Organizations rely heavily on the use of Information Technology (IT) products and services to run their day-to-day activities. Ensuring the security of these products and services is of the utmost importance for the success of the organization.
Today, Information Technology products and services face insidious threats from advanced malware and vulnerabilities that, if left unchecked, are designed to penetrate government, corporate, and infrastructure systems to gain control over those systems, rob unsuspecting victims, steal identities, damage reputations, hold us hostage, or worse.
Globally, Cybercrime damages are set to exceed $6 trillion each year by 2021.
Despite the growing threat of Cyberattacks, more than half of businesses that suffered an attack didn’t anticipate any changes to their security measures.
Ensuring the security of your IT assets is of the utmost importance for the success of your organization. So how exactly do you prepare for the dismal future these statistics suggest?
Cybersecurity vs. Information Security
The difference between Information Security and Cybersecurity is a debate that rages on with as many different answers provided as the experts you query.
The terms “Cybersecurity” and “Information Security” are generally thought of as synonyms, but they create a lot of confusion even among security professionals. Some believe that Cybersecurity is a subset of Information Security while others think the opposite.
Yet, some banking regulators like the Reserve Bank of India, Hong Kong Monetary Authority, Monetary Authority of Singapore, etc., all require banks to have separate Cybersecurity and Information Security policies. These regulatory agencies view Cybersecurity and Information Security as two distinctly different objectives.For the purposes of this eBook, we’ll embrace the meanings of Cybersecurity and Information Security as defined by the National Institute of Standards and Technology (NIST)1:
Cybersecurity: The ability to protect or defend the use of cyberspace from cyberattacks.
Information Security: Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide:
- confidentiality, which means preserving authorized restrictions on access and disclosure, including means for protecting personal privacy and proprietary information;
- integrity, which means guarding against improper information modification or destruction, and includes ensuring information non-repudiation and authenticity; and
- availability, which means ensuring timely and reliable access to and use of information.
Information ≠ Data
To throw another log onto the fire, let’s consider data security. Data security is all about securing data, but not every bit of data is information. So, what’s the difference between data and information? Data can be called information when it is interpreted within a context that gives it meaning.
For example, “123-45-6789” is data because it's simply a string of alpha-numeric characters. If this data is found on a HR system record, then we know this is someone’s social security number. Now it is information. Why? Because, it has context.
In fact, it’s personally identifiable information or PII, and that opens up a whole new can of worms. PII must be cybersecure. Significant fines and penalties can result when PII has been cyber-breached, especially in view of the new data privacy laws coming into effect.
- Information is data which has some meaning.
- Information Security is all about protecting the information, which generally focuses on its confidentiality, integrity, and availability (CIA).
- Cybersecurity is about protecting information from being launched into cyberspace through cyberattacks and breaches.
To learn more, download our Free Cybersecurity eBook.