• Support
  • Login
  • Contact
  • Blog
  • Support
  • Login
  • Contact
  • Blog
SecurityScorecard SecurityScorecard
  • Products
    PRODUCTS
    • Security Ratings
      Identify security strengths across ten risk factors.
    • Security Data
      Get actionable, data-based insights.
    • Security Assessments
      Automate security questionnaire exchange.
    • Attack Surface Intelligence
      NEW
      On-demand contextualized global threat intelligence.
    • Automatic Vendor Detection
      Uncover your third and fourth party vendors.
    • Cyber Risk Quantification
      Translate cyber risk into financial impact.
    • Reporting Center
      Streamline cyber risk reporting.
    • SecurityScorecard Marketplace
      Discover and deploy pre-built integrations.
    SERVICES
    • Active Security Services
      Test your security controls.
    • Cyber Risk Intelligence
      Partner to obtain meaningful threat intelligence.
    • Digital Forensics & Incident Response
      Prepare to respond to any threat.
    • Third-Party Risk Management
      Reduce risk across your vendor ecosystem.
    BUY NOW
    • Compare All Plans
      Choose a plan that's right for your business.
    • Try Free Account
      Make informed decisions with confidence.
    • Buy Pro Now
      Add automated event responses.
    • Buy Business Now
      Expand on Pro with vendor management and integrations.
    • Request Enterprise Demo
      See the capabilities of an enterprise plan in action.
    icon__SSClogoMark icon__SSClogoMark

    Understand and reduce risk with SecurityScorecard.

    Free account sign up
  • Solutions
    BY USE CASE
    • Compliance
    • Cyber Insurance
    • Digital Forensics
    • Due Diligence
    • Enterprise Cyber Risk
    • Executive-Level Reporting
    • Incident Response
    • Regulatory Oversight
    • Third-Party Risk
    BY INDUSTRY
    • Enterprise
    • Financial Services
    • Government
    • Healthcare
    • Insurance
    • Retail & Consumer
    • Technology
    Help your organization calculate its risk
    View All Solutions
  • Customers
    OUR CUSTOMERS
    • Customer Overview
      Trusted by companies of all industries and sizes.
    • Peer Reviews
      Find out what our customers are saying.
    SUCCESS AND SUPPORT
    • Customer Success
      Receive award-winning customer service.
    • Support
      Get your questions answered by our experts.
    COMMUNITY
    • SecurityScorecard Connect
      Engage in fun, educational, and rewarding activities.
    • Connect Login
      Join our exclusive online customer community.
    icon__SSClogoMark icon__SSClogoMark
    Understand and reduce risk with SecurityScorecard.
    Free account sign up
  • Partners

    Partner Program Overview

    Partner with SecurityScorecard and leverage our global cybersecurity ratings leadership to expand your solution, deliver more value, and win new business.

    Learn more
    • Locate a Partner
      Access our industry-leading partner network.
    • Value-Added Resellers
      Enter new markets, deliver more value, and get rewarded.
    • Managed Service Providers
      Meet customer needs with cybersecurity ratings.
    • ISAC Partner Program
      Learn more about the industries we support and ISAC member benefits.
    • Technology Alliances
      Access innovative solutions from leading providers.
    • SCORE Portal Login
      Use the SCORE Partner Program to grow your business.
    • SecurityScorecard Marketplace
      Find a trusted solution that extends your SecurityScorecard experience.

    Understand and reduce risk with SecurityScorecard.

    Free account sign up
  • Resources
    RESOURCES
    • Resource Center
      Explore our cybersecurity ebooks, data sheets, webinars, and more.
    • SecurityScorecard Blog
      Read the latest blog posts published weekly.
    • Research & Insights Center
      Access our research on the latest industry trends and sector developments.
    • SecurityScorecard Academy
      NEW
      Complete certification courses and earn industry-recognized badges.
    TOOLS AND DOCUMENTATION
    • Free Security Rating
      Get your free ratings report with customized security score.
    • Product Release Notes
      Visit our support portal for the latest release notes.
    • Free Account Signup
      Start monitoring your cybersecurity posture today.
    • Chrome Extension
      NEW
      Show the security rating of websites you visit.
    • Assessments ROI Calculator
      Calculate the ROI of automating questionnaires.
    Trust begins with transparency. Take a look at the data that drives our ratings.
    Learn more
  • Company

    Working at SecurityScorecard

    Committed to promoting diversity, inclusion, and collaboration–and having fun while doing it.

