Talk:Computer security

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search
Former featured articleComputer security is a former featured article. Please see the links under Article milestones below for its original nomination page (for older articles, check the nomination archive) and why it was removed.
Article milestones
DateProcessResult
January 19, 2004Refreshing brilliant proseKept
October 23, 2004Peer reviewReviewed
March 17, 2006Featured article reviewDemoted
Current status: Former featured article


Article Cleanup[edit]

I am planning on fixing grammar and style issues and cleaning up the article in general. If you disagree with with any of the content removal, please let me know. Thanks.

Requested move 11 December 2017[edit]

The following discussion is an archived discussion of a requested move. Please do not modify it. Subsequent comments should be made in a new section on the talk page. No further edits should be made to this section.

Not moved. There is a clear absence of consensus to move, and a well-stated concern that there is a topic of "computer security" which includes physical security of the hardware, and other forms of security against threats not transmitted via the internet. The proposal to develop Cybersecurity as a separate subtopic article focusing on internet-related security seems reasonable. bd2412 T 18:26, 19 December 2017 (UTC)

Computer securityCybersecurity – "Cybersecurity" or "cyber security" is a much more commonly used name to refer to this field, compared to "computer security". Perhaps 10 years ago, this wasn't the case, but it's different now.

I did a quick survey of the article's references, and the results were: 3 sources (1, 4, 21) used the term "computer security", 18 sources (6, 94, 104, 143, 149, 150, 151, 153, 155, 156, 157, 158, 163, 165, 170, 171, 193, 199) used the term "cyber security", and 16 sources (29, 36, 44, 71, 84, 85, 93, 172, 181, 182, 183, 184, 190, 191, 192, 194, 198) used the term "cybersecurity". 3 more sources also used "cybersecurity" (under "Further reading" section), while 2 more sources also used "computer security" (under "External links" section).

This gives a total of 5 sources using "computer security", 18 sources using "cyber security", and 19 sources using "cybersecurity".

Additionally, several government agencies use the term "cyber security" instead of "computer security", such as the Cyber Security Agency of Singapore, the National Cyber Security Centre of the United Kingdom, the Australian Cyber Security Centre, the National Cyber Security Centre of Ireland, and the National Cybersecurity Center of Excellence of the United States.

Furthermore, a quick search reveals that countless different companies and organisations such as BAE Systems, Oxford University, Coursera, Horangi, Ernst & Young, the Institute of Systems Science, the United States Department of Homeland Security, the University of Maryland University College, and Raytheon, all use the term "cybersecurity" or "cyber security". However, very few use "computer security" instead.

Therefore, I believe it is reasonable to suggest that either "cybersecurity" or "cyber security" would be a much better article title than "computer security", given their much more widespread usage as compared to the latter.

Note: Even if WP:SNOW consensus is reached on moving the page, please don't move this page until consensus is also reached on whether "cybersecurity" or "cyber security" should be used as the new article title. Weslam123 (talk • contrib) 14:20, 11 December 2017 (UTC)

Survey[edit]

Feel free to state your position on the renaming proposal by beginning a new line in this section with *'''Support''' or *'''Oppose''', then sign your comment with ~~~~. Since polling is not a substitute for discussion, please explain your reasons, taking into account Wikipedia's policy on article titles.
  • Support Very reasonable RS argument by the nom.  — Mr. Guye (talk) (contribs)  04:15, 13 December 2017 (UTC)
  • Support Per WP:COMMONNAME. Even the general readership tends to search for "cyber security" more than it does for "computer security", at least on Google that is. -- ChamithN (talk) 04:27, 13 December 2017 (UTC)
  • Support to change article to "cyber security", per ChamithN's link. Weslam123 (talk • contrib) 05:21, 13 December 2017 (UTC)
  • Strong oppose. This is lowest-common-denominator pandering to poor sources. Reliable ones on the topic overwhelmingly use "computer security". It dominates in book sources by a wide margin [1], and "computer security" [2] leads more than 4:1 over "cyber[-]security" [3] in academic materials. This "cyber-this" and "cyber-that" Wired-speak stuff has been on the way out since the late 1990s, and is primarily only still used by journalists and policy wonks who haven't caught on yet that it's not the hip and edgy language they think it is any longer. "Cyber[-]security" is common in news journalism, but Wikipedia is not written in news style as a matter of policy; otherwise every political move would be called a "gambit" or "bid" here, any investigation or inquest would be described by us as a "probe", and everyone accused of shooting someone would be called a "gunman" in our articles. We just do not write in journalese and headlinese here (nor in bureaucratese to the extent this may qualify).  — SMcCandlish ¢ >ʌⱷ҅ʌ<  08:38, 13 December 2017 (UTC)

    Alternative possibility: Split Cyber-security out to a separate article on governmental computer security and counter-"cyberspy" activities, while leaving the overall computer security topic as-is. These really are separate though related subjects.  — SMcCandlish ¢ >ʌⱷ҅ʌ<  08:44, 13 December 2017 (UTC)

