Archive 5 min read

Information Security vs. Cybersecurity

At some point in the past few years, the term "information security" took a back seat to "cybersecurity". Does it matter? Why?

Information Security vs. Cybersecurity

Watch this episode on YouTube.

Reasonably Accurate 馃馃 Transcript

Good morning. How's everybody doing today? Weird one for you. I am a firm believer that names matter. And when I started um way, way, way back as you can tell from the gray hair. If you've ever seen my photo, if you're watching this live, um we called cybersecurity, information security, information security, not just cybersecurity, but over the last few years, there's been this definite switch where information security is referred to less and less and what is commonly referred to now is cyber security.

Why does that matter? Who cares? It's just the name, right? We all know what we're talking about or do we? And that's really the challenge here is that I think there's a substantial difference. Now, there's all different types of security, there's physical security, there's operational security, there's information security, cybersecurity, blah, blah, blah, blah, blah.

Why does it matter is because information security directly refers to the information that you're talking about. You want to secure information. Now, information lives in a variety of places. So you think about um, let's talk about personal health information. Ok. So imagine that you're looking at my medical record now that is probably present in a few different forms as information, it's present in a digital system somewhere or at least pieces of it are the hospital.

My GP various specialists will have parts of my record presented or stored as information in a computer system in a digital system somewhere. But then if you keep thinking through the problem set, that's not the end of it. It's also sitting in paper form somewhere.

Right. This information has been recorded, um, on the old fashioned way and pen and paper filed away with all those ridiculous tabs and a wall of folders. But that's still the same data and it needs the same level of protection. And then there's another place that it's sitting, um, that a lot of people tend to forget about and that's inside the practitioner head.

All the folks who are dealing with my medical case, um you know, maybe transiently because they're dealing with lots of patients every day. But at some point, they have that information that are working on mentally as well. And when you talk about information security, the information itself lives in all these three mediums, in sort of in the wetware, in the people in the physical form as well as in the digital form.

When you talk about cybersecurity, you almost automatically exclude the physical form and that sort of wet wear, biological form. So you start to focus purely on the technology, you focus purely on the technical aspects of the problem and I think that, you know, and I believe if you've been following along with me, you know, you've, you've hopefully come aware of my way of thinking that very much does us all a big disservice because the information is the information, regardless of where it's sitting.

And if you're looking at the security of that information, you need to work throughout the entire life cycle of that information, that includes various mediums. If all you're worried about is cybersecurity, you're doing yourself and that information a disservice, right? So naming very much matters.

If you want to take the analogy, you could think of, let's say your house if you're thinking of cybersecurity and cyber is inside your house, but you don't worry about anything outside your house. That means that, you know, you could be in the most, you could put your house in the most treacherous place ever think like Dora, the Explorer level treachery.

If you've never had uh kids or sat um with kids while they've watched Dora, she is a relatively or she's an amazingly independent uh young lady character who lives in the most treacherous place on the planet that you think. Why would her abuela ever let her live next to um a volcano alligators that are actively trying to eat her um this massive lake that's full of dangers.

Um Just crazy, crazy, dangerous place. But inside her house is safe. So when you think from cybersecurity, that's really what we're doing going, you know what, inside the house is safe, but there's any number of terrifying things right outside the door. But that's not our concern because that's not part of cyber.

That's just other places. Yet you will come in from the outside, into the house and vice versa. So you as information need to be protected. And I think that's really where we do ourselves a disservice. When we only talk about cybersecurity, we focus purely on the digital.

This is a people problem, people, people problem people. Sure, let's go with that. It's a people problem people. Um this we very much need to worry about information everywhere it is. So and I know we can't turn back the tide at some point. Mass media marketing, we cyber all the things.

But I think as practitioners as people getting into the industry, it's important to remember even if we call it cybersecurity, it is really information security. And you need to look at every environment in which that is information lives to be able to put proper safeguards and protections in place because there's no sense in layering as 256 with complex pass phrases and all these great digital controls just to have somebody print it out and walk away and with it to pass it along to your adversaries or to accidentally forget it on a bus or any number of ways that information could go get into the wrong hands.

So remember, even though we call it cybersecurity and unfortunately, we're never going to go away from that name anymore. It is truly information security. Worry about it. Not just in the digital domain but in the physical as well as in biological as, as a topper.

It's all three. I'm sure I'm missing something as well. But still there you go. Remember, digital, physical and biological, all these domains need the proper processes in place. What do you think? How are you approaching it? Do you think only digital, let me know online at marknca in the comments or description down below?

As always by email to me at marknca? This is a discussion, it's ongoing. This is episode 59. We are quickly wrapping racking up the numbers here folks and it just gets better because I'm fueling all this content based on feedback I'm getting from you.

So don't be shy again. Hit me up, mark on marknca online. Um Look forward to talking to you soon. Have a fantastic day.

Read next