Posted on May 13, 2019
Businesses are more technically and digitally savvy than ever. With these advancements in interconnectivity comes the need for businesses to have the proper security framework and procedures in place to protect their most important assets.
Prior to putting a proper security framework in place, however, businesses must understand the difference between cyber security and information security. How are they different, and why are these terms so often confused?
Information refers to any data that has meaning and comes in any form (digital or not), so information security is primarily refers to protecting the confidentiality, integrity, and availability of data regardless of its form.
Per the NIST standard, integrity, confidentiality, and availability are defined as follows:
Cyber security, on the other hand, is the framework of protecting and securing anything that is vulnerable to hacks, attacks, or unauthorized access, which mainly consists of computers, networks, servers, and programs. Unlike information security, cyber security pertains exclusively to the protection of data that originates in a digital form.
Some of the confusion comes from the fact that data and information are often stored digitally on a network, computer, server or in the cloud. Hackers gain access to this information to exploit its value.
The value of the data is the biggest concern for both types of security. As referenced above, in information security, the primary concern is protecting the confidentiality, integrity, and availability of the data. In cyber security, the primary concern is protecting unauthorized electronic access to the data. In both circumstances, it is important to understand what data, if accessed without authorization, is most damaging to the organization, so a security framework can be established with proper controls in place to prevent unauthorized access.
Where there are dedicated resources in separate teams, it is likely that both teams will work together to establish a data protection framework, with the information security team prioritizing the data to be protected and the cyber security team developing the protocol for data protection.
In sum, while cyber security can be viewed as a subset of information security, ultimately both focus on data protection. Both cyber security and information security personnel need to be aware of the scope and the shared mission to secure the enterprise.
Check out our list of 3 top third party risk management (TPRM) challenges, and the actions you can take to bolster your program. Learn more.
Performing cybersecurity risk assessments is a key part of any organization’s information security management program. Read our guide.
Templates and vendor evaluations are needed to level that playing field, in a time efficient and fair way, so that the best vendors are chosen.
No waiting, 100% Free
Get your free scorecard and learn how you stack up across 10 risk categories. Answer a few simple questions and we'll instantly send your score to your business email.