  • Oppose - shouldn't cybersecurity redirect to Internet security instead? Computer security was a thing long before the internet became widespread. In the old times, we used to take care not to run programs of unknown provenance from other people's floppy disks to avoid infecting our computers with viruses. Computer security also involves physical security, which is not related to the cyberspace. -Zanhe (talk) 02:37, 14 December 2017 (UTC)
  • Oppose - Cybersecurity is just a buzzword, computer security is the technical term.ZXCVBNM (TALK) 16:14, 14 December 2017 (UTC)
  • Strong opposeCyber is a reference to the Internet – computer security is different from Internet security ("cyber security"). Computer security deals with security of a computer, and not of a computer network (the Internet or other type of computer network). Cyber security should redirect to Internet security. CookieMonster755 𝚨-𝛀 00:01, 15 December 2017 (UTC)
Actually, as explained in the discussion below, Cyber does not explicitly refer to the Internet. I think this confusion is stemming from words such as Cyberspace and Cyber Monday, and most probably because Cybercafé is used as a synonym for Internet café. It's possible that the general reader might get similarly confused if the entire article is moved to Cyber security, which makes me think the "alternative possibility" suggested by SMcCandlish is the way to go. -- ChamithN (talk) 06:11, 15 December 2017 (UTC)
  • Strong support I support using "cybersecurity" (one word). The one-word form has been standard since at least 2013. http://www.infosecisland.com/blogview/23287-Cybersecurity-vs-Cyber-Security-When-Why-and-How-to-Use-the-Term.html Also, when I read articles about information security, I see "cybersecurity" used as frequently as any other term. Zokie (talk) 16:02, 15 December 2017 (UTC)
  • Oppose – Computer security is a wider topic than cybersecurity; the latter deals mostly with network-related security. — JFG talk 11:37, 16 December 2017 (UTC)
  • Oppose. Computer security is a broader topic, and matches the scope of the article perfectly. See also comment below re split. Andrewa (talk) 00:42, 19 December 2017 (UTC)
  • Comment I agree with some form of a page split, though it will take a while for me to determine exactly what split is best. I support "Cybersecurity" as a single, non-hyphenated word. power~enwiki (π, ν) 01:01, 19 December 2017 (UTC)

Discussion[edit]

Any additional comments:

I'd like to add: the decision made for this page should also apply for "Category:Computer security"; so if this page is moved to "cybersecurity" (or "cyber security"), the category should move to the same name as well. Weslam123 (talk • contrib) 14:33, 11 December 2017 (UTC)

Also, I'd like to thank ChamithN for raising a very good point with their link, which clearly shows "cyber security" being greatly more searched for than "cybersecurity", and "cybersecurity" being moderately more searched for than "computer security". I did a bit more searching, and according to this, it turns out that up to as recently as 2014, "computer security" was the more commonly used term, compared to either "cyber security" or "cybersecurity". So the article's original title did have reasonable credibility to it. However, this has no longer been the case since 2015, where "cyber security" has since greatly surpassed "computer security" in volume of search, with "cybersecurity" later surpassing "computer security" as well in 2017. Weslam123 (talk • contrib) 05:19, 13 December 2017 (UTC)
You are welcome. I'm fine with either "cyber security" or "cybersecurity" to be honest. And, going by all these research, I think it's very reasonable to move the article. Probably a snow close by an uninvolved party would be appropriate; just my two cents. -- ChamithN (talk) 05:34, 13 December 2017 (UTC)
I'm not entirely sure if we should do a WP:SNOW close, because even if we all agree to move the article away from the current title, we should also further decide on which title should be used as the new one: "cyber security" (with space), or "cybersecurity" (without space). Judging from our current points, "cyber security" currently seems to be more commonly used and thus more preferable than "cybersecurity". However, I would like to wait longer, for more people to join the discussion or vote on their support, because someone else might later come along and add in another point to the discussion. It might help if everyone who puts in their "support" vote also states which variant of the new title they would prefer. Weslam123 (talk • contrib) 05:57, 13 December 2017 (UTC)
I agree. Also, even if the !voters fail to mention their preferred title out of the two, I guess it's best to use the name that is most commonly used -- "cyber security" in this case -- per WP:COMMONNAME, even though I'm personally fine with either of them like I said above. -- ChamithN (talk) 06:11, 13 December 2017 (UTC)
Yep, I agree with that, sounds good. So if we don't reach a consensus on which variant of spelling to use, then we'll just go with "cyber security", since it's obviously much more commonly used. Weslam123 (talk • contrib) 06:25, 13 December 2017 (UTC)

SMcCandlish, you make a very good argument. However, you're missing the point here. Like I said, the term "computer security" may have had commonplace usage in the past, but that does not mean it has commonplace usage in this current time. Your first link, to book sources, does have merit to it. However, it's severely oudated; the search results are only between 1990 and 2008. A lot can happen in the span of a decade, and the internet has found greatly increased widespread usage in that time period. For example, 10 years ago, few people would probably consider "app" as a word. However, it's now considered to be a proper word, having a different meaning to it's origin word, "application". And this change was brought around through common usage, by common people. So perhaps 10 years ago, the word "app" may have just been seen as a short form of "application", but nowadays, it has a separate meaning of its own.

