What’s the difference between cyber security and information security?

Information Security and Cyber security are very closely related terms. Most of us use them interchangeably and it hardly matters. But there is a definite difference between them. NISTIR 7298 Revision 2 by Richard Kissel mentions separate definitions for both these terms.

Cyber Security is defined as the ability to protect or defend the use of cyberspace from cyber-attacks.

Whereas, Information Security is the protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability (CIA).

Information Security is a broader field that is concerned with information and the protection of information whether be it physical or computerized.

Cyber Security on the other hand deals with protection of cyberspace and use of it against any sort of crime (related/not related to information CIA).

Now, the whole confusion about terms is because most of the information today is saved electronically and most of the cyber-attacks are executed to disclose confidential information, harm the integrity of it or deny access to authorized users.

So, the question remains if this should be categorized under Cyber Security or Information Security! On a personal opinion, this comes under both. The information is under threat hence information Security but Cyberspace is involved hence Cyber Security.

This makes Cyber Security a subset of Information Security (most popular opinion on the internet). But Cyber-crimes that do not involve threat to information are NOT part of Information Security but indeed a concern for Cyber Security.

On the same lines, the information threats that do not involve Cyberspace come under Information Security but NOT under Cyber Security.

Leave a Reply

Your email address will not be published. Required fields are marked *