    Join our team
    • About Us
      SecurityScorecard is the global leader in cybersecurity ratings.
    • Leadership
      Meet the team that is making the world a safer place.
    • Press
      Explore our most recent press releases and coverage.
    • Events
      Join us at any of these upcoming industry events.
    • Policy Insights
      Raising the bar on cybersecurity with security ratings.
    • Careers
      APPLY TODAY
      Come join the SecurityScorecard team!
    • Contact Us
      Contact us with any questions, concerns, or thoughts.
    • Trust Portal
      Take an inside look at the data that drives our technology.
    • Help Center
      We are here to help with any questions or difficulties.
Request a demo
SecurityScorecard SecurityScorecard
  • Support
  • Login
  • Contact
  • Blog
  • Support
  • Login
  • Contact
  • Blog
SecurityScorecard SecurityScorecard
  • Products
    PRODUCTS
    • Security Ratings
      Identify security strengths across ten risk factors.
    • Security Data
      Get actionable, data-based insights.
    • Security Assessments
      Automate security questionnaire exchange.
    • Attack Surface Intelligence
      NEW
      On-demand contextualized global threat intelligence.
    • Automatic Vendor Detection
      Uncover your third and fourth party vendors.
    • Cyber Risk Quantification
      Translate cyber risk into financial impact.
    • Reporting Center
      Streamline cyber risk reporting.
    • SecurityScorecard Marketplace
      Discover and deploy pre-built integrations.
    SERVICES
    • Active Security Services
      Test your security controls.
    • Cyber Risk Intelligence
      Partner to obtain meaningful threat intelligence.
    • Digital Forensics & Incident Response
      Prepare to respond to any threat.
    • Third-Party Risk Management
      Reduce risk across your vendor ecosystem.
    BUY NOW
    • Compare All Plans
      Choose a plan that's right for your business.
    • Try Free Account
      Make informed decisions with confidence.
    • Buy Pro Now
      Add automated event responses.
    • Buy Business Now
      Expand on Pro with vendor management and integrations.
    • Request Enterprise Demo
      See the capabilities of an enterprise plan in action.
    icon__SSClogoMark icon__SSClogoMark

    Understand and reduce risk with SecurityScorecard.

    Free account sign up
  • Solutions
    BY USE CASE
    • Compliance
    • Cyber Insurance
    • Digital Forensics
    • Due Diligence
    • Enterprise Cyber Risk
    • Executive-Level Reporting
    • Incident Response
    • Regulatory Oversight
    • Third-Party Risk
    BY INDUSTRY
    • Enterprise
    • Financial Services
    • Government
    • Healthcare
    • Insurance
    • Retail & Consumer
    • Technology
    Help your organization calculate its risk
    View All Solutions
  • Customers
    OUR CUSTOMERS
    • Customer Overview
      Trusted by companies of all industries and sizes.
    • Peer Reviews
      Find out what our customers are saying.
    SUCCESS AND SUPPORT
    • Customer Success
      Receive award-winning customer service.
    • Support
      Get your questions answered by our experts.
    COMMUNITY
    • SecurityScorecard Connect
      Engage in fun, educational, and rewarding activities.
    • Connect Login
      Join our exclusive online customer community.
    icon__SSClogoMark icon__SSClogoMark
    Understand and reduce risk with SecurityScorecard.
    Free account sign up
  • Partners

    Partner Program Overview

    Partner with SecurityScorecard and leverage our global cybersecurity ratings leadership to expand your solution, deliver more value, and win new business.

