top of page

The difference between information security and cyber security.

Did you know that Information security and cyber security are not equivalent?

If you thought that the two subjects are the same thing, fear not, you are not alone. Many persons do not understand the nuance between Information Security and Cyber Security.

Indeed, there are many similarities between the two and in fact, Cyber Security is a subcategory of Information Security.

When we talk about Information security, we refer to the storage and protection of data in general. This can be in the form of a simple letter to the encrypted file on a USB key, whereas cyber security focus on the technological part only (Emails, information on cloud, etc.).

To understand properly the difference between Information Security and Cyber Security, we must understand the concept of information/data first.

As mentioned previously, Information Security will study how an organization or an individual store and protect data. The information itself can be in various form. It can be physical like a certificate or a business license, or it can be digital like the source code of a mobile application or an email.

The storage of information also vary. For example, information on paper can be stored in a file and classified in a drawer, or it can be digital and stored on a USB key. The protection of information will also differ accordingly to its form, its method of storage and its degree of sensitivity. Sensible information will generally have a higher level of security than low importance information.

As you would already be aware by now, there is a clear distinction between what a physical information is and what a digital information is.

Now that this concept is clear, it is easier to understand the difference between Information Security and Cyber Security.

To simplify, cyber security will focus on the protection of digital data by making sure that the storage (servers), and points of accessibility (endpoints/networks) are properly configure and have no vulnerabilities.

For example:

1. Network security will assure that there are no unauthorized access, misuse, interference, or interruption of service.

2. Cloud security is a combination of policies, controls, procedures, and technologies that work together to protect cloud-based infrastructures and systems.

3. Critical infrastructure is a set of foundation tools that provide security services such as virus scanners, intrusion prevention systems, anti-malware software, and more.

In contrast, information security will take in consideration many other factors.

For example:

1. Procedural controls, which will prevent, detect, or minimize security risks to any physical assets such as computer systems, data centers, and even filing cabinets. These can include security awareness education, security framework, compliance training, and incident response plans and procedures.

2. Access controls to use the company information and the company network. These controls establish restrictions on physical access to building entrances and virtual access, such as privileged access authorization.

3. Compliance controls to abide by the privacy laws and cybersecurity standards designed to minimize security threats. They require an information security risk assessment and enforce information security requirements.

As you can see, Information Security and cyber security have the same goal but have different level of work. The overlapping surely contributes to the confusion between the two subjects but the basic examples above would surely help in their distinction.

Assess your Information Security, Cyber Security and Data Privacy risks now to protect you from security incidents that can harm your company. Contact us now on to learn how we can help.

If you would like to know about the 7 principles of GDPR, click on the link below:


bottom of page