Likewise, of course "computer security" is going to have more search results in academic materials: that's because "computer security" is a term that has been around for a significantly longer time than "cyber security" or "cybersecurity". But, like I said, word usage can change, and nowadays, "computer security" is very rarely used. As I've given in my examples of government agencies, as well as companies and organisations, they all use "cyber security" or "cybersecurity". If you can find a government agency that's named "Computer Security Agency", or something similar, do let me know. A simple Google search of "cyber security" gives 85,600,000 results, while "cybersecurity" adds another 31,400,000 results to that. In comparison, "computer security" yields only 32,600,000 hits. You're absolutely free to scroll through the first few pages of each search result, and count for yourself how many companies, organisations, and agencies use each term.

If you had made this argument 10, even 5, years ago, you'd be right. But you can't deny that terms used can change over time. Especially with much greater and widespread usage of the internet in the past decade, I think it might be safe to say that the "cyber-" prefix (meaning internet-related stuff) will have more meaning than the "computer-" prefix (meaning... computer), because nowadays if you want to hack someone's stuff, you're probably gonna do it over the internet, instead of stealing the physical computer from their home.

And as Mr. Guye agrees, basing the article title based off its sources isn't a bad thing to do; in fact, I think it might be the ideal option. If your sources tell you that "cyber security" is more commonly used than "computer security", then you name your article as "cyber security". Likewise, if your sources tell you that "computer security" is more commonly used than "cyber security", then you name your article as "computer security". If you feel that the article has "poor sources", and "Reliable ones on the topic overwhelmingly use "computer security"", then you're absolutely free to add in your reliable sources into the article. If you feel that the article doesn't have good sources, you feel that other sources are better, you can always just add your preferred sources into the article, instead of complaining.

Finally, as ChamithN pointed out, we should probably name the article based on common usage, as per WP:COMMONNAME. So if people use "cyber security" more, you name the article as "cyber security". An apple might be scientifically known as "Malus pumila", but nobody uses that term; everyone just calls that fruit an "apple". So therefore, the article is titled as "apple".

If you wish to insist that "cyber security" is just some word made up by journalists to sound impressive, then sure. But if that's so, why is it that government agencies, companies, and organisations all almost entirely use "cyber security", instead of "computer security"? Weslam123 (talk • contrib) 10:23, 13 December 2017 (UTC)

I too think SMcCandlish made some excellent points, which makes me ashamed of even suggesting a snow close. While I too share the same concerns over the search results being outdated, I feel like I also need to address Weslam123's comment about my earlier point regarding WP:COMMONNAME. Actually, WP:COMMONNAME also says the common name should be determined by its prevalence in a significant majority of independent, reliable English-language sources. So, in the end, books and other academic material must take precedent over a Google Trends query when it comes to determining the most commonly used term. (Apologies to you Weslam123, If I caused any confusion.) But, If we were to go by SMcCandlish's argument that "this is lowest-common-denominator pandering to poor sources", the issue then arises is that the article itself is "pandering to poor sources" as only 5 sources cited in the article were using the term "computer security" as opposed to 18 using "cyber security" and 19 using "cybersecurity". -- ChamithN (talk) 10:42, 13 December 2017 (UTC)
No worries, nothing to apologise for; I did understand exactly what you mean. I suppose I may not have explained myself very clearly; my apologies. The sources that I'm relying on to support my argument are the article's own citations, the use of "cyber security" in the names of government agencies, and the greater prevalence of "cyber security" in terms of usage by (usually big and reputable) companies and organisations. All examples are listed above, and anyone is free to look for more. SMcCandlish's sources are three Google searches; one that's a trend graph which is 10 years outdated, the other two which are just academic article searches; nothing about the credibility or reliability of those academic articles themselves in the searches. Besides, a quick scroll through the first few pages of both academic article searches shows that a great many are quite outdated, some even going back to the 1990s.
My point is: SMcCandlish wouldn't be wrong here... if he was making his argument 5 or 10 years ago. But things are different now, and "cyber security" is clearly much more used, both in common usage and academic usage. If SMcCandlish really insists that the article's sources are poor and unreliable, he's absolutely free to add any new ones which he feels are better. But for me, there's really not much more "reliable" that you can get than a government agency. And that in five different countries, as well. Weslam123 (talk • contrib) 10:57, 13 December 2017 (UTC)
To reply to several at once: An article's title is not determined by what RS have already been cited in the article, which is often just whatever a single editor got around to in one editing session; it's based on a review of RS usage generally. There's no questions that many politicians and journalists love "cyber[-]security" because they think it sounds cool, and they're dorks, but it's not taken seriously by people who actually do and define computer security work. By way of similar example, heart attack redirects to myocardial infarction not vice versa, despite the former being more common. WP:COMMONNAME is not one of the WP:CRITERIA at all; it's the default suggestion to test against the criteria to see if it satisfies them, and in various cases we do not use the most common name but something more precise, or recognizable, or concise, or natural, or consistent. "Computer security" has going for it all of these except concision (though real conciseness doesn't just mean "fewer characters" but "quicker understanding", so it might win anyway). "Cyber-security" has more than one meaning (thus the split I suggested), is jargon [mis-appropriate and distorted from the original meaning of cyber- in cybernetics], is a neologism and not natural English, and is inconsistent with our other articles on computing and computer science and the internet and telecommunications and so on (with few "cyber-" exceptions, like one I'll get to shortly).