    Learn more
    • Locate a Partner
      Access our industry-leading partner network.
    • Value-Added Resellers
      Enter new markets, deliver more value, and get rewarded.
    • Managed Service Providers
      Meet customer needs with cybersecurity ratings.
    • ISAC Partner Program
      Learn more about the industries we support and ISAC member benefits.
    • Technology Alliances
      Access innovative solutions from leading providers.
    • SCORE Portal Login
      Use the SCORE Partner Program to grow your business.
    • SecurityScorecard Marketplace
      Find a trusted solution that extends your SecurityScorecard experience.

    Understand and reduce risk with SecurityScorecard.

    Free account sign up
  • Resources
    RESOURCES
    • Resource Center
      Explore our cybersecurity ebooks, data sheets, webinars, and more.
    • SecurityScorecard Blog
      Read the latest blog posts published weekly.
    • Research & Insights Center
      Access our research on the latest industry trends and sector developments.
    • SecurityScorecard Academy
      NEW
      Complete certification courses and earn industry-recognized badges.
    TOOLS AND DOCUMENTATION
    • Free Security Rating
      Get your free ratings report with customized security score.
    • Product Release Notes
      Visit our support portal for the latest release notes.
    • Free Account Signup
      Start monitoring your cybersecurity posture today.
    • Chrome Extension
      NEW
      Show the security rating of websites you visit.
    • Assessments ROI Calculator
      Calculate the ROI of automating questionnaires.
    Trust begins with transparency. Take a look at the data that drives our ratings.
    Learn more
  • Company

    Working at SecurityScorecard

    Committed to promoting diversity, inclusion, and collaboration–and having fun while doing it.

    Join our team
    • About Us
      SecurityScorecard is the global leader in cybersecurity ratings.
    • Leadership
      Meet the team that is making the world a safer place.
    • Press
      Explore our most recent press releases and coverage.
    • Events
      Join us at any of these upcoming industry events.
    • Policy Insights
      Raising the bar on cybersecurity with security ratings.
    • Careers
      APPLY TODAY
      Come join the SecurityScorecard team!
    • Contact Us
      Contact us with any questions, concerns, or thoughts.
    • Trust Portal
      Take an inside look at the data that drives our technology.
    • Help Center
      We are here to help with any questions or difficulties.
Request a demo
SecurityScorecard SecurityScorecard
BLOG

What is the Difference Between Information Security and Cybersecurity?

05/04/2020

Cybersecurity and information security are often used interchangeably, even among some of those in the security field.

The two terms are not the same, however. They each address different kinds of security, and it’s important for any organization that’s investing in a proper security framework to understand each term, what it means, and the difference between the two. So, what are they, how do they overlap, and how do they differ? Before you can understand the difference between cybersecurity and information security, it may help to think of each term in terms of what it’s specifically protecting.

What is cybersecurity?

Cybersecurity is defined by NIST as the “ability to protect or defend the use of cyberspace from cyber attacks.” While there are other definitions — CISA has its own definition as does ISO — most of them are similar.

Put simply, cybersecurity is related to cyberattacks from the inside or outside of an organization. It is the framework for protecting and securing anything that is vulnerable to hacks, attacks, or unauthorized access which mainly consists of computers, devices, networks, servers, and programs.

Cybersecurity also pertains exclusively to the protection of data that originates in a digital form — it’s specific to digital files, which is a key way it differs from information security. So when we talk about cybersecurity, we are automatically discussing digital information, systems and networks.

What is information security?

Information security primarily refers to protecting the confidentiality, integrity, and availability of data, no matter its form. We tend to think of computers and digital information when we think of information security, but meaningful, valuable data can be stored in many forms. Information security can just as easily be about protecting a filing cabinet of important documents as it is about protecting your organization’s database.

Information security is, broadly, the practice of securing your data, no matter its form.

Below is NIST’s definition of information security:

Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide:

  • Integrity, which means guarding against improper information modification or destruction, and includes ensuring information nonrepudiation and authenticity
  • Confidentiality, which means preserving authorized restrictions on access and disclosure, including means for protecting personal privacy and proprietary information and
  • Availability, which means ensuring timely and reliable access to and use of information.

