Cybersecurity vs Information Security

Posted March 17, 2020

As our ability to collect, transmit and store data continues to grow at a parabolic rate, the task of securing our data becomes ever more complex. If you work in IT, you’ve certainly seen the recent increase in usage of the terms cybersecurity and information security. You’ve probably even seen them used interchangeably. But are they the same? Let’s take a look.

We’ll start with definitions for both terms as defined by the NIST (National Institute of Standard and Technology), [Source- http://nvlpubs.nist.gov/nistpubs/ir/2013/NIST.IR.7298r2.pdf]

Cybersecurity: The ability to protect or defend the use of cyberspace from cyber attacks.

Information Security (1): The protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability.

Information Security (2): Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide —

1) integrity, which means guarding against improper information modification or destruction, and includes ensuring information non-repudiation and authenticity;

2) confidentiality, which means preserving authorized restrictions on access and disclosure, including means for protecting personal privacy and proprietary information; and

3) availability, which means ensuring timely and reliable access to and use of information.

From the NIST definitions, we can see a clear distinction between protecting “the use of cyberspace” itself and protecting “information” overall. In the Cybersecurity definition, we also see the use of “cyberspace.” If we define cyberspace as the virtual computer world that facilitates communication, we can limit the cybersecurity discipline to the “online” realm. But we should be careful not to assume “online” is limited to only the internet as it can include everything within ICT (Information and Communication Technology).

There is some overlap between the disciplines when it comes to protecting information. Cybersecurity has a role in protecting information by securing access to it through cyberspace. While information security is tasked with securing all “information” regardless of where it is located or how it is accessed.

Within information security, we must also understand that all data are not necessarily information. To be information, data requires context and meaning. A driver’s license number is just a sequence of alphanumeric numbers and can be stored simply as data. Not until it is understood to be a driver’s license number does it become information. Cybersecurity protects data regardless if it is in context as information where information security would not. But cybersecurity would only protect the information in the cyber realm. If the license number is written on paper, it would fall within the discipline of information security and it would be far from the realm of cybersecurity.

Another significant difference between the two disciplines appears when we look at what else is not information besides data. Within cybersecurity, there are vast systems and resources that require protection such as hardware and software; however, they are not considered information. Protecting servers, switches, routers firewalls, and even the control of autonomous vehicles could all fall within the cybersecurity discipline but not information security.

The simplest way to understand the difference is to remember that cybersecurity secures everything within the cyber realm (even non-information) and information security is concerned with securing all information (even non-digital information).

Kyle Vinar

Kyle Vinar is Partner / President of Verus Corporation. He oversees all business operations and coaches Verus teams to continually improve on their solutions from client experience to product development and overall solution implementation. He works with all Verus resources to increase efficiencies and excellence in every aspect of their organizational roles. Kyle believes that people are the last real competitive edge that a company can have and constructing a rich culture is a vital step in running a world-class organization. Therefore he strives to create a culture within Verus that allows everyone to show up authentically and grow both personally and professionally, which in turn allows Verus Corp team members to provide clients with top-of-the-line service. Kyle helps balance strategy, capacity, and culture in such a way that has allowed Verus Corp to achieve exponential growth since he joined the company in 2013. One of Kyle’s greatest professional achievements has been in helping lay the foundation upon which Verus Corporation could be named the 2nd Best Place to Work by the Minneapolis/St. Paul Business Journal. Kyle holds a Bachelor of Science in Marketing from St. Cloud State University. He lives in Champlin with his wife and 3 children. He has enjoyed volunteering as a soccer coach for over 6 years and was the former Director of Coaching for Rebels Soccer Club. If Kyle isn’t on the sidelines of one of his children’s soccer games or in the audience of his eldest’s musicals, he can often be found cruising scenic routes on his Harley, in a deer stand, or on the golf course.