Information Security or Cybersecurity?
It all depends on your definition of “It”
I began my 20-something security journey understanding that my role was to manage Information Security. This meant that I cared about information, digital or physical, in any context or capacity. This meant that I was concerned not only about external attacks, but internal processes (and the inevitable errors that occur) and humans, who rule them all.
But somewhere along this journey the industry shifted, and it seemed the role of the security leader was to manage Cybersecurity. This seemed to mean focusing mainly on external threats, on technology and tech environments, and people (but only to the extent that they interact with technology).
A bit frustrated and a little bit more concerned, I went to the socials (LinkedIn, X) to find out what the security community was thinking (or not) about the relationship between Information Security and Cybersecurity. I asked:
What Do You Think About Information Security and Cybersecurity? Are They:
The Same Thing
Cyber is part of InfoSec
InfoSec is part of Cyber
They are completely Different