Whether you are an aspiring Security Professional or the average Home User, Information Security is something that needs to be taken seriously. The topic of Information Security is vast and its rivers run deep. You have probably heard terms like Computer Security, Information Security, and Cyber Security. While there are many overlapping areas, each of these terms have a different focus. In this article, we will dive into the differences so that we can see how they relate to one another. Let’s look at some important terms and concepts.
Information Security is of the widest birth and deals with the security of all information; including computer data and paper records. Locking filing cabinets, shredding old documents, and encrypted digital storage are examples of Information Security techniques.
The Information Security Triad (C-I-A) is the foundation of all Information Security policies and practices. The Confidentiality, Integrity, and Availability of information is critical. Providing availability while still maintaining the confidentiality and integrity of information is the basis of the security professional’s job.
- Confidentiality means that information that is intended to be private stays that way. Breaches in confidentiality may include personal financial information, like credit cards, or vital trade secrets of an organization.
- Integrity ensures that information is correct and unchanged/uncorrupted. This does not guarantee the information is accurate, just that it is unaltered. Inaccurate data could be stored and unaltered; it would still have integrity even though the information is inaccurate.
- Availability is critical, because you need to be able to get to the data you have stored. Information does not have value if you cannot access it when you need it.
Computer Security deals with all information stored on computers as well as the physical device itself. Stored data, the proper functioning of the device, and physical safety of the device are all covered under the Computer Security banner. The physical security of the machine can include theft or damage from humans, natural disasters, and even environmental factors like heat.
Cyber Security is often used synonymously with Computer Security, though I believe there is a slight difference that makes it worthy of its own category. Cyber Security deals primarily with the securing of network and Internet communications. Included in securing these communications is keeping unauthorized Internet users out of our internal network. To achieve this, many aspects of Information and Computer Security come together to make an effective Cyber Security defense.
The differences will become more obvious the deeper you dive into the topics. For example – A Computer Security technique is to encrypt stored data, while a Cyber Security technique would be to encrypt data during the transfer of said data. Both are employing encryption, but one is focused on securing stored data (Computer Security) and one is focused on securing data in-transit (Cyber Security).
The important thing to take away is that all of them complement each other to effectively secure your information.
CIA Triad of Information Security. Retrieved from https://www.techopedia.com/definition/25830/cia-triad-of-information-security
Introduction to Computer Security. University of California Santa Cruz. Retrieved from http://its.ucsc.edu/security/training/intro.html
Perrin, Chad. (2008, June 30th). The CIA Triad. Retrieved from http://www.techrepublic.com/blog/it-security/the-cia-triad/