The terms cybersecurity, computer security, and information security are often used
interchangeably. However, each of these phrases has a different connotation and popular or technical
meaning as follows:
Copyright © 2012 by Daniel W. Hancock. All Rights Reserved.
The measures taken to protect computers (and other machines) from Internet-based attacks.
Cybersecurity is an increasingly popular term, especially for marketing goods and services.
However, use of this term dangerously suggests that (1) the villain is solely on the Internet and that (2)
protection from Internet-based attacks is sufficient. Usually neither of these suggestions is true.
- Computer Security
The measures taken to protect computers from attacks and unauthorized access.
The phrase computer security encompasses attacks arriving via any of a computer's input ports —
such as from its keyboard, from a USB thumbdrive, from a local network or Internet connection, etc.
Thus computer security is broader than cybersecurity because it is not limited to Internet-based attacks.
Computer security logically includes disgruntled employees' entry of malware into computers as well as their
unauthorized copying of confidential data from computers.
- Information Security
The measures taken to protect data from unauthorized access or modification.
This is the broadest of the three security terms and the one most frequently used by security professionals.
Also known as infosec, the term reflects the fact that information is the important business or
military product to be protected — whereas computers are the vehicles that hold and process the information.
Thus the starting point for infosec is the identification and prioritization of the data to be protected.
Information security measures then can include protections from suicide bombers, from ceiling duct intrusions, from
social engineering, from dumpster diving, from DNS and DoS attacks, from unauthorized employee actions, from
applications' buffer overflows, from other Internet-based attacks, etc.
Cybersecurity and computer security are subsets of information security.