspace and that of cybersecurity, can still be considered as adequate starting points. Here, we describe a set of additional mental models that elaborates them and provides more detail to the meaning of the two key notions. In practice, it turned out that the additional mental models strongly support the description and analysis of existing and upcoming cybersecurity challenges and helps to understand how everybody, in his or her various roles, can or should contribute to reducing the related cyber risks to adequate levels. We further discovered that for certain cybersecurity challenges, especially those related to efficient cyber risk mitigation, we could not yet identify an adequate sub-set of mental models. This defines the agenda for near future cybersecurity research.