Information Security

Information security is, broadly, the practice of securing your data, no matter its form. It can just as easily be about protecting a filing cabinet of important documents as it is about protecting your organization’s database.
Information security can be defined as:
Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide:
  • Confidentiality, which means preserving authorized restrictions on access and disclosure, including means for protecting personal privacy and proprietary information
  • Integrity, which means guarding against improper information modification or destruction, and includes ensuring information nonrepudiation and authenticity
  • Availability, which means ensuring timely and reliable access to and use of information.
Examples of information security:
Procedural controls 
These controls prevent, detect, or minimize security risks to any physical assets such as computer systems, data centers, and even filing cabinets. These can include security awareness education, security framework, compliance training, and incident response plans and procedures.
Access controls 
These controls dictate who’s allowed to access and use company information and the company network. These controls establish restrictions on physical access to building entrances and virtual access, such as privileged access authorization.
Technical controls
These controls involve using multi-factor user authentication at login, firewalls, and antivirus software.
Compliance controls
These controls deal with privacy laws and cybersecurity standards designed to minimize security threats. They require an information security risk assessment and enforce information security requirements.

Cyber Security

Cyber security focuses on protecting data found in electronic form from being compromised and attacked. Cybersecurity professionals take on a more active role by protecting servers, endpoints, databases, and networks by finding security gaps and misconfigurations that create vulnerabilities. They also identify what the critical data is and where it’s living, determine its risk exposure, and assess related technology.
Examples of cybersecurity:
Network security
A practice of securing networks against unauthorized access, misuse, interference, or interruption of service.
Application security 
A process that involves detecting, fixing, and enhancing the security of applications to prevent data or code within the applications from being stolen.
Cloud security 
A combination of policies, controls, procedures, and technologies that work together to protect cloud-based infrastructures and systems.
Critical infrastructure 
A set of foundation tools that provide security services such as virus scanners, intrusion prevention systems, anti-malware software, and more.