As the main author of WP:Specialized-style fallacy, I'm of course mindful of the problem of over-depending on technical, insider language. But "computer security" is not technical insider language, despite being favored by the actual technical insiders as well as by people who don't think cyber- is still nifty. "Computer security" is just normal English. It's "cyber[-]security" that's the weird one out; it's become technology-policy lingo for, more or less, "what the government and its contractors are doing about computer security within the spheres of governmental and commercial infrastructure, especially with regard to widescale system cracking and disruption attacks, industrial espionage, and traditional espionage through computers and other gadgets and stuff". It's the flip side of "cyber[-]war[fare]". We're probably stuck with that term in it's various permutations, but "cyber[-]security" should either be a redir to this article as it is now, or a WP:SPINOFF about the actual current usual scope of the term.

PS: yes, it should by hyphenated or fully compounded; cyber- is a prefix, not a word, and "cyber security" is just poor English by people who forgot to use a dictionary. There's slang stand-alone verb [to] cyber (from the noun cyber-sex), and it means 'to masturbate while chatting or camming online'. That's definitely not what is meant here, or in cyber[-]war[fare]!

PPS: Government agencies are unreliable on a great many things, especially when it comes to security matters (they often have a mandate to lie, directly or by omission, about them for national security reasons) and on language usage, because they have their own internal bureaucratese lingo that even has its own style guides (e.g. The GPO Style Manual) which sharply diverge from normal English on many points. But I wasn't making any kind of point about the "cyber[-]security" sources that happen to be in this article, anyway; for all I know they're amazingly fantastic works. What I see in broad usage is that journos and politicians use the silly term, and people who actually know a computer and its security from their elbow do not [except in a technology-policy context like national security and industrial espionage, and they often don't use it then, either].
 — SMcCandlish ¢ >ʌⱷ҅ʌ<  13:58, 13 December 2017 (UTC); [revised slightly, 07:25, 14 December 2017 (UTC)]

