Cybersecurity vs. Information Security (infosec)

Somebody asked me why do I have in my LinkedIn profile “IT Security Expert” and in my company website “Sorin Mustaca Cybersecurity”.

In order to answer that, I need to clarify the difference between Cybersecurity and Information Security (infosec).

I googled a bit because I don’t have too much time and I did find something which is closest to my opinion. See Sources for a list.


Information security (or “InfoSec”) is the practice of defending information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. It is a general term that can be used regardless of the form the data may take (e.g. electronic, physical).

The CIA triad of confidentiality, integrity, and availability is at the heart of information security. The members of the classic InfoSec triad — confidentiality, integrity and availability — are interchangeably referred to in the literature as security attributes, properties, security goals, fundamental aspects, information criteria, critical information characteristics and basic building blocks. There is continuous debate about extending this classic trio. Other principles such as Accountability have sometimes been proposed for addition and it has been pointed out in various sources that issues such as Non-Repudiation do not fit well within the three core concepts.

Well, no matter how it is, InfoSec is concerned with making sure data in any form is kept secure and is a bit more broad than cybersecurity.

So, someone could likely be a cybersecurity expert without being an information security expert. However, I guess this is valid the other way around too, if we consider how broad “information” is.


Cybersecurity is all about protecting information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide. In order to to be able to protect something, it is imperative to identify what the critical data is, where it resides, and the technology you have to implement in order to protect it. The field is of growing importance due to the increasing reliance on computer systems in our lives. Computer systems now include a very wide variety of “smart” devices, including smartphones, televisions and tiny devices as part of the Internet of Things – and networks include not only the Internet and private data networks, but also Bluetooth, Wi-Fi and other wireless networks.


Executive summary

Cybersecurity is focused on protecting digital data and the devices that hold it, while infosec focused on any kind of data and its support.



My profile calls me “IT Security Expert” because in my studies and certifications I had to study pretty much everything that is related to security (both info- and cyber-sec).

My company is focusing only on protecting data in digital format and thus is called “Cybersecurity”.


Clear now? 🙂





© Copyright Sorin Mustaca, All rights Reserved. Written For: Sorin Mustaca on Cybersecurity

Check for seeing the consulting services we offer.

Visit for latest security news in English
Besuchen Sie für IT Sicherheits News auf Deutsch

About the Author

Sorin Mustaca
Sorin Mustaca, (ISC)2 CSSLP, CompTIA Security+ and Project+, is working since over 20 years in the IT Security industry and worked between 2003-2014 for Avira as Product Manager for the known products used by over 100 million users world-wide. Today he is CEO and owner of Endpoint Cybersecurity GmbH focusing on Cybersecurity, secure software development and security for IoT and Automotive. He is also running his personal blog Sorin Mustaca on Cybersecurity and is the author of the free eBook Improve your security .
%d bloggers like this: