Although there is a general idea of what cyber security represents, it is used as a synonym for information security, but it is not entirely correct.
One widely used term today is «cyber security», which can be associated with other words such as cyberspace, cyber threats, cyber criminals or other compound concepts. Although there is a general perception of what it represents, it can sometimes be used as a synonym for information security, computer security or computer security – but this idea is not entirely correct.
The dilemma arises when it is necessary to adequately apply the concepts, according to the ideas that are intended to be expressed. Although there are different definitions for cybersecurity, it is important to know when it is used correctly according to the context, and to identify its differences with the other terms -for example, information security.
Cybersecurity seeks to protect digital information in interconnected systems.
It is included in the security of information
In this blog we will define the different concepts to know their differences with other terms used in the security environment.
What is cyber security?
In the last edition of bSecure Conference, professionals from (Information Systems Audit and Control Association)
According to the association, it can be understood as
«Protection of information assets, through the treatment of threats that put at risk the information that is processed, stored and transported by information systems that are interconnected.
An information asset is defined as knowledge or data that has value for an organization, while information systems comprise applications, services, information technology assets or other components that enable the management of information.
Therefore, cyber security focuses on the protection of digital information that «lives» in interconnected systems. Consequently, it is included within information security.
Information security: different forms and states of data
To know the main difference with information security, let’s review other interesting concepts that will allow us to have the general context.
Security is defined as «free or exempt from any danger, damage or risk». However, this is an ideal condition, since in reality it is not possible to be certain that all dangers can be avoided.
«Safety» points to an ideal condition, since there is no certainty that all dangers can be avoided. Its purpose is to reduce risks to an acceptable level for those concerned.
The purpose of security in all its fields of application is to reduce risks to a level that is acceptable to those interested in mitigating latent threats. In a broad sense, security is also understood as all those activities aimed at protecting from some kind of danger.
However, information can be found in different ways, for example in digital format (through files in electronic or optical media), in physical form (either written or printed on paper), as well as in an unrepresented way – such as ideas or people’s knowledge. In this sense, information assets can be found in different forms.
In addition, information can be stored, processed or transmitted in different ways: in electronic form, verbally or through written or printed messages, so it is also possible to find it in different states.
Therefore, regardless of its form or state, information requires adequate protection measures according to its importance and criticality, and this is precisely the area of information security.
Let us remember that computer security is limited to the protection of systems and equipment that allow the processing of information, while computer security involves the methods, processes or techniques for automatic processing of information in digital format, having a greater scope, since it includes the protection of networks and technological infrastructure.
For example and based on the definitions, when we seek to protect hardware, networks, software, technological infrastructure or services, we are in the field of computer security or cyber security. When we include security activities related to information handled by people, physical security, compliance or awareness we refer to information security
Main differences between cybersecurity and information security
After reviewing the concepts, it is possible to identify the main differences and therefore know when to apply one concept or another.
First of all, we emphasize that information security has a greater scope than cyber security, since the former seeks to protect information from risks that may affect it, in its different forms and states.
On the contrary, cybersecurity focuses mainly on information in digital format and the interconnected systems that process, store or transmit it, so it has a greater approach to computer security.
Furthermore, information security is based on methodologies, standards, techniques, tools, organizational structures, technology and other elements, which support the idea of protection in the different facets of information; it also involves the application and management of appropriate security measures, through a holistic approach.
Therefore, regardless of the limits of each concept, the main objective is to protect information, regardless of whether it belongs to an organization or whether it is personal information, since no one is exempt from suffering some security risk.
Information requires adequate protection measures according to its importance and criticality, and this is precisely the scope of information security.
Now that we know the definition of each term and its scope, we can use them by making the corresponding distinctions, as we will surely continue to apply the concept. With the technological advances that are increasingly incorporated into our daily lives, the dependence on technology increases, and consequently so does the need to apply cyber security.