You make good points about the heart attacks, government agencies (though I would avoid labelling every single country's government as "having a mandate to lie" just because yours does), and grammar in the English language (not actually related to the discussion). However, you're constantly bringing up the argument that "cyber security" (or whatever variation you prefer) is an improper term, because politicians and journalists who you claim to be "dorks" are just trying to sound intellectual. Might you be able to explain, then, why is it that just about every single university and company involved in IT or related fields uses the term "cyber security" or "cybersecurity", instead of "computer security"? I somehow highly doubt that all of these people and organisations, who are experts in this specific field, are all wrong in their usage of the term "cyber security". You're free to take a quick search and check how many times the term "computer security" is used by any university or company or whatever organisation that does IT-related things. Weslam123 (talk • contrib) 15:03, 13 December 2017 (UTC)
I didn't say anything about "intellectual", and the RS search results (especially the Google Scholar stack) disproves that "all" and "every single" university-baed or other writer in IT and related fields uses the "cyber-" wonkisms. It's just common when the writing writing about technology policy rather than about actual computer science. PS: I would agree that some place like, say, Kiribati probably doesn't have a huge national security apparatus, but large and developed nations universally do or they'd already be someone else's territory. They all have some kind of national secrets act, jealously guarded security measures, national police forces that keep sensitive facts from the public, intelligence and counterintelligence agents, information classification levels and security clearances, etc., etc. I.e., a mandate to withhold real information and output disinformation, in one quantity or another and for various purposes.  — SMcCandlish ¢ >ʌⱷ҅ʌ<  07:18, 14 December 2017 (UTC)
And you haven't answered my question yet. If "cyber security" really is just some form of "journalese" made-up term that was created be "dorks" just to sound impressive (as you've described), why is it that just about every single (often reputable) university, company, and other organisations, uses "cyber security" instead of "computer security"? I'm somehow rather doubtful that your Google search result consisting largely of 10 and 20 year old articles is more reliable than countless internationally-renown schools and businesses, who are experts in this specific field. I know you have knowledge of IT and computers, but that doesn't instantly mean that a single person's (you) opinion is immediately the truth. As for governments, I think just about everyone knows that state secrets exist in every single country, but as I've said, I would avoid generalising every single country's government as being full of liars, just because you may feel that yours is and has a specific document that you mentioned for "bureaucratese". With perhaps the exception of your own country, I think in general, government agencies are named after the agency's purpose. So a ministry of education deals with education, a ministry of agriculture deals with agriculture, and (shocker) a ministry/agency/department of cyber security, deals with... guess what? Cyber security. Also considering that the ministry would be full of professionals who are experts in dealing with this specific field, I think they would know better than you, me, or anyone else here (unless anyone else here also happens to be a cybersecurity expert). As for your Google search, I never claimed to say that every single reliable source about computers and IT in existence uses "cyber security". However, most recent sources do; because like it or not, words and terminology change over time, and maybe a decade or two ago, "computer security" would definitely have been the proper term to describe this field, but not anymore. And like I said, in your search, those are articles that are largely 10 to 20 years old, and a lot has changed since then. Not exactly the most up to date and reliable sources to base your arguments from. Weslam123 (talk • contrib) 11:16, 14 December 2017 (UTC)
I directly addressed that at 07:18, 14 December 2017 (UTC), and it was the second time I did so. Pleases top playing WP:ICANTHEARYOU, straw man, and "proof by assertion" games. Lengthily re-re-re-stating the same argument after it's already been addressed is a waste of all our time. You're just being pissy because I said critical things about technology policy wonks. (I'm allowed to – I used to be one; now I'm a professional systems and network administrator, and I really clearly understand the difference, at the decades-of-professional-experience level.)  — SMcCandlish ¢ >ʌⱷ҅ʌ<  06:54, 18 December 2017 (UTC)
I'd appreciate it if you kept off the ad hominem and false accusations. I've said before; your sources are decades old, and not exactly entirely reliable anymore, because things have changed since. I'm also disinclined to believe you when you say that every single government/company/university/et cetera are "journalese dorks" who use improper terms for the fun of it, and that your online search of a bunch of old articles is more reliable. I'd also keep off your argument from authority; sure, you're someone with knowledge of computers, and that does make your opinion relevant. But so are lots of other people who have knowledge of computers, and guess what: they disagree with you, and very clearly use "cyber security" as the proper term instead. One man's opinion isn't law, you know. Weslam123 (talk • contrib) 07:13, 18 December 2017 (UTC)

To add something else, because both SMcCandlish and Zanhe have made pretty good points: if you guys are unhappy about this article move, because you feel that "computer security" and "cyber security" aren't the same thing, we can always move the article to cyber security first (because this article seems to cover both internet-related and non-internet-related stuff together), and then any content that's "offline" (not related to internet stuff) can always be moved out of this article to a new article. So we'll end up with this article talking about "cyber security" (internet-related security), while we can move some of the non-internet-related stuff to another article and call that one "computer security" (non-internet-related security) or something. Keep in mind, like I said: maybe in the 1990s or 2000s, "computer security" was a more often used term to describe this field, maybe because the internet was less widespread, but nowadays, most people use "cyber security", as I've explained above. The article's contents also mostly talk about internet-related securities and stuff, so I don't think it's as logical to move all the interet-related content out of this article to a separate one. It would seem to me that both Internet security and "computer security" are both branches of the main "cyber security" field. What do you guys think? Weslam123 (talk • contrib) 05:47, 14 December 2017 (UTC)

But this isn't about Internet versus non-Internet, it's a usage distinction that largely divides along lines of a) policy about computer science in a regulatory context ("cyber[-]security"), and actual computer science ("computer security"). The "cyber-" prefix – even aside from its original meaning in science – doesn't refer to "Internet" but to "computers"; that most of them are networked today is incidental not integral to what the prefix ends up being used to refer to in 2017, and the vast majority of computer security issues are obviated when a machine is not networked. So, the Internet is intimately related to both the technical subject of computer security and the socio-political/regulatory subject of cybersecurity (or cyber-security, whatever).  — SMcCandlish ¢ >ʌⱷ҅ʌ<  07:18, 14 December 2017 (UTC)
I don't think you understand what I'm saying here, we're not talking about specific English linguistics or word origins. Zanhe's argument (correct me if I'm wrong) is that "computer security" and "cyber security" are different things; "computer security" being much older than "cyber security", and "cyber security" being more related to internet stuff than computer stuff. Therefore, he suggested that "cyber security" redirects to "internet security" instead. And my proposal, in turn, was to ask if we could rename this article to "cyber security", and move anything that's considered as "computer security" to a new article (since a majority of the existing content in this article talks about internet-related stuff). So we'd end up with this existing article being renamed to "cyber security", with its contents talking about internet-related security (as you've said yourself, most issues are gone if a computer isn't networked), while the not-so-much-internet-related content (don't download suspicious programmes on a floppy disk, and the physical security of a computer, and anything else Zanhe feels isn't internet-related) gets moved to a new article called "computer security". Weslam123 (talk • contrib) 11:26, 14 December 2017 (UTC)
Oh, I totally agree they're different topics. Cyber-security is a subset of computer security. It's CS filtered through a layer of technology-and-infrastructure public policy. Why on earth would we rename the general article on computer security to the name of a subtopic of it, then move the overall-topic information out of its own article? That's completely backwards from how WP:SUMMARY and WP:SPLIT work. See also WP:COATRACK. Just You and several others here are making an argument that boils down to "news reportage is more about cyber-security, thus it must be more important, thus the article should move even if it doesn't match the scope, and after the fact we should change the scope to match what journalists want to write about more."

