Everyone knows that security is essential in the Digital Age. Regular news reports about high-profile cyberattacks and data breaches leave no doubt that strong security is a must. But what’s the difference between information security, cybersecurity and network security?
There is definitely some confusion around these terms, in part because there’s a significant amount of overlap between them.
In one sense, information security dates back to when humans began keeping secrets; in the early days, physical files and documents were kept under literal lock and key. Once the business world began using computers, network security became essential to protect the electronic network infrastructure of these vital systems. The advent of the internet changed everything, adding once-unimagined technological capabilities but also creating new vulnerabilities; and giving rise to a critical new industry — cybersecurity.
So, which is the most important? While the first two are certainly critical to the practice of keeping systems, information and assets secure, it is cybersecurity that generates the lion’s share of the discussion these days.
Nevertheless, some analyses regard information security as the umbrella term because it refers to the processes and techniques designed to protect any kind of sensitive data and information from unauthorized access, whether in print or electronic form.
Under this view, cybersecurity is a subset of information security that deals with protecting an organization’s internet-connected systems from potential cyberattacks; and network security is a subset of cybersecurity that is focused on protecting an organization’s IT infrastructure from online threats. Though the terms are often used in conjunction with one another, cybersecurity is considered to be the broader discipline, with network security defined as one aspect of information and/or cybersecurity.
Information Security | Cybersecurity | Network Security [Definitions]
How do some of the industry’s leading players define these essential and closely related security terms?
Information security, according to security training specialist the SANS Institute, refers to “the processes and methodologies which are designed and implemented to protect print, electronic, or any other form of confidential, private and sensitive information or data from unauthorized access, use, misuse, disclosure, destruction, modification, or disruption.” The reference to “print” and information or data is significant, since cybersecurity pertains solely to digital or electronic information or data.
Cybersecurity is “the practice of protecting systems, networks and programs from digital attacks,” according to high-tech giant Cisco. “These attacks are usually aimed at accessing, changing, or destroying sensitive information; extorting money from users; or interrupting normal business processes.” PCmag simplifies the definition to: “the protection of data and systems in networks that are connected to the internet.”
Network security, the SANS Institute explains, is “the process of taking physical and software preventative measures to protect the underlying networking infrastructure from unauthorized access, misuse, malfunction, modification, destruction, or improper disclosure, thereby creating a secure platform for computers, users and programs to perform their permitted critical functions within a secure environment.”
What Is the CIA Triad in Security?
Whenever the conversation turns to information security, network security and cybersecurity, it is helpful to understand the CIA triad. Though the term CIA might at first bring to mind a shadowy world of spies and secrets when used in connection with the clandestine security industry, in this context it actually refers to a series of guidelines and objectives that security experts are focused on when developing policies and procedures for an effective information security program. The three elements of the CIA triad are considered the three most crucial components of information security.
CIA – Confidentiality, Integrity, Availability
Confidentiality: Ensuring that the information is inaccessible to unauthorized people, commonly enforced through encryption, IDs and passwords, two-factor authentication and additional defensive strategies.
Integrity: Safeguarding information and systems from being modified by unauthorized people, thereby ensuring that the protected data is accurate and trustworthy.
Availability: Ensuring that authorized people have access to the information when needed; this includes rigorously maintaining all systems, keeping them current with upgrades, using backups to safeguard against disruptions or data loss, etc.
Widely observed throughout the security industry, the CIA triad, according to Techopedia, “was created to provide a baseline standard for evaluating and implementing information security regardless of the underlying system and/or organization.”
Jobs in Information, Network and Cybersecurity
Here is a closer look at notable jobs from each of these security disciplines, as well as a sampling of job related titles from listings at the employment website LinkedIn.
