Cybersecurity vs Information Security

[Audio] Hi! I am Hamed Taherdoost. I hold PhD of Computer Science and Master of Computer Science. Today, I have the privilege to give you a presentation about Cybersecurity vs Information Security that I am sure almost everyone here already knows but I hope this would be a great opportunity to share ideas and perspectives in this field..

[Audio] The outline of the presentation includes: A Brief Introduction Definitions of Cybersecurity and Information Security Cybersecurity and Information security Differences Cybersecurity and Information Security from Different Aspects Limitations and Future Directions And finally Conclusion.

[Audio] As reports share more news about cyber-attacks and the activity of hackers leading to significant failures for both businesses and individuals, a wider spectrum of stakeholders gets attracted to minimize the irreparable impacts of growing security risks. Hackers are likely to penetrate the computer of an ordinary citizen or access to accounts of a bank leading to serious risks for the board of directors as they are accountable for cyber risks. The Internet and data volume has expanded over the years and cyber risks have grown accordingly threatening businesses that are reliant on data. Cyber threat is a critical concern that jeopardizes information systems and their sustainability in the information ecosystem. A cyberattack puts information in a vulnerable state. In recent years, the number of invaders to information systems is rapidly growing which is making the matter more dangerous. It seems that there is no way to evade this trend in the age of data. However, a number of existing frameworks and standards have addressed the data security issues by focusing to minimize or eliminate them [ 5]. Reliance on standards and frameworks and following a range of security steps secures businesses and individuals from cyber risks to a great extent. Thus, a new area of knowledge is developed to address security concerns as Cybersecurity and Information Security are commonly used terms today. These terms are commonly used interchangeably. It is true that applying something to address cyber risks is rather than nothing; however, a better understanding in this area decreases the costs of data breaches to a great extent. Cybersecurity and Information Security are both responsible to protect computer systems against cyber threats but what makes these two terms stand out differently?.

[Audio] To define Cybersecurity and Information Security, we have referred to ISO/IEC 27032:2012 and ISACA CSx Cybersecurity Fundamentals Study Guide as reputable sources in this area. Based on the ISO/IEC 27032: 2012, Cybersecurity is defined as the " preservation of the confidentiality, integrity, and availability of information in Cyberspace". Also, the Merriam-Webster dictionary defines Cybersecurity as " measures taken to protect a computer or computer system against unauthorized access or attack". Information Security, on the other hand, is defined as the "preservation of the confidentiality, integrity, and availability of information". The main objective of Information Security is to ensure the continuity of business processes with the least damage and limit the negative impacts of incidents..

[Audio] Thus, it can be concluded that although Cybersecurity and Information Security are so closely linked to each other and overlap in some aspects, the main difference is related to information. Information Security is concentrated to protect information everywhere; whereas Cybersecurity is specifically focused on information in cyberspace. Based on the ISACA CSx Cybersecurity Fundamentals Study Guide, cybersecurity is recognized as a part of information security that aims to protect digital assets and Information Security targets information whether it is in digital or physical space. As cyberspace is growing rapidly, both information security and Cybersecurity need to be continuously evaluated and innovated to get updated with the most recent modifications..

[Audio] Considering the definitions provided by these basic sources, it can be concluded that Information Security fully includes Cybersecurity as one of its components. Cyber Security, on the other hand, is responsible to ensure the security of information against cyber threats and cyber-attacks while it is processed, stored, or transported. Access Controls, Procedural Controls, Compliance Controls, and Technical Controls are examples of Information Security; whereas Application Security, Network Security, Cloud Security, and Critical Infrastructure are examples of Cybersecurity. An example to compare Cybersecurity and Information Security is when sensitive information is left on the desk of an employee and copied by a customer aiming to sell it to an unauthorized party. This is a case of an Information Security breach since Cyberspace is not involved in the process. However, if this sensitive information was shared on social media by the employee hurting the reputation of the company, it was considered a breach in Cybersecurity as well as Information Security. Thus, Cybersecurity incidents can be generalized to information security leading to breaches in confidentiality, integrity, or availability of information and exposing an organization to the threat of information loss. The difference between Cybersecurity and Information Security is represented in Figure 1..

[Audio] Considering the differences between Cybersecurity and Information Security from different aspects, Cybersecurity protects cyberspace from cyber-attacks while Information Security considers protecting information from any form of threat regardless of being digital or physical. Thus, the scope of Cybersecurity is limited to cyberspace and Information Security deals with data protection in a wider realm. In terms of threats, Cybersecurity provides protection against dangers in the digital environment while Information Security deals with threats that endanger information regardless of their type. Attacks that endanger information in cyberspace include cyber frauds, cybercrime, and law enforcement; however, any type of unauthorized access to information, disruption, or information disclosure is considered as an attack that should be addressed through Information Security. Besides, professional standards are established to protect information from threats in cyber reals such as personal information on social media; however, Information security professional standards consider the security of information assets to ensure information confidentiality, availability, and integrity..

[Audio] Existing cyber security and information security models are commonly based on the current status of data security and cyberspace; however, cyberspace is constantly growing. Thus, studies and models should be developed accordingly. Besides, this study is based on conceptual knowledge in this area and it does not cover any real case about the implementation of cyber security and information security in a case organization. Thus, it is recommended to conduct a study comparing the results of employing both information security and cyber security models in a case business for future directions..

[Audio] Information has become of paramount importance to help organizations in achieving their business objectives and providing online services in the information-centric society. Despite the constructive role of information in the success of an organization, it is also likely to damage the reputation of the company and lead to significant failures if not protected. Besides, most businesses rely on cyberspace to manage their business processes, transfer information and deliver services. The more organizations are dependent on the Internet to offer services, cyber risks arise, and the necessity to get protected against cyber risks increases as well. Thus, Information Security and Cybersecurity terms are developed to address issues related to the security of information in an online or offline environment. Understanding Information Security and Cybersecurity and how they are different from each other better equip businesses to get protected against threats and risks of information loss..

Thank you.