We just don't do that. We have a standard operating procedure for cases like this. If cyber-security, a politicized subtopic of the computer-science topic of community security, has become a notable enough thing on its own (and it very clearly has), then we WP:SPINOFF a new article about it, any time that just having a section on it in the main article would be too long or if it would unbalance the material in the general-topic article to be overwhelmingly about the subtopic (both of which would clearly happen in this case.
 — SMcCandlish ¢ >ʌⱷ҅ʌ<  07:05, 18 December 2017 (UTC)

Alright, the seven day period is up and we haven't been able to reach a consensus yet, so I'm going to ask if everyone can get together and see if we're able to reach some sort of agreement. Otherwise, I think I'll just start WP:RFC to see if we can get more people to join the discussion. Mr. Guye, ChamithN, SMcCandlish, Zanhe, ZXCVBNM, CookieMonster755, Zokie, and JFG, any comments? Weslam123 (talk • contrib) 05:46, 18 December 2017 (UTC)

Well, there's obviously no consensus for the proposal, with about equal weight of supporters and opposers. I suppose that an RfC phrased along the same lines would yield the same results. By default, the article stays at the status quo title, but perhaps a more detailed explanation can go in the lede prose. — JFG talk 05:50, 18 December 2017 (UTC)
I actually meant something like "have you guys got anything to add to the discussion" sort of thing, so we can talk with each other, make sure to properly understand each others' stances, and figure out an agreement or compromise. Weslam123 (talk • contrib) 05:53, 18 December 2017 (UTC)
There's only one party to the discussion who seems not to understand some of the others' stances properly.  — SMcCandlish ¢ >ʌⱷ҅ʌ<  07:56, 18 December 2017 (UTC)
As of now, my stance is that we should go along with the alternative possibility proposed by SMcCandlish; as otherwise, by moving the article to "cyber security"/"cyber-security"/"cybersecurity" -- to which I initially agreed to -- we will just be creating unnecessary confusion for readers. I wouldn't be surprised if readers who think "Cyber" means the Internet and the Internet alone start questioning why we have two articles for Internet security. That is if the move goes through. -- ChamithN (talk) 06:12, 18 December 2017 (UTC)
Yeah, that could cause a real comprehension problem. A lot of cyber-security stuff has to do with, e.g., the electronic funds transfer system and other networks that aren't really part of the Internet (though there are of course limited gateways, e.g. you can put money in a PayPal account through EFT, but it's via a highly firewalled chain of processes). Another example is that cybersecurity includes a wide variety of sigint, electronic security systems that are in-building only, and various other matters that don't relate to the Internet generally, but still depend on general computer security principles. E.g., most of the systems that run these things are Unix/Linux-based, thus *n*x security matters affect them, even if it requires social engineering and other "meatspace" espionage techniques to get at them.

That component is one of the things that makes cybersecurity a clearly distinct topic. Computer security in and of itself (i.e. as a science, a philosophy, a study, a bunch of code, a testing methodology, a series of best practices, etc., etc., in the generalized abstract) has no particular connection to the intelligence/counterintelligence world, while cybersecurity is intimately bound up with it. To an extent, "cybersecurity" is where espionage and computer security intersect (both at the NatSec/infrastructure level and the economic one, where the industrial espionage, financial systems, etc. concerns live).
 — SMcCandlish ¢ >ʌⱷ҅ʌ<  07:56, 18 December 2017 (UTC)

