The Cyber Security Discipline

The Government of Canada defines cyber security as “the protection of digital information and the infrastructure on which it resides [3]”. Cyber security is predominately a computer-based discipline involving technology, people, information, and processes to enable assured operations that protect the confidentiality, integrity and availability of information from deliberate or accidental cyber security threats [2].

Five primary computer-based disciplines are recognized as the foundation of cyber security:

  • Computer Engineering
  • Computer Science
  • Information Systems
  • Information Technology
  • Software Engineering

As a discipline, cyber security has become essential with the evolution of information and communication technology (ICT). Technological advancements have altered the way people communicate and exchange information electronically, raising challenges to the security of that information. The growing threat of cyber attacks has made governments and industries more aware of the need to protect and defend critical systems. Despite its small market size, Canada was the third most exposed country to possible cyber-attacks in 2018 [4]. As a result of society’s increasing dependence on computer networks and systems, it is no surprise that cyber security is growing as a recognizable discipline with a breadth and depth of content that encompasses multiple fields in the computing ecosystem.

Although only a subset of businesses participates directly in the ICT industry by producing or selling ICT solutions that protect against cyber threats, or by building or operating IT infrastructure, in effect every business uses ICT to deliver its own goods and services to the marketplace and contributes its own experience and innovation to the ICT industry. Canada’s industries involve multiple types of relationships that often overlap but are supported by technological solutions that communicate with each other as a network. Cyber security, as a result, becomes more pertinent in protecting the corresponding computer systems in Canada’s industries. Such industries include Canada’s top ten critical infrastructures:

  • Health – a prime target for cyber-attacks as the industry holds a large amount of sensitive information (e.g., electronic records and patient information) and encompasses medical implant devices such as pacemakers that are exploitable;
  • Food – an industry vulnerable to growing threats of cyber-attacks to food production and safety, environmental damage, and financial loss;
  • Finance – an ideal target for cyber-attacks as the industry maintains valuable information (e.g., client identities, bank account information, financial assets, and intellectual property);
  • Water – an industry vulnerable to growing threats of cyber-attacks to efficient renewable water supply. wastewater collection, and treatment facilities;
  • Information and Communication Technology – a prime target for cyber-attacks as the industry maintains an excessive amount of sensitive information (e.g., online retail transactions, email messages, web-browsing activity, social media platforms, and user private information);
  • Safety – an industry vulnerable to growing threats of cyber-attacks to emergency response teams, law enforcement, call-center communications-management software, closed-circuit TV camera systems, interactive voice response systems, and emergency alert;
  • Energy and utilities – an ideal target for cyber-attacks on industrial control systems (ICS) and supervisory control and data acquisition (SCADA) programs to access large amounts of data, and to cause physical damage to network infrastructure;
  • Manufacturing – an industry increasingly vulnerable to supply chain attacks that can have an impact on the production and distribution of goods and services. Manufacturing disruptions and can lead to defective products, production downtime, physical damage and threaten lives;
  • Government – a prime target for cyber-attacks on government entities at the federal, provincial/territorial, and municipal levels, and more recently on democratic institutions, to access excessive amounts of private and sensitive information (e.g., personal information, income tax returns, and government records); and
  • Transportation – an industry increasingly vulnerable to cyber-attacks to freight and passenger rail, civil and freight aviation systems, and ground transportation. As well, the transportation industry hold sensitive and valuable information such as birth dates, and passport numbers.

Highlighting the growing cyber security field is, therefore, important to meet the demand for professionals across a range of work roles to assure the security of Canadian computing networks and systems [5].

2.1 Cyber Security: An Interdisciplinary Field

While cyber security is predominately a computer-based discipline, with the majority of education and training programs technically oriented, the field has evolved to become interdisciplinary and includes aspects of business, law, policy, human factors, ethics, and risk management [2]. Cyber security not only includes technical issues but also non-technical, and more importantly, business concerns faced by governments and industries. Organizations increasingly need professionals who posses the skills to manage information security policies, procedures, and practices as well as managerial and communications skills [5]. Figure 1 illustrates the nexus between the technical and business dimensions of cyber security, which together, are critical for developing an organizational culture that will rapidly identify and counter deliberate or accidental cyber security threats.

Figure 1: Structure of Cyber Security Discipline

Figure 1: 	Structure of Cyber Security Discipline

Figure 3 - Description

At the top of the figure there is a quadrilateral rectangular box containing 6 ovals each containing one of the following labels:

  • Ethics
  • Business Administration
  • Human Factors
  • Law
  • Policy
  • Risk Management

Below the quadrilateral rectangular box, there is an arrow pointing to a rectangle with rounded corners containing the words: Cyber Security (A computer-based, interdisciplinary field)

Below the rectangle, there are 5 smaller rectangles with rounded corners each containing one of the following labels:

  • Computer Engineering
  • Computer Science
  • Information Systems
  • Information Technology
  • Software Engineering

Each of the 5 smaller rectangles has an arrow above it pointing to the rectangle with rounded corners containing the words: Cyber Security (A computer-based, interdisciplinary field).

Cyber security as an identifiable discipline is still developing. Driven by workforce demands, several academic institutions have introduced educational programs or courses of study within existing programs. As such, academic programs in cyber security need to have a curriculum that includes the following characteristics:

  • Aspects of both computer-based and business-oriented fundamentals;
  • Concepts that are broadly applicable across a wide range of cyber security related fields;
  • A body of knowledge containing essential cyber security knowledge and proficiencies including the Nine Essential Skills required regardless of program focus;
  • A direct relationship to the range of disciplines meeting workforce demands; and
  • An emphasis on the ethical conduct and professional responsibilities associated with the cyber security field. [5]

This guide aims to help academic institutions develop cyber security programs and courses that meet each of these criteria.

2.2 Emerging Technologies

The cyber security field continues to evolve as industries generate more data and information than before. The applications of emerging technologies in industries, including artificial intelligence (AI), blockchain technology, cloud-computing, the Internet of things (IoT), and quantum computing, have enabled more devices and systems to be connected in a network, allowing for greater control and performance of processes. However, these technologies also increase the risk of being targeted by a cyber-attack. The 2017 Wannacry ransomware attack is a prominent example in which companies and individuals in more than 150 countries were affected by a vulnerability discovered in Microsoft Windows systems [6].

Innovative opportunities to defend and protect emerging technologies from cyber threats continue to develop and grow, and therefore, new types of knowledge and skills in areas such as data science and analytics are generating new cyber security roles on the job market.

This guide aims to expand on and include new cyber security roles as future technology trends pave the way forward.

Date modified: