With data breaches dominating the news it is all too common to see terms like cyber security, information security, and IT security in the headlines. As phishing emails and CEO email scams are reaching all-time highs, these terms have been used interchangeably to describe the business units and actions needed to combat malicious outsiders.
This growing concern has led many organizations to take a deeper look into their information security practices. But first, it is important to understand how these terms are related, how they are different, and how they apply to your business.
Recently, when discussing information security with a client, I was asked, “Are these terms simply buzz words used to capture an audience, similar to the way people have misinterpreted ‘the cloud?’” I will admit, from a marketing perspective, cyber security would win as the word most often used to describe data breaches. However, cyber security is only one piece of a very large puzzle.
All these terms fall under the umbrella of Risk Management. And while the media seems to use these phrases interchangeably, they do mean different things. It’s important for executives to understand the differences and similarities in order to be sure they and their team are focused on the right pieces of this complex puzzle.
The term ‘information security’ is used to define the people, processes, and technology involved in protecting data (information) of any form – digital or paper. Information security lives within an organization’s overall risk management approach and includes such units as Business Continuity Planning. Many organizations see information security as an IT problem, but that couldn’t be further from the truth. Information security should be an organization-wide umbrella defining the people, processes, technology, and data the organization wishes to protect.
Included within the information security circle is cyber security, the term used to describe the technologies, processes, and practices designed to protect networks, computers, programs, and data from attack, damage, or unauthorized access. Cyber security deals specifically with the digital information an organization must protect.
Finally, the term ‘IT security’ can be used to describe the method of implementing procedures and systems to defend the confidentiality, integrity, and availability of any digital organizational information.
IT security is the hardware and software used by IT departments to assist in the cyber security operations of the business, which is clearly defined by the information security framework of the organization.
To learn more about Kreischer Miller’s information security services, please don’t hesitate to contact us.
Contact Sassan Hejazi at Email or 215.441.4600.
You may also like: