Fundamentals of Information Security — Part 1

People often get confused between the terms Information Security and Cyber Security. A few have a misconception that both the terms mean the same. In this blog, we will explore some of the basic fundamentals of information security and also glance through understanding the difference between Information Security and Cyber Security. Let’s dive in.

INFORMATION SECURITY

The term “Information Security” does not entirely mean securing the information from unauthorized access but it also involves the practice of preventing unauthorized access, use, disclosure, disruption, modification, inspection, recording, or destruction of information. The existence of information can either be in a physical form or an electrical form. Information is simply conveyed by a sequence of symbols like characters, numbers, and punctuations. It is basically measured by a Discipline called Information Theory. The main motive while protecting the information is to increase the level of understanding and decrease the level of uncertainty.

Adhering to the condition, information must be accurate, complete, contextualized and relevant, authoritative and timely.

• Accurate: It basically means that the information must be fair and free from bias. It should not have any arithmetical and grammatical errors and must be reliable enough.
• Complete: The information must consist of facts and figures. Thus, the accuracy of information is just not enough. The completeness of information matters too with the valid facts and figures.
• Contextualized and Relevant: The information must always be relevant with some proper context for it to be valuable. It basically states that the information must be communicated to the right person.
• Authoritative: It states that the information received by the receiver must come from a reliable source. Thus, it depends on the past performance of the person communicating the information.
• Timely: Timely information depends on situation to situation. Depending upon the situation, the information must be communicated in time so that the receiver has enough time to take appropriate actions based on the information received.

CYBER SECURITY

There has always been a lot of confusion among security professionals between the terms “Information Security” and “Cyber Security”. Some people even think that cybersecurity is a subset of information security or vice versa which is interpreted wrong. Both the terms are often used as synonyms in security terminology but are totally different.

Information Security is all about protecting the information, which generally focuses on the aspects of Confidentiality, Integrity, and Availability, also known as the CIA Triad. It includes only information which is physical and digital or physical and electrical.

Cyber Security is about securing the things that are vulnerable through ICT considering where the information is stored and what technologies can be used to secure the information. It involves the creation, operations, analysis, and testing of secure computer systems. It includes information, both physical and digital as well as non-information aspects such as cars, traffic lights, etc. So, it in-turn deals with protecting cyberspace from cyber-attacks.

This is just a drop in the huge ocean of information security. Every domain is like a vast ocean in itself and has a lot to offer.

Keep learning :)

See you next time!