With breaches of IT systems becoming increasingly regular in occurrence, cybersecurity is gaining prominence like never before.
Cybersecurity, in fact, is becoming the new normal for big as well as small organizations alike, who are looking to safeguard their sensitive data from getting leaked or hit by a ransomware.
The problem is widespread, and it isn’t just limited to private sector companies. Several government bureaus, including premier agencies like the CIA and NASA, have also reported breaches by both domestic and international cyber invasions.
Cyber attacks in systems like NASA, CIA, and many more 'top-security' government agencies, have driven the commercial organizations into a panic mode - all scampering to tighten their security measures in every way possible.
Due to this, various new terms like IT security, data security, cybersecurity, and information security are staring at us, promising to completely transform the security landscape forever.
Global players, mid-sized organizations, as well as the comparatively smaller ones, are all party to this transformation, using the best available resources to secure their critical information from data hacks.
Now, there is a huge confusion about whether Cybersecurity and Information Security are the same, or are there any distinguishing differences that can categorize these terms distinctly?
In simple words, Information Security and Cybersecurity are closely linked, but not same, though they are usually thought synonymous and often used interchangeably.
A bit about Information security, Information and Communications Technology (ICT) security, and IT security
Information and Communications Technology (ICT) security can be classified as the safeguarding of communications and information technologies, for instance, the software and hardware.
On the other hand, Information Security secures information, irrespective of whether the information is stored on a digital platform or otherwise.
The prime reason why people tend to confuse information security and ICT security is because most of the information is transmitted and stored using ICT.
Understandably, to protect information, the technology being used to transmit and store it must be protected as well.
Put simply, IT security and ICT security are practically same - a process that secures information and communications.
Another term that often makes headlines is data security.
Like the name suggests, it is primarily about protecting data.
This, in fact, opens up the debate about what exactly could be the difference between data and information.
Data, if considered separately, carries no significance unless it is presented in a given context.
Interestingly, when data is interpreted with a meaning and context, it turns into information.
An example of data can be "12101975". However, when we are given the fact that it is someone's date of birth, it becomes information.
Leakage of data doesn't necessarily mean that the world has come to an end, because people don't get to know what it means except the one storing it.
If people don’t possess the key, or the context and meaning to decipher the data and obtain information, then it would be worthless to them.
Nevertheless, data security is extremely important because it is quite possible for people (hackers) to acquire the right context to turn data into information, considering that data is often stored with adequate information attached to it, which makes things easier for hackers.
For instance - Card Holder's Name: David Hudson. Birthdate: 12101975.
Taking everything into consideration, it can be said that information security and data security are two sides of the same coin.
The concept of Cybersecurity is somewhat complex, and difficult to understand as it evokes several questions.
Is Cybersecurity all about securing the cyberspace?
Now, that doesn't carry any significant meaning right? So, what is it?
Cybersecurity, rather, can be defined as a security system that secures the vulnerability of Information and Communications Technology, and the items that are coming through it.
This information (items), can be split into two sets - analogue (non-digital) information, and digital information.
Cybersecurity implements a comprehensive security model that encompasses digital information, as well as analogue information, such as verbal messages, old books, and handwritten notes.
A malware planted in a software can disrupt the operations of a power grid physically, if the powerplant uses control systems with software components.
Similarly, water lock gates can be opened in a hydel plant, or temperature of cooling systems can be raised in nuclear power stations, simply by manipulating the software.
Besides damaging physical installations, hackers can also target network-driven infrastructures like smart cities, smart factories, and smart homes.
Moreover, non-digital information, for example, books and notes in libraries, also falls under the ambit of cybersecurity if these libraries use sprinkler systems regulated via ICT.
In all, Cybersecurity is about securing all vulnerable information transmitted and stored through Information and Communications Technology.
Essentially, an ideal set incorporates anything and everything, also everyone, accessible through cyberspace. It can include people, nature, and even animals.
Preventing cyberbullying is also a part of cybersecurity, as cited in von Solms and van Niekerk (2013) - bullying using social networks, mobile phones, computers, etc.
In theory, one could debate, everything in this connected world is exposed through Information and Communications Technology. So, what exactly is the role of cybersecurity?
The principles that govern the characteristics of cybersecurity can be defined as what needs to be secured should be secured from security threats and vulnerabilities dispensed by the exponential use of Information and Communications Technology.
There is, however, one thing that every student should take into account while studying the characteristics of information security and cybersecurity.
Though this document has made an attempt to deeply illustrate the differences between cybersecurity vs information security, there are several definitions on the subject that might differ from what has been described above.
This is because, for many, both information security and cyber security are terms that are synonymous, and can be used interchangeably, which, however, is not the case.
Moreover, the application of these two terms also varies on political and cultural aspects. For instance, in America, the word ”cybersecurity” is associated with the concepts discussed above, but in Russia, these concepts are mentioned as “information security”. Students can refer to Gadya and Austin (2010) for more examples of the same.