Where do information security and cybersecurity and overlap?

To be fair, there is some overlap between cybersecurity and information security, and that causes some justified confusion about the two terms.

Most information is stored digitally on a network, computer, server, or in the cloud. Cybercriminals can gain access to this information to exploit its value.

The value of the data is the biggest concern for both types of security. In information security, the primary concern is protecting the confidentiality, integrity, and availability of the data. In cybersecurity, the primary concern is protecting against unauthorized electronic access to the data. In both circumstances, it is important to understand what data, if accessed without authorization, is most damaging to the organization, so a security framework can be established with proper controls in place to prevent unauthorized access.

Where there are dedicated resources in separate teams, it is likely that both teams will work together to establish a data protection framework, with the information security team prioritizing the data to be protected and the cybersecurity team developing the protocol for data protection.

What is the difference between cybersecurity and information security?

Cybersecurity focuses on protecting data found in electronic form from being compromised and attacked. Cybersecurity professionals take on a more active role by protecting servers, endpoints, databases, and networks by finding security gaps and misconfigurations that create vulnerabilities. They also identify what the critical data is and where it’s living, determine its risk exposure, and assess related technology.

What is an example of cybersecurity?

The following are some examples of cybersecurity:

  • Network security: A practice of securing networks against unauthorized access, misuse, interference, or interruption of service.
  • Application security: A process that involves detecting, fixing, and enhancing the security of applications to prevent data or code within the applications from being stolen.
  • Cloud security: A combination of policies, controls, procedures, and technologies that work together to protect cloud-based infrastructures and systems.
  • Critical infrastructure: A set of foundation tools that provide security services such as virus scanners, intrusion prevention systems, anti-malware software, and more.

In contrast, information security is concerned with ensuring data in any form is secured in cyberspace and beyond. That is to say, the internet or the endpoint device may only be part of a larger picture. Information security professionals focus on the confidentiality, integrity, and availability of all data.

What is an example of information security?

Information security is inclusive of cybersecurity and also involves:

  • Procedural controls: These controls prevent, detect, or minimize security risks to any physical assets such as computer systems, data centers, and even filing cabinets. These can include security awareness education, security framework, compliance training, and incident response plans and procedures.
  • Access controls: These controls dictate who’s allowed to access and use company information and the company network. These controls establish restrictions on physical access to building entrances and virtual access, such as privileged access authorization.
  • Technical controls: These controls involve using multi-factor user authentication at login, firewalls, and antivirus software.
  • Compliance controls: These controls deal with privacy laws and cybersecurity standards designed to minimize security threats. They require an information security risk assessment and enforce information security requirements.

Successful information security and cybersecurity with SecurityScorecard

With advancements in interconnectivity comes the need for businesses to have the proper security framework and procedures in place to protect their most important assets.

SecurityScorecard monitors your information security by keeping an eye on your data and the systems and networks you have in place to protect it. Additionally, we monitor your cybersecurity by making sure your organization’s systems are patched when they need to be, and that there’s no hacker chatter about your organization on the dark web. Once your score drops, you’ll know that something has changed, and our platform will then offer cyber risk remediations to help you fix the problem before there’s a breach.

There might be a difference between cybersecurity and information security, but they are both equally important to your organization. While cybersecurity can be viewed as a subset of information security, ultimately both focus on data protection. Both cybersecurity and information security personnel need to be aware of the scope and the shared mission to secure your enterprise.

Return to Blog
Join us in making the world a safer place.
FREE ACCOUNT SIGN UP
Products
Solutions
Customers
Marketplace
Partners
Resources
Company
Trust Portal
Security Ratings
Login
Blog
Contact
Careers

SecurityScorecard
Tower 49
12 E 49th St
Suite 15-100
New York, NY 10017

[email protected]

United States: (800) 682-1701
International: +1(646) 809-2166
Social-linkedin Social-facebook Twitter Instagram Youtube