Information Security
Information security (or
“InfoSec”) is another way of saying “data security.” So if you are an
information security specialist, your concern is for the confidentiality,
integrity, and availability of your data. (This is often referred to as the
“CIA.”) Most modern business data resides electronically on servers, desktops,
laptops, or somewhere on the internet—but a decade ago, before all confidential
information migrated online, it was sitting in a filing cabinet. And some
confidential information still is! InfoSec is concerned with making sure data
in any form is kept secure and is a bit broader than cyber-security. So, someone
could likely be an information security expert without being a cyber-security
expert.
Cyber-security
Cyber-security is all
about protecting data that is found in electronic form. Part of that is
identifying what the critical data is, where it resides, and the technology you
have to implement in order to protect it.
Overlap Between Information Security & Cyber-security
There is a physical security component to both cyber-security and
information security.
If you have a warehouse full of confidential paper documents, you
clearly need some physical security in place to prevent anyone from rummaging
through the information. And as more data becomes digital, the process to
protect that data requires more advanced IT security tools. So, while you can’t
put a physical padlock on a desktop computer, you can put a padlock on your
server room door. In other words, if your data is stored physically or
digitally, you need to be sure you have all the right physical access controls
in place to prevent unauthorised individuals from gaining access.
They both take the value of the data
into consideration.
If you’re in information
security, your main concern is protecting your company's data from unauthorised
access of any sort—and if you’re in cyber-security, your main concern is
protecting your company’s data from unauthorised electronic access. But in both
scenarios, the value of the data is of utmost importance. Both individuals need
to know what data is most critical to the organisation so they can focus on
placing the right controls on that data. In some scenarios, an information
security professional would help a cyber-security professional prioritise data
protection—and then the cyber-security professional would determine the best
course of action for the data protection. But with the changing security
landscape over the past decade, things aren’t always this black and white.
Resources:
1-https://www.valpo.edu/onlinecybersecurity/2019/01/16/cyber-security-vs-information-security-is-there-a-difference/
1-https://www.valpo.edu/onlinecybersecurity/2019/01/16/cyber-security-vs-information-security-is-there-a-difference/
2-https://www.computersciencedegreehub.com/faq/what-is-the-difference-between-cyber-security-and-information-security/
3-https://www.ifsecglobal.com/cyber-security/understanding-the-difference-between-it-security-and-cybersecurity/
This would lead on to GDPR and the impact that has had on information and personal data security - your response to this would be good to see, what are you gaining from the research you are doing? The context is the element that really needs to be improved on your blog posts, which are research heavy, but lack the commentary from you.
ReplyDelete