Everyone’s heard of Cyber Security. Breaches of security create great headlines, especially when personal information is involved. Cyber crime is the new frontier with the perpetrators seeking information that has a value to be exploited for financial or political gain. The typical reaction is to deploy technology tools to protect against known external and internal threats, or the threats that the Cyber Security sector is telling you about. It’s a great way to sell stuff.
But, is Cyber Security the whole picture? What about Information Security? What’s the difference between the two?
Cyber Security vs. Information Security
Cyber Security focuses on protecting and recovering hardware, networks, devices and applications. It is a technology solution to protect your technology assets.
Information Security, on the other hand, is a more comprehensive approach to protecting your data and assets. It does involve software tools (that’s the cyber piece) but focuses on all the other areas where threats exist. It starts by identifying all of your information assets and considers the confidentiality, availability and integrity of these assets. In addition to the technology assets like network, hardware, applications, databases and devices; information assets include things such as personnel, buildings and office spaces, and suppliers. Each of these can present just as big, if not a bigger risk to your business if not properly considered. These assets may be subject to different threats. Think about paper-based assets, they may contain confidential information. Are they left lying around the office or disposed of without due thought to the risks?
Information Security enables you to consider the risks to all your information assets no matter where they are or what they are being used for. It is an approach that helps determine the right tools or other measures to provide the appropriate protection. You will know where your information assets are and your users will be aware of the threats that could be targeting them or your organisation so that you can put measures in place to reduce the risk.
6 steps to improving your Information Security
ISO 27001 is an Information Security standard. It requires a great deal of effort to achieve certification and it’s not for everyone. There are some steps you can take without embracing the whole thing that will greatly improve your security.
- Identify all of your information assets
- Categorise them
- Assess the risk to each category, remembering confidentiality, integrity and availability
- Apply measures to appropriately protect the assets. This will include Cyber Security tools, policies and procedures
- Make sure all of your staff are aware of the risks and how you are mitigating them
- Periodically review
Cyber Security is a necessary part of our lives and protects our businesses from criminal activity enabled by the internet. But solely relying on Cyber Security tools may leave a chink in your armour. An Information Security approach will help you have a better understanding of your business and identify and patch vulnerabilities you will uncover in the process.