Posted on Nov 15, 2017

Information Security Versus Cybersecurity

We are in a time when, thanks to the constant development of technology, businesses are more technically savvy and digitally advanced. With these advancements come the need for businesses to have the proper security framework and procedures in place to protect their most important assets. Prior to putting a proper security framework in place, however, the business must understand the difference between Information Security and Cybersecurity. How are they different, and why are these terms so often confused?

Information refers to any data that has meaning and comes in any form (digital or not), so information security is primarily refers to protecting the confidentiality, integrity, and availability of data regardless of its form. Per the NIST standard, integrity, confidentiality, and availability are defined as follows:

  • Integrity. Guarding against improper information modification or destruction, and includes ensuring information nonrepudiation and authenticity;
  • Confidentiality. Preserving authorized restrictions on access and disclosure, including means for protecting personal privacy and proprietary information; and
  • Availability. Ensuring timely and reliable access to and use of information.

Cybersecurity, on the other hand, is the framework of protecting and securing anything that is vulnerable to a hacks, attacks, or unauthorized access, which mainly consists of computers, networks, servers, and programs. Unlike information security, cybersecurity pertains exclusively to the protection of data that originates in a digital form. 

Some of the confusion comes from the fact that data and information are often stored digitally on a network, computer, server or in the cloud. Hackers gain access to this information to exploit its value.

The value of the data is the biggest concern for both types of security. As referenced above, in information security, the primary concern is protecting the confidentiality, integrity, and availability of the data. In cybersecurity, the primary concern is protecting unauthorized electronic access to the data. In both circumstances, it is important to understand what data, if accessed without authorization, is most damaging to the organization so a framework can be established with proper controls in place to prevent unauthorized access.

Where there are dedicated resources in separate teams, it is likely that both teams will work together to establish a data protection framework-- with the information security team prioritizing the data to be protected and the cybersecurity team developing the protocol for data protection.3

In sum, while cybersecurity can be viewed as a subset of information security, ultimately both focus on data protection.  Both cybersecurity and information security personnel need to be aware of the scope and the shared mission to secure the enterprise.

References:

Security Research in your Inbox

Thanks for siging up for the newsletter!

Our Platform

Learn How It Works

Find out how we use open source intelligence, proprietary and open data feeds, and deep machine learning systems to correlate, attribute, and prioritize risks.

Learn About the Platform

No waiting, 100% Free

Get your personalized scorecard today

Get your free scorecard and learn how you stack up across 10 categories of risk. Answer a few simple questions and we'll instantly send your score to your business email.

Get Your Free Score

Get In Touch

Thank you for contacting us!

Request a Demo

Thank you for requesting a demo!