I attended a customer feedback meeting this morning and a question came up that intrigued me. “What’s the difference between ‘Cyber‘ security & ‘Information’ security‘?
There seemed to be some confusion of over whether cyber security and information security are in fact the same thing.
For all intents and purposes, both cyber security and information security are in fact the same thing. If one were to try and define them as separate terms, you would be very likely to write the same definition, or very similar at least.
Let’s coin a new phrase. I introduce: Cybermation – you read it here first!
Some may ask, if they are in fact the same thing, why are there different standards for each subject i.e. PAS 555 for cyber security and ISO/IEC 27001 for information security? The truth is, again, that both documents are aimed at different markets.
PAS 555 is aimed at organisations that want to take a less formal, less structured approach to cyber security. It is intended to get those organisations that wouldn’t even consider cyber security precautions interested in the subject.
ISO/IEC 27001 does offer a more structured approach to information security. But can seem overkill for some organisations, and is traditionally more of an interest to medium to larger organisations, though in reality it is suitable for use by organisations of any size or type.
So really, cyber security can be seen as a term that is bringing information security to a mainstream audience!