In order to answer that, I need to clarify the difference between Cybersecurity and Information Security (infosec).
I googled a bit because I don’t have too much time and I did find something which is closest to my opinion. See Sources for a list.
Information security (or “InfoSec”) is the practice of defending information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. It is a general term that can be used regardless of the form the data may take (e.g. electronic, physical).
The CIA triad of confidentiality, integrity, and availability is at the heart of information security. The members of the classic InfoSec triad — confidentiality, integrity and availability — are interchangeably referred to in the literature as security attributes, properties, security goals, fundamental aspects, information criteria, critical information characteristics and basic building blocks. There is continuous debate about extending this classic trio. Other principles such as Accountability have sometimes been proposed for addition and it has been pointed out in various sources that issues such as Non-Repudiation do not fit well within the three core concepts.
Well, no matter how it is, InfoSec is concerned with making sure data in any form is kept secure and is a bit more broad than cybersecurity.
So, someone could likely be a cybersecurity expert without being an information security expert. However, I guess this is valid the other way around too, if we consider how broad “information” is.
Cybersecurity is all about protecting information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide. In order to to be able to protect something, it is imperative to identify what the critical data is, where it resides, and the technology you have to implement in order to protect it. The field is of growing importance due to the increasing reliance on computer systems in our lives. Computer systems now include a very wide variety of “smart” devices, including smartphones, televisions and tiny devices as part of the Internet of Things – and networks include not only the Internet and private data networks, but also Bluetooth, Wi-Fi and other wireless networks.
Cybersecurity is focused on protecting digital data and the devices that hold it, while infosec focused on any kind of data and its support.
My profile calls me “IT Security Expert” because in my studies and certifications I had to study pretty much everything that is related to security (both info- and cyber-sec).
My company is focusing only on protecting data in digital format and thus is called “Cybersecurity”.
Clear now? 🙂
© Copyright 2016 Sorin Mustaca, All rights Reserved. Written For: Sorin Mustaca on Cybersecurity
Check www.mustaca.com for the IT Consulting services I offer.