Chief Information Security Officer
A CISO is the executive-level manager who directs strategy, operations and the budget for the protection of the enterprise information assets and manages that program. The scope of responsibility will encompass communications, applications and infrastructure, including the policies and procedures which apply. Top duties include:
- Direct and approve the design of security systems
- Ensure that disaster recovery and business continuity plans are in place and tested
- Review and approve security policies, controls and cyber incident response planning
- Review investigations after breaches or incidents, including impact analysis and recommendations for avoiding similar vulnerabilities
- Make sure that cybersecurity policies and procedures are communicated to all personnel and that compliance is enforced
- Manage all teams, employees, contractors and vendors involved in IT security
- Constantly update the cybersecurity strategy to leverage new technology and threat information
- Information Systems Security Officer (Amazon Web Services)
- Information Security Risk Analyst (Adobe)
- Information Security Architect (Cisco)
- Information Security Manager (Quantcast)
- Business Information Security Officer (Salesforce)
- Information Security Engineer (Google)
- Information Systems Security Officer (Raytheon)
Cyber Security Analyst
Cyber security analysts assess, plan and enact security measures to help protect an organization from security breaches and attacks on its computer networks and systems. The job involves simulating attacks to identify vulnerabilities, testing new software to help protect the company’s data, and helping users adhere to new regulations and processes to ensure the network stays safe. Additional duties may include:
- Monitor computer networks to identify any issues or security breaches that need to be resolved
- Install software, such as firewalls and data encryption programs, to help protect a company’s data and sensitive information
- Conduct tests on systems, including simulating attacks, to identify and defend potential areas of vulnerability
- Develop processes and standards to ensure that systems stay as safe as possible, including researching the latest IT security trends and software
- Prepare reports to document and support ongoing security efforts as well any security breaches
- Cyber Security Architect (Lockheed Martin)
- Cyber Info Systems Security Analyst (Northrop Grumman)
- Vice President, Information and Cyber Security (News America Marketing)
- Cyber Security Specialist Vulnerability Management (Irving Oil)
- Principal Cyber Security Architect (Comcast)
- Cyber Security Data Vulnerability Analyst (NBCUniversal)
- Director of Cyber Security Operations (City of Boston)
Network Security Engineer
Network security engineers are responsible for the provisioning, deployment, configuration and administration of many different pieces of network and security-related hardware and software. These include firewalls, routers, switches, various network-monitoring tools, and virtual private networks (VPNs). These engineers are a company’s first line of defense against unauthorized access from outside sources and potential security threats. Job responsibilities may include:
- Test for network vulnerabilities, working with IT staff to evaluate, test and troubleshoot technologies; identify, diagnose and resolve security issues
- Prepare comprehensive reports on their assessment-based findings, outcomes and proposals for further enhancing security
- Produce documentation to ensure proper protocols and processes related to server and security infrastructure are in place
- Create, implement and enforce network security
- Manage vendor relationships related to security upgrades, installations and planning
- Director, Network Security Architecture (Salesforce)
- Network Security Engineer (Dropbox)
- Principal Network Security Engineer (CBS Corp.)
- Network Security Architect (Booz Allen Hamilton)
- Network Security Lead (Verizon)
- Principal Network Security Consultant (Symantec)
It should be noted that there is considerable overlap in many of the positions that employers are hiring for in these three related disciplines. For further insight, check out this list of 50 jobs in this field “that every job seeker should know about,” from CybersecurityVentures.com.
It is well-known that the security industry includes a broad mix of professionals with varying experience and educational backgrounds — some are largely self-taught; others possess advanced degrees.
This is important because, across all industries, demand for high-tech security talent (information security, network security, cybersecurity) far exceeds the current supply. Simply put, technology has brought new opportunities, and new risks, but the workforce is still catching up.
To help combat this talent shortage and train the next generation of cybersecurity leaders, more colleges and universities are now offering advanced degree programs. At the same time, computer and IT professionals who have specialized in other areas are recalibrating their skillsets with a heightened focus on security.
One such degree program, the Master of Science in Cyber Security Operations and Leadership, is offered entirely online by the University of San Diego to afford maximum flexibility to working professionals looking to take advantage of new career opportunities in the brave new world of cyberspace.