Over the past several years enterprises across all industries have fallen victim to cyber attacks including theft of sensitive data, disruption of information systems and even damage to critical infrastructure. In reading about these attacks both Information Security (InfoSec) and CyberSecurity (CyberSec) roles seem to be synonymous. However, although there are some similarities, there are also some important distinctions between them.
Information security principally means ‘data security’ and at the core of information security efforts is the CIA triad-Confidentiality, Integrity, and Availability. The CIA triad is comprised of the objectives needed to achieve its sole purpose of safeguarding data from unauthorized access, disclosure, modification, inspection, recording or destruction of data. Infomation security coverage includes both electronic and paper.
CyberSecurity is broader and includes ‘Information Security’ with respect to the protection of any digital data. Additionally, CyberSecurity protects the integrity of computing assets belonging to or connecting to a network; with its sole purpose to defend all assets against all threat actors throughout the entire life cycle of a cyber attack.
In summary, things are never black and white. As cyber attacks become more sophisticated, persistent and destructive; There seems to be a developing interconnectedness and a significant amount of overlap regarding functions and competencies as it relates to understanding what data is most critical and what controls should be put in place to protect the data.
Cybersecurity is a shared responsibility. Stop. Think. Connect.