I completely don't understand what SMcCandlish's proposal is supposed to mean. How is "government computer security" supposed to be different from "normal" computer security? This discussion was never supposed to be about the article's contents itself, since the article establishes that "computer security" and "cyber security" refer to pretty much the same thing, as the lead section explains. All I'm asking is that the article title gets moved to "cyber security"/"cyber-security"/"cybersecurity", since "cyber security" is the term used more often by professionals (see my example of governments/companies/universities above) and common people (the Google Trends result above). I don't know why people are bringing up random arguments about linguistics and "journalese dorks", and those arguments are also starting to feel like strawman fallacies. If someone doesn't understand my argument, they can always ask me to clarify my points, before starting to aggressively spit out criticisms of "lowest-common-denominator pandering to poor sources" and starting to talk about things that aren't at all related to the discussion. It's honestly fairly irritating. Besides, if there's any confusion about "cyber security"/"Internet security", we can always put in short explanations in the lead section to differentiate them. Weslam123 (talk • contrib) 07:04, 18 December 2017 (UTC)
I was not referring to the SMcCandlish's points regarding the linguistics or journalese, but rather the proposal to split out the governmental "cyberspy" activity into another article called "Cyber security", assuming that's what most reliable sources refer to when they say "cyber security". Not because "government computer security" supposed to be different from "normal" computer security (In fact, they are related), but because a separate article regarding the "governmental computer security" could serve as a "{{see also}}" article/supplement. However, looking at it from your perspective, I see now that it'd only mislead people further into believing that "cyber security" and "computer security" are two different things. Instead, putting a short explanation in the lead to differentiate "Cyber security" from "Internet security", like you said, might be a good compromise. Yes, I think you were right about the discussion getting sidetracked, for which I'm equally guilty. An RFC might help get it back on track. -- ChamithN (talk) 07:49, 18 December 2017 (UTC)
(edit conflict) Weslam123, see in particular WP:Don't bludgeon the process § No one is obligated to satisfy you. The rest of the participants appear to not be having this difficulty, though they're not all in agreement about everything. To try one last time: You're dwelling on term frequency when this is about scope, about confusion of a subtopic with its main topic. You're treating the terms as synonymous and they demonstrably are not. By way of analogy, it doesn't matter if the trees most frequently written about are pine trees and are called "pines"; we do not change the name of the Tree article to "Pine tree" and then start rewriting it to be all about pines, and sweep non-pine, general tree into off to some other page or just get rid of it all. If you still don't understand the issue, then please just move on. Your personal and buy-in is not needed at every page.

ChamithN, it's more about public policy, impact, infrastructure, politics, regulatory frameworks, etc; "cyberspy" stuff is a small component of it. What all these thing have in common is that they aren't computer science, even in the applied sense.
 — SMcCandlish ¢ >ʌⱷ҅ʌ<  07:59, 18 December 2017 (UTC)

JFG, I agree an RfC could work (this is no longer an RM matter but a scope discussion). But isn't it simpler to just create a page at Cybersecurity (or Cyber-security, with redirects from Cyber security and Cyber Security and CyberSecurity, just in case), and start applying WP:SUMMARY style to it? No one needs "permission" to apply our guidelines and processes. I have no objection to an RfC other than I think it will be a "why are we still talking about this instead of working on it?" thing. Toward that end, I'll start outlining some split ideas below.  — SMcCandlish ¢ >ʌⱷ҅ʌ<  07:56, 18 December 2017 (UTC)
Agree. Very well put. Andrewa (talk) 00:42, 19 December 2017 (UTC)
Hi. I personally prefer the single non-hyphenated word "cybersecurity", but I have to check with RS and other indicators.  — Mr. Guye (talk) (contribs)  15:18, 18 December 2017 (UTC)
The above discussion is preserved as an archive of a requested move. Please do not modify it. Subsequent comments should be made in a new section on this talk page. No further edits should be made to this section.

24.231.148.135 (talk) 01:13, 9 March 2018 (UTC)== Some initial ideas on a split and an overhaul ==

I would think the place to start would be the large "Systems at risk" section. This where a large chunk of the material segues from technical to social/policy/public-impact material. That whole section, and "Impact of security breaches" immediately after it, could be the reduced to short WP:SUMMARY paragraphs in this article but retained in full glory as some of the core material at Cybersecurity. There's an elephant missing from the room, to mix a metaphor: the tiny "government" subsection is badly underdeveloped, given that the likelihood of Russian tampering in the most recent US presidential election is a massive international "extended incident" that is still unfolding with potentially serious global consequences. (Some would consider the loose cannon in the White House to already be serious global consequences, but I digress).

Cybersecurity will also need most of the material on the legal/regulatory frameworks, and so on. We have a lot of that in "Legal issues and global regulation" (though not all legal issues are cybersecurity matters – we should be careful here, and avoid anachronism in particular, e.g. the Morris worm pre-dates any notion of "cybersecurity", and various legal issues have to do with privacy, civil torts for damages, and so on). "Role of government" is obviously next, then the bulk of the "International actions" and "National actions" materials. "Modern warfare", too.

The "Job market" section is basically sloppy original research (specifically WP:SYNTH conflating different sources talking about different things to reach a novel, mixed-together conclusion). It's badly confusing professional computer security work in general (both a component and focus of modern sysadmin work, and a specialization one can now get professional certifications in), with "cybersecurity" work which is primarily a government, institutional, and "big data" careeer, a line of work that has more to do with infrastructural and organizational policy than coding. They're both distinct from data forensics and various other specializations used frequently in "cyberspying" and "cyberwarfare". Superficial journalism is apt to commingle all of these things imprecisely; we have use such source more carefully, and use better sources.

