You often see people use the terms ‘cyber security’ and ‘information security’ interchangeably. That’s because, in their most basic forms, they refer to the same thing: the integrity and confidentiality of information.
But there’s a crucial difference, which can be explained simply.
Information is at the heart of any organisation, whether it’s business records, personal data or intellectual property. It can be kept in any number of places and can be accessed in many ways. You’re most likely to access data on your work computer or via paper records, but information can also be found on removable disks, laptops, servers, personal devices and a host of other places.
It all needs to be kept safe, and the process of doing that is called information security.
There are two sub-categories of information security. The first is the protection of the physical environment by ensuring the premises is secure. The second is to make sure no one can access information electronically. This is cyber security.
Cyber security covers the steps an organisation must take to protect information that can be accessed via vulnerabilities in its networks and systems. Crooks are far more likely to conduct cyber attacks, plant malware or send malicious emails than break into a building – and for good reason. They don’t need to travel to the organisation’s premises, they are less likely to get caught and they leave behind less evidence.
This means that, although cyber security is only one part of information security, it is the most important.
It’s worth noting that there’s a lot of overlap between physical and cyber security. For instance, physical security prevents someone getting into the organisation’s premises, but cyber security is needed to mitigate insider threats. Equally, cyber security relies on physical security to reduce the likelihood of an attacker gaining access.
Stay secure with ISO 27001
Keeping your organisation secure requires constant attention, but the good news is that everybody faces the same problems and there is plenty of help available. The international standard ISO 27001 describes best practices for information security. Implementing the Standard’s requirements ensures that you’re doing everything you can to keep your organisation secure inside and out.
That is, of course, easier said than done. ISO 27001 can take anywhere from three months to a year to implement, and it will be particularly tough if you don’t already have qualified ISO 27001 professionals to help. Fortunately, IT Governance’s ISO 27001 implementation bundles simplify the process. Depending on how much help you need, you can receive:
- Copies of the Standard;
- Two bestselling guides;
- A complete set of ISO 27001 policies and procedures;
- Risk assessment software;
- Two Live Online training courses; and
- Structured consultancy.