While cyber security and information security are generally used as synonyms, there are key differences that need to be understood. A good place to start is with data security. Data security is about securing data. Not every bit of data is information. Data becomes information when it is interpreted in context and given meaning.
An example: 061580 is data and it becomes information when we know it's a date of birth. Information is data with meaning.
Businesses are relying more on computer systems, strengthening the link between cyber security and information security but there are key differences that need to be understood as part of best-in-class information risk management.
The Difference Between Cyber Security and Information Security
Cyber security is concerned with protecting electronic data from being compromised or attacked. Think about the computers, servers, networks and mobile devices your organization relies on.
In contrast, Information security (Info Sec) is concerned with protecting information and is generally focused on the confidentiality, integrity and availability of information. The job of an Info Sec professional is to understand and identify what confidential information is critical or could be the target of a physical or cyber attack.
It's becoming increasingly common for the majority of business data and sensitive information to be sitting on a cloud provider like an AWS S3 bucket, laptop or somewhere else on the Internet. But a decade ago the majority of sensitive information was sitting in an office filing cabinet. This is where information security professionals originate from, physically securing data from unauthorized access.
As such, it's common to have an information security professional who knows little about cyber security.
The Parallels Between Information Security and Cyber Security
Cyber security and information security are fundamental to information risk management.
Just as information security professionals lock a cabinet full of personal information, cyber security professionals need physical security measures to ensure adequate data protection. You can't physically lock a laptop, but you can have security systems in place (like a keycard to get into an office) to prevent unauthorized access in the first place.
Regardless of how your information is store, your organization needs adequate security controls in place to prevent unauthorized access. If you don't, your organization is an easy target for cybercrime and physical security breaches.
Information Value Is a Fundamental Part of the Equation
As we alluded to at the start of this post, not all data is as valuable as others just like the difference in value of physical goods. Cyber criminals would rather steal personal information than the event data of a web page. Different information systems have different value and it's important to understand what to prioritize in any security program.
Measuring cyber security risk means understanding the threats, vulnerabilities and value of an electric information asset.
This is where an Info Sec professional can help a cyber security professional understand how to prioritize the protection of information while the cyber security professional can determine how to implement IT security.
The Evolution of Cyber Security
As businesses become more reliant on computer systems and the impact of potential data breaches increases. The role of the Info Sec professional is quickly becoming a key part of the cyber security professional's role who traditionally had to understand computer security, network security, malware, phishing and other cyber threats but weren't necessarily taught the skills of data evaluation in their computer science, information technology or cyber security degree.
Confidentiality, integrity and availability (CIA triad) may not necessarily be terms cyber security professionals are familiar with but they are part of any good information security policy. A key part of cyber security is understanding a subset of information security.
Organizations are increasingly looking to secure information, manage cyber risk, ensure non-repudiation (someone cannot deny an action taken within an information system because the system provides proof of the action), and proper incident response to data breaches and other cybercrimes.
Cyber security and information security are evolving. Security analysts need to understand the key question: what is our most critical data and how do we protect it?
How Upguard Can Help Protect Your Most Sensitive Information
UpGuard helps companies like Intercontinental Exchange, ADP, The New York Stock Exchange, IAG, First State Super, Akamai, Morningstar and NASA protect their data and prevent breaches.
We can help you continuously monitor, rate and send security questionnaires to your vendors to control third-party risk and improve your security posture.
To prevent breaches, avoid regulatory fines and protect your customers trust use UpGuard BreachSight's cyber security ratings and continuous exposure detection.