First things first: cybersecurity and IT security (information security) are not precisely the same thing, even though many people tend to use these terms interchangeably – which is understandable, because they are very closely related. In general, they both refer to the world of computers, computer networks and the information that is stored and processed there. This information is often highly sensitive and therefore, of course, needs to be protected by various measures.
Security for IT Professionals Explained
Security for IT professionals is a complicated matter, so here’s a basic explanation of the main types of security.
Simply put, one could probably say that “cybersecurity” (or according to the Merriam-Webster dictionary “cybersecurity”) aims at protecting the computer and/or computer network or computer system (which of course includes access via the internet as well), while “information security” or “IT security”, as the expression might suggest, concentrates on the protection of the data within those computers/computer networks.
Almost the same – but not quite the same
Of course, one could argue that the reason for protecting “the computer(s)” as such is the protection of the data/information, one way or the other.
According to the Glossary of Key Information Security Terms from May 2013 that is published by the National Institute of Standards and Technology (NIST), Cybersecurity refers to the “ability to protect or defend the use of cyberspace from cyber attacks” (CNSSI-4009)
According to Merriam-Webster, Cybersecurity is defined as “measures taken to protect a computer or computer system (as on the Internet) against unauthorized access or attack”.
On the website of “The School of Business at George Mason University”, one can read the following definition: “protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability”.
This might sound/read rather similar, but this time, the definition happens to refer to the term of Information Security. So, how can that be? Is it simply a question of semantics?
Actually, there is a slight difference between those two definitions: The second one focuses on the protection of the information.
Two aspects of the same challenge
Does this still sound quite the same? That’s because in both cases, the eventual challenge is the same. But the focus of the protective measures is slightly different – just like there is a difference between a watchdog and/or security guard securing the entrance to a building and the bodyguard that might protect a person that lives inside.
Back to the world of computers, one could probably argue that Cybersecurity and Information Security are two aspects of the same challenge – Computer Security or “COMPUSEC”, defined by NIST as: “Measures and controls that ensure confidentiality, integrity, and availability of information system assets including hardware, software, firmware, and information being processed, stored, and communicated.” (CNSSI-4009)