Cybersecurity is a buzzword these days. There’s no one definition of it. The term appeared sometime around 1994. Still, after almost 30 years, we can’t even agree on how to spell it.

Is it cybersecurity? Or cyber-security? Maybe, Cyber Security? Either way, this term is highly sensationalized. Some people think cybersecurity is the same as InfoSec. Others say that cybersecurity is a subset of Information Security, which is actually true.

Yes, cybersecurity is the subset of Information Security, popularly called InfoSec.

For you, this difference doesn’t really matter. On our website, we terms like security, cybersecurity, InfoSec and Information Security interchangeably.

Information Security

According to ISO/IEC 27000:20181, here’s the definition of Information Security:

Preservation of confidentiality, integrity and availability of information. In addition, other properties, such as authenticity, accountability, non-repudiation, and reliability can also be involved.

If you’re not a security professional, it probably doesn’t tell you much. Let’s take a few more definitions from the same International Standard:


property that information is not made available or disclosed to unauthorized individuals, entities, or processes


property of accuracy and completeness


property of being accessible and usable on demand by an authorized entity


property that an entity is what it claims to be


ability to prove the occurrence of a claimed event or action and its originating entities

At the very basic level, InfoSec is about having your critical data properly protected and secured. Being a bit more precise, InfoSec is all about understanding, managing and mitigating the risk of your critical data from being disclosed, altered or denied access to.

The difference

Both Information Security and cybersecurity are focused on CIA triad - protecting the confidentiality, integrity and availability of your data.

Cybersecurity focuses only on protection of data in the digital world, and it’s a subset of Information Security. Information Security covers the protection of the data in the digital world, but it also goes beyond that. It also covers data protection in the real, physical world, as well as the influence of people and processes on data security.

Here’s a simple example:

Your business has some servers, where you store important data. Cybersecurity covers everything you need to protect data on those servers, such as implementing encryption, appropriate user access management, enabling firewalls, etc.

All those measures wouldn’t matter much if your servers would be in your office, in an unlocked room, which is not monitored and it’s freely accessible to all of your employees. Such situation would involve a huge number of security risks to your data.

Information Security focuses on such risks too.

  1. ↩︎