Subscribe Us

What is the difference between cyber security and information security

 Cyber security & information security

Cyber ​​Security are two very important concepts in technology, and Information Security and they are used quite a lot these days.

But a lot of people who use them confuse them or use them as the same thing, which is of course wrong, which is why we wrote this article.

In this article, we will discuss the definition of cyber security and information security, in addition to discussing the difference between cyber security and information security in detail. 

cyber security and information security
cyber security and information security


We will also discuss Information Security in depth, where we will be exposed to its most important principles and the risks it deals with.

What is Information Security?

Information Security, or as the specialists like to call it InfoSec, is the field that is concerned with protecting digital or non-digital data from any electronic attacks or unauthorized use. 

Information security is primarily concerned with the protection of information, whatever the type or form of this information, it is not required to be present on the Internet in order to be protected by information security.

Information security also aims to achieve 3 basic principles, known as the CIA model, which are:

1. Confidentiality: The principle of confidentiality aims to make information exclusive only to those who have permission to access it, and to withhold it from anyone who is not allowed to see it through information encryption or any other methods.

2. Safety or Integrity: The principle of integrity or integrity is concerned with protecting information from being modified by unauthorized persons. It is the principle that maintains that data is accurate and reliable.

3. Availability Availability is concerned with making information available to people who have permission to access it, anytime they need it.

It is the one who deals with maintaining the information present and not obscured by any of the parties authorized to access it at any time.

It is worth noting that the three previous principles of information security have been joined by three other new principles, namely:

4. Non Repudiation: The principle of non-repudiation states that a party is unable to deny that it has received the information or that it has not been transferred to it, as through encryption we guarantee that the sender has transferred the information to the addressee and no one else.

The principle of non-repudiation is achieved after the principles of integrity or authenticity are met.

5. Authenticity: The principle of authenticity is concerned with making sure that the addressees are the real people to whom we want to send information and are not impersonators.

This same principle occurs when digital currencies as Bitcoin from one person to another through digital wallets .

6. Accountability: The principle of responsibility is the principle concerned with tracking the actions of people who have access to this information, in order to ensure that it is known who has changed or modified any part of the information, and to keep a record of these actions to return to it at any time.

InfoSec or Information Security is the strategies, processes, and protocols that are used to handle and protect digital and non-digital information from any threat to it.

Among the most important procedures that information security professionals use:

  • Password strengthening.
  • Two-factor or multi-factor authentication.
  • Access control.
  • encryption.
  • legal responsibility.
  • Awareness and education.

In general, specialists identify information and its relationship to each other, and then evaluate its security, gaps and problems, and its impact on unauthorized access.

They also assess risks and develop strategies that will be dealt with intrusions or cyber attacks.

Among the most important risks that information security deals with:

  • The use of technologies and devices that have a weak coefficient of safety.
  • Destruction of digital and non-digital data.
  • Encryption problems.
  • Geographically targeted or geographically targeted attacks occur.
  • Weak or underdeveloped protection programs, especially when dealing with big data .
  • Social Engineering.

And we should talk a little bit about social engineering, as it is a dangerous method of attack and hacking. Hackers rely on the human factor as a weak point for systems and means of protection.

This type of attack is very successful, as the majority of data breaches are done through it, in which hackers target employees other than technology or information security departments in order to trick them into carrying out actions that reveal confidential information.

Among the most popular social engineering techniques used today are:

1. Blackmail blackmail: In this method, the employee is blackmailed through confidential information or something he wants to hide in order to gain access to the confidential data that the hacker wants.

2. Quid Pro Quo: The hacker will exchange this employee for money, a service, or something in exchange for this information.

3. Pretexting: The hacker pretends to be another trusted person in order to convince you to give him any confidential or personal information that helps him to do what he wants.

Examples of this include; People who call and pretend to be your bank employees, or your colleagues from another department of your company, in order to get confidential information from you.

4. Baiting: This method is a bit classic, in which the hacker uses a device that has malicious software on it, such as a CD or USB, and connects it to the company’s devices so that this malicious software is transmitted to the network or technical infrastructure and gets what he wants.

What is Cyber ​​Security?

Cyber ​​Security is the security that pertains to all devices, networks, and data connected to each other on the Internet .

It deals with digital threats in particular, and is the line of defense with which to defend against cyber attacks and threats. This is why cybersecurity usually deals with external threats more than it deals with internal threats.

And you can read in detail about cybersecurity, and everything related to it, through our previous detailed article that we published on cybersecurity .

What is the difference between information security and cyber security?

Now that we know about both cyber security and information security on their own we will discuss the difference between them in detail.

Although the two are concerned with the protection and preservation of information, there is a significant difference between them in concept and function.

The beginning of cyber security is part or branch of the larger field of information security, information security is concerned with preserving data and information of any kind and nature, whether from internal threats or from external threats.

While cybersecurity is concerned with preserving and securing information in cyberspace, including networks, devices and other external threats or attacks only.

Information security mainly deals only with the three or six concepts we mentioned earlier: Confidentiality, Integrity, Availability, Non Repudiation, Authenticity, and Accountability.

But cybersecurity goes beyond this in maintaining the information itself, devices, networks, mobile devices, and all the hardware and software of the company or organization.

It also deals with malicious software, such as ransomware or others, and takes care of developing tools and software that combat this malware.


We can compare Information Security and Cyber ​​Security, from several points, namely:

1. Concept: Information security is the field that is concerned with protecting information in its various forms from the threats that surround it. It focuses mainly on information.

As for cyber security, it is a branch of information security concerned with maintaining the integrity of the cyberspace from external threats, regardless of the various components of this space, including information, devices, or networks.

2. Threats that are dealt with: Information security deals with various threats that pertain to information in general, whether this information is digital or physical. The threat it deals with is anything that violates its six principles.

Whether this threat is coming from outside, from hackers and attackers, or from inside, from employees, workers, and natural hazards


cyber security
cyber security jobs
cyber security certifications
cyber security analyst
cyber security stocks
cyber security analyst salary
cyber security news
cyber security degree
cyber security companies
cyber security salary

Post a Comment