What is information security and what is the difference between information security and cybersecurity?
Information security is concerned with ensuring the confidentiality, integrity and availability (CIA Triad), authentication, accountability and nonrepudiation of all information held by an organization. In other words, it refers to the processes and collection of tools designed, configured and deployed to protect sensitive organization assets from unauthorized disclosure, modification, disruption, and destruction. Besides, it focuses on protecting information and information systems from cyberattacks various types. It includes information in electronic and in hard-copy format. Moreover, information security involves considering physical and environmental security controls alongside technological controls.
Information security and cybersecurity are closely related fields and more specifically cybersecurity is a subset of information security. Furthermore, cybersecurity is more concerned with the electronic or digital information including the physical security of that information and information systems. Besides, new cyber risks are emerging daily and the organizations must do everything they can to protect their assets, reputation and stay successful in their businesses.
Organizations nowadays collect, analyze, use and store more information than ever before. As a result, global legal, regulatory, contractual and compliance requirements are beginning to emerge to cope with data security and privacy requirements. The most prominent and comprehensive regulations in the industry include GDPR (General Data Protection Regulation), HIPAA (Health Insurance Portability and Accountability Act), and PCI DSS (Payment Card Industry Data Security Standard) to name a few.
The GDPR for instance addresses the following points:
- Provide data breach notifications
- Appoint data privacy officer (DPO)
- Require user consent for data processing
- Anonymize data for privacy reasons
Information security may involve one or more the following components or types:
- Infrastructure security
- Application security
- Cloud security
- Cryptography
- Physical security
- Cyber-physical security
- Incident management
- Vulnerability management
- Network security
- Environmental security controls
- Virtualization security
- Personnel security
- Security policy
- More