Cyber Security. Information Security. Network Security. What’s the difference?

As an information security training specialist Focus is often asked about the different meaning of these terms.

The reality is that there is no universal set of definitions upon which all will agree. Does this matter? No. The important thing is that relevant individuals recognise the range of security risks or threats to an organisation, and take appropriate action to prevent or deal with their occurrence.

Developing the right skillsets both within the IT community and the wider business lie at the heart of effective information security.
Explore Information Security Courses

The evolution of this terminology has in many ways reflected the increasing pervasiveness of information systems within all organisations over the past 30 years.

Information technology was once the preserve of the IT department and only limited data was passed between discrete computers or networks. Computers were largely used for data processing in areas such as payroll or finance.

In today’s world IT systems are at the heart of most organisations be they retailers, manufacturers, banks or government. Websites provide complex and real time interfaces with customers. Data processing may be in the cloud. Integrated ERP systems embrace everything from HR to CRM.

Data Security and ICT Security
Perhaps the start point of this journey. In the early days of the Information Age the vulnerability would often focus on raw data and isolated hardware and software.

Network Security
A network is two or more interconnected computers that share devices and information. The system administrator is usually in charge of network security and uses some or all of the following: User ID and Passwords; Firewalls; Denial of Access; Encryption.

Cyber Security
Primarily aimed at addressing risks originating from cyber-space. Threats in this category have become far more prevalent and of far greater consequence to organisations. As the range of external interfaces with customers, suppliers and others has increased so responsibility for information security spreads far beyond the IT department. This is the focus of the new Resilia framework from Axelos.

Information Security
A broader approach to information security with less emphasis on specific technologies where that information may be at risk. The emphasis becomes the Information Security Management System and is a key component of international standards such as ISO27001.

Information Assurance
The next step for some people has been to embrace all controls that address risks to information including physical security, people awareness and training as well as the all-important governance processes within an organisation.