Cyber security and information security are often thought of as the same thing. Understandably, this creates confusion in the security world. With so many terms floating around and new technologies being introduced virtually every day, it’s no surprise that there’s cyber security vs. information security debate. Is information security a subset of cyber security? Is it the other way around? What about information technology? Is information technology the same as cyber security? These are all valid questions.
First, let’s look at how both cyber security and information security are defined. According to the National Institute of Standards and Technology, cyber security is the “ability to defend or protect the use of cyberspace from cyber-attacks.” The organization defines information security as the “protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction to provide confidentiality, integrity, and availability.” In other words, the difference is in scope.
Suggested Read: 3 ways AI is improving cyber security
Cyber Security vs. Information Security
While there continues to be a lively online debate about whether cyber security and information security mean the same thing, it makes sense to look at cyber security as a form of information security. Think of information security as an umbrella, with cyber security and other security topics like cryptography and mobile computing underneath it.
Drawing a clear distinction can be tough, though, given that simple geography can make an impact. For example, the term cyber security is used widely throughout the United States, but in other countries around the world, it could also be commonly called information security. This and other factors have helped keep the cyber security versus information security debate alive.
There are other distinctions in the cyber security vs. information security discussion, too. While cyber security deals with protecting the information in cyberspace, information security means protecting the data in cyberspace and beyond. In other words, the Internet or the endpoint device may only be part of the larger picture. Both involve protecting cyberspace from hacks, which can include ransom ware, spyware, malware, and other types of harmful software that can cause all kinds of havoc. Cyber security professionals, however, have a more narrow focus.
Also read: DevOps and security defining the recipe
Cyber security professionals take an active role in helping to protect servers, endpoints, databases, and networks by finding holes and misconfigurations that create vulnerabilities. In other words, they are responsible for preventing breaches. The most talented think like hackers and may have even been one in the past. Of course, information security professionals are also concerned with data loss prevention. They work together with their cyber counterparts on it but may take a broader role in prioritizing the most sensitive data first and making a plan for how to recover from a breach.
It’s also helpful to think of the difference between data and information at a more fundamental level. Data can be anything — a series of numbers, for example — but all data is not equal. What that data represents and how sensitive it falls squarely under the purview of information security professionals. If a series of numbers was a customer’s credit card number, for example, it is the responsibility of information security teams to ensure that they are compliant with government regulations. Again, they work closely with their cyber colleagues to ensure that the most critical data is safe. But are responsible for a much more significant stake of overall security in an organization.
|Cyber Security||Information Security|
|Focuses solely on online threats||Takes a mile-high view of the security landscape|
|Learns to think like a hacker||Deals with the protection of data from any threat|
|Develops a deep understanding of malicious Software||Oversees unauthorized access/modification/disruption|
|Acts as the first line of defense||Makes plans to recover from a breach|
In the end, cyber security vs. information security debate can be the wrong way to approach two things that are so complementary to each other. Both roles protect data from being stolen, accessed, altered, or deleted. The main difference is the breadth of their focus.
Not assured whether to get certified in cyber security or information security? Try courses in both! Including certified ethical hacking (CEH), CISSP, CISA, Comitial Security+, CISM, Certified in Risk and Information Systems Control (CRISC), CCSP, Certified Network Defender (CDN), COBIT 5, and Computer Hacking Forensic Investigator (CHFI).