Much of the rest of this is general computer security information – mostly computer science technical material and systems design-philosophy stuff. This includes the sections "Vulnerabilities and attacks" for the most part,

"Information security culture": a lot to cover here. It is at least half a general computer-security topic, but the material we have right now is pretty much all institutional cybersecurity stuff, so it should move. The spinoff article actually needs more in-depth material than this, too. The governmental cybersecurity culture (centered in the US on the "DC metroplex", and composed of both actual govt. employees and a whole microcosm of "Beltway bandit" contractors, much of the work of whom requires a security clearance) is quite distinct from that of the major-corporation world, which is diffuse geographically but institutionalized a system of certifications (I've been through some of this training, and can attest that much of it's infrastructural and organizational in addition to technical – there's a thick management-and-policy layer to it).

However, for the Computer security article, we'll need a similar section with new material in it, since neither the government or commercial infosec "cultures" (a misuse of that word) are closely related to either hacker subculture (i.e. what produced Linux and most of modern computer security as an applied matter) and academic computer science (which provided the foundation on which that work was possible, and also did the really hard part like making encryption that's reliable, which is far more difficult that most people realize). A lengthy aside: The fact that there's a sharp divide between the hacker world (including white-hat hackers who made the Internet as we know it happen, not just black-hat system crackers, scriptkiddies, the darknet, etc.) and the tech-savvy sides that can be found in the government and institutional worlds is very well-documented since the mid-1990s in secondary works by Stephen Levy, Bruce Sterling (in his non-fiction) and many others. These spheres have been interfacing warily with each other at events like DefCon and places like MIT for decades, but a sharp socio-politico-cultural divide between them remains, similar to that between the DIY computer culture that launched Silicon Valley and still fuels tech startups all over the world, and the "big data and brogrammers" world that dominates Silicon Valley, Redmond, the DC Metroplex, etc., today.

"Attacker motivation" is another big subtopic, but all we have is a paltry {{sect-stub}}. Material on this needs better development at both articles in different ways, in summary form at the main one, and in detailed sections for some attacker types at the cybersecurity article. The latter should cover in detail at least the following: financial motivations (from attacks on the financial system to ransomware); foreign-policy-related ones (espionage and cyberwarfare (on which we have an entire article to just summarize and link to with {{Main}}); organized crime ones (increased gang and mob use of technology, domestic terrorism, yadda yadda); corporation-versus-corporation ones (trade secrets and industrial espionage, which are also often tied to national interests, e.g. steal pre-patent biochem research from a company in another country); anti-authoritarianism ones (Anonymous, Snowden, Wikileaks, sousveillance, cryptoancharcism, etc.); and – from the other direction – authoritarian ones (police abuse of surveillance authority, the Great Firewall, NSA mass-snooping on national and intl. civilian communications, ECHELON and the EU's reaction to it, pressure on Apple to back-door the iPhone – there's lots of stuff going on in the "cyber-insecurity" sector, much of which goes back to the 1990s, e.g. the Clipper Chip, CALEA, the Bernstein case, and other government efforts to thwart civilian communications security).

On that last bit, it is a PoV problem to rule out governmental forces as "attackers"; they not only attack each other's security, they often attack that of their own populations. That said, the bulk of the cybersecurity material is going to be from the perspective of the governmental position being the "mainstream" one. This is another of the ways in which "computer security" and "cybersecurity" are absolutely distinct topics. Computer security in general is neutral and agnostic when it comes to who the attacker is: that's anyone trying to get in who is not the system owner/controller and parties authorized by them. Period. Many computer security solutions have been rolled out, from PGP onward, with the specific intent of thwarting bad-acting governments. EFF, where I worked for a decade or so, was founded on such concerns, and CRF, whose CCO I was after that, was entirely focused on producing communications security solutions for human rights workers, war-zone journalists, and others (i.e., the entire threat model was bad-acting governments and wanna-be governments).

Moving on: "Notable attacks and breaches" is probably all Computer security not Cybersecurity material. The latter would be more like infrastructural things – affecting elections, cyberwarfare targeting of power grids and financial systems, attempts to breach governmental computer systems for organized not just "curious teenage hacker" purposes, and so on. Many of these are more theoretical "arms race" matters than incident reports, though there have been some, despite both government and major institutions being reticent about breaches (for reasons we call "WP:BEANS" over here in WP land).

The "Terminology" section is Computer security not Cybersecurity material, though a short glossary could be worked over there, of terms of art that are unique to information technology policy materials. The terminology section we have now should actually be worked up into a glossary article, if we don't already have one in Category:Glossaries of computers. If this is done smartly, as a template-structed glossary, we can use a template to link to terms from any article, obviating the need to redundantly define terms (in-situ or in a terms section) in both articles. (Summary: it works by creating a topical Template:Glossary link wrapper, like {{cuegloss}} for Glossary of cue sports terms, e.g. a {{csgloss}} in this case. We could do something like "{{csgloss|Endpoint security}} verification can mitigate a {{csgloss|CoT}} failure and ..." without having to keep putting in "[[Glossary of computer science terms

Posted by at

No comments:

Post a Comment