Communiquez avec les autres et partagez vos connaissances professionnelles

Inscrivez-vous ou connectez-vous pour rejoindre votre communauté professionnelle.

Suivre

What's the difference between Cybersecurity Policy & Information Security Policy?

cyber security, information security, cyberspace, SOC,

user-image
Question ajoutée par Hemza ATOUB , Sr. CYBER SECUIRITY Consultant IT/OT Certified IBM QRadar| Arcsight SIEM | ISO 27k1 | ICS | 20 CSC , CONFIDENTIAL
Date de publication: 2017/08/08
Utilisateur supprimé
par Utilisateur supprimé

Cybersecurity: The ability to protect or defend the use of cyberspace from cyber attacks.

Information Security: The protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability.

Now when you want to write policy in these 2, sometimes you have two viewpoints.

Naresh Kumar
par Naresh Kumar , Security Services Manager , London Stock Exchange Group

Security Policy: Is a documents, which defines the security needed for an organization. It consists of Standards, proceedures, and guidlines. It gives the instructions on what must be done by various roles within the security infrastructure to achive Confidentiality, Integrity and Availability.(or to limit Risk to acceptable level)

Information Security: Protects information in all forms like, data, infromation assets (tangible or intangible), digital, electronic etc. The Security policy alingned with this is called Cybersecurity Policy.

Cybersecurity: Protects Data that is in form of Digital or electronic (can say Data bind with Internet). The word Cyber means, characteristics if computer or Information technology. The Security policy alingned with this is called Cybersecurity Policy.

Note: The word "information" gives knowledge or facts about an object. Information stored or processed in computer is called data.

 

David Giorgobiani
par David Giorgobiani , Security Operations Solutions Architect , M.F.GE

Hello, cybersec policy is rules and procedures which defends from cyber attacks,

information sec policy is access management to information systems, documents and .... for example policies and procedures protects your documents from editing and checks for trues of copies

Hosam Eldin Osman Ibrahim
par Hosam Eldin Osman Ibrahim , ISMS BCMS ITSMS Lead Auditor, Consultant/Implementer, and Freelance , confidential

Cybersecurity Policy IS JUST A PART OF THE OVERALL Information Security Policy;

Information Security "Policy" is the overall governing policy of the organization; its main target is to show the intention, direction, and commitment of the Top Management towards protecting all information assets from internal and external attacks.

Cyber security policy is just like an ISMS policy, they are parts of the overall IS policy.

Cyber is a word currently referring to the outer space of the organization; e.x: Internet, Cloude, external attacks.

John Fundai Mugwagwa
par John Fundai Mugwagwa , Secretary , Angeline Kanyemb

Both are often thought as synonyms. But there is little bit difference between them. Cyber Security deals with protecting data, network and reputation of company against unusual attackCyber security is process to protect computer programs, damage or unauthorized access

Abid hussain Mohammed
par Abid hussain Mohammed , Cyber Security Manager , Geidea Solutions

Cyber Security policies are to protect the cyberspace from the cyber attacks.

Information security polices are to ensure all the users abide to the policies in order to protect the digitally stored data.

Toufik Sebbouh
par Toufik Sebbouh , IT security manager at Ericsson - Algeria , Ericsson

Information Security  guarantees that the data, including both physical and digital is safeguarded from unauthorized use, access, disruption, modification, destruction or recording. 

Cybersecurity guarantees that the computers, data, and network of the organization is defended from the unauthorized digital attack, access or damage by the mean of implementing several processes, practices, and technologies.  

Both practices consider the value of data. In Information Security, the main concern is safeguarding the data of the company from the illegal access of any kind, whereas, in Cybersecurity, the main concern is safeguarding the data of the company from illegal digital access. 

Now, the whole confusion about terms is because most of the information today is saved electronically and most of the cyber-attacks are executed to disclose confidential information, harm the integrity of it or deny access to authorized users.

So, the question remains if this should be categorized under Cyber Security or Information Security! On a personal opinion, this comes under both. The information is under threat hence information Security but Cyberspace is involved hence Cyber Security.

 

This makes Cyber Security a subset of Information Security (most popular opinion on the internet). But Cyber-crimes that do not involve threat to information are NOT part of Information Security but indeed a concern for Cyber Security.

Zayeem Alam
par Zayeem Alam , Consulting Manager , PwC (A.F.Ferguson & Co. a member firm of PwC network)

Information security is about the information that the company owns within its custody and its protections.

 

Where as cyber security is the is preservation of confidentiality, integrity and availability of information in the Cyberspace. Just as an example if your companies website is cloned and marketed by a malicious person for stealing information or maybe another persons registers a domain similar to your comapnies address. Information security does not cover the aspects where as cyber security does. As the world is moving to alot bigger space what happens to your data on cloud. You own it but its out there in the cyber space how are you going to protect it that is answered by Cyber Security

Utilisateur supprimé
par Utilisateur supprimé

Actually its very little.

It is not possible to consider technological security (cyber security) alone simply because from an IT perspective we already have the definition of combining business, people, technology, process together and then for any businesses security is about protecting the same items.

The only addition in the above is the flexibility in the businesses to embrace open networks (internet based transactions), hence "cyber" became a little more popular than the older brother - "information security". 

 

But, when we really want to give a holistic approach, information security still reigns on top of cyber security, just as much as it encompasses applications, networks, databases, employees, contractors, business units, different technologies.

 

 

Information security defines: confidentiality, integrity, and availability of data. Cyber-security is protecting data that is found in electronic form by identifying the critical data and the technology.

 

 

Cybersecurity is dealing with Information systems and any IT-related system. But Information security is about information not only in the form of IT systems. Every aspect of information carriers is involved.

More Questions Like This