Computer Security vs Information Security: What’s the Difference?

The meaning of words and names change over time and this is especially true in the rapidly changing technology industry. For example, we have information security, computer security, information assurance, cyber security and IT security. Not only have these names changed meaning over time, there isn’t necessarily a clear consensus on the meanings and the degree to which they overlap or are interchangeable.

How similar and different are these and how does Mason’s MS in Management of Secure Information Systems address each?

One way to ascertain the similarities and differences among these terms (information security, computer security, information assurance, cyber security and IT security) is by asking what is being secured. For example, information security is securing information and doesn’t necessarily have to involve technology while IT security is technology specific. In practice though, as a greater percentage of information is being stored or transmitted electronically, even the names such as information security that don’t by definition necessarily relate to technology are more and more considered to do so.

Another way to consider a definition is to go to a well-regarded source such as NIST. Interestingly, NIST now contributes to the blurring of definitions by explicitly referencing information in a technology-oriented name (computer security) and explicitly referencing technology in the information-oriented names of information security and information assurance.

NIST Glossary of Key Information Security Terms – May 2013

Computer Security

Measures and controls that ensure confidentiality, integrity, and availability of information system assets including hardware, software, firmware, and information being processed, stored, and communicated.

Information Security

The protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability.

Information Assurance

Measures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. These measures include providing for restoration of information systems by incorporating protection, detection, and reaction capabilities.

The Mason MS in Management of Secure Information Systems program bridges the cyber security leadership gap between technical cyber security teams and boards and executives. The program is a multidisciplinary cyber security degree comprised of leadership and management, engineering and technical, and public policy. As such this cyber security leadership program covers the range of considerations behind these names and encompasses both the information perspective and the technology perspective. Mason’s cyber security management degree is oriented towards midcareer professionals with a passion for the cyber security field.



Tags: , , ,

Trackback from your site.

J.P. Auffret

I am director of the executive degree programs in the George Mason School of Business including the MS in Technology Management, MS in Management of Secure Information Systems, and Executive MBA. Additionally, I am a co-founder of the International Academy of CIO and serves as an advisory board member of the Waseda eGovernance Research Center.

Leave a comment