How is Cyber Security different from Information Security?

By Varul Arora

Cyber Security and Information Security are used interchangeably by people. However, these two terms have a considerable difference. While Cyber Security is associated with securing digital workspace, Information Security is associated with how an organisation protects the data. Here is a lowdown on how the two are different.

What is Cyber Security?

Cyber Security involves protecting the information of an organisation from the outside-world hackers or saving it from system breaches. Networks, servers, intranets, and computer internet systems are secured by Cyber Security professionals. If a hacker is able to penetrate into an organisation system, then the organisation needs better cyber security architecture. Cyber Security comprises fields, including Network Security, Application Security, Mobile Security, Spyware/Malware Analysis, Cyber/Digital Forensics, Penetration Testing, etc.

What is Information Security?

Information Security deals with data security and is based on the concept of securing an organisation’s data from threats and malicious users. The difference between the terms data and information needs to define as both the terms are also used interchangeably. All the things which are stored in a system are called data, and all data cannot be termed as information. The data becomes information when it can be interpreted, and contextual meaning is established. 

Difference between Cyber Security and Information Security

• Function of Cyber Security vs. Information Security: Cyber Security deals with the existent or even non-existent threats in the cyberspace whereas information security deals with integrity, confidentiality, and the availability of the information assets.
• Security: In terms of security, one can think that these terms are identical or alike, but they aren’t. There is a thin line of difference. Cyber Security deals with the protection of the cyber space from hackers or anyone who tries unauthorised access whereas the information security deals with safeguarding the information from unauthorized access.
• Value of data: For every organisation, the most important element is data. In terms of Cyber Security, the major concern of any organisation is protecting its information from unauthorised access including each item in the cyber space whereas, in Information Security, the organisation needs to safeguard the information assets from any type of threat.
• Security professional: Personnel working in cyber security domain need to deal with Advanced Persistent Threat (APT). If a hacker is able to deploy APT in the organisation network, all the information can be extracted from the cyber space and since it's persistent the outflow of information doesn’t stop. On the other hand, Information Security is the basis of data security and people working in the information security domain need to classify the organisation resources before dealing with the threats.

Scope of Courses in Cyber Security and Information Security

I did my MSc in Applied Cyber Security with a one-year professional internship from the Queen’s University Belfast, Northern Ireland, UK. During my term time, I studied six modules that were:

1. Network Security and Monitoring
2. Ethical and Legal Issues in Cyber Security
3. Malware
4. Software Assurance
5. Digital Forensics
6. Applied Cryptography

I went to the UK in 2017 as I was not able to find any suitable college for MSc in Cyber Security in India. There were many colleges, but they were offering MTech, for which I was not eligible as I did BCA (Bachelor of Computer Application’s).

The colleges offering MTech in India were not purely in cyber security, they were a blend of IT with Cyber Security or Computer with Cyber Security. Therefore, I choose Queen’s University of Belfast and went to the UK.

There are many good colleges now in India as well which provide a Master’s degree in Cyber Security and Information Security. I recommend the following colleges for Master’s based on their course structure in India and the UK.

Colleges in India

1. Gujarat Forensic Sciences University - GFSU: M.Sc. Digital Forensic and Information Security
2. Symbiosis Institute of Computer Studies and Research, Pune: M.Sc.(System Security)
3. IIIT Hyderabad - International Institute of Information Technology: MTech in Computer Security and Information Security
4. IIIT Delhi - Indraprastha Institute of Information Technology: MTech (CSE) with specialization in Information Security
5. DU - Delhi University: Post Graduate Diploma in Cyber Security and Law

Colleges in the UK

For Cyber Security

1. Queen’s University Belfast: M.Sc. in Applied Cyber Security with one-year professional internship
2. Kings College London: M.Sc. Cyber Security
3. City University of London: M.Sc. Cyber Security

For Information Security

1. Royal Holloway: MSc in Information Security with a year in Industry
2. University College London: M.Sc. Information Security
3. Kingston University: M.Sc. Network and Information Security

The budget of Master’s in Cyber Security or Information Security in India is less if we compare it to the one in the UK. The UK Masters will cost approximately Rs 25-30 lakh, which includes the university fees, accommodation fees, travel expense and your living cost. It can cost more if you planning to go and study in London as the cost of living is more compare to other cities in the UK. If you are planning to go to the UK, I highly recommend working part-time as you are allowed to work for 20 hours a week. This will help you to earn your monthly expenses.

If anyone is unable to do the Masters in cyber security or information security from India or the UK just because of the cost issue, I suggest the following certificate course to jump start your career in the field of security. These certificate courses are globally recognised in security industry and help you to improve your credential in security domain. For CEH, you need to have minimum of two years of security experience or you can take training for CEH from authorised institute and appear for the exam whereas for Security +, it is recommended two years of work experience but it’s not mandatory.

Certificate Courses

1. Certified Ethical Hacker (CEH) : EC-Council
2. CompTIA Security + : CompTIA

About the Author:

Varul Arora is a founder of the UK-based startup TISEC. He completed MSc in Applied Cyber Security with one-year professional internship from Queen's University Belfast. He has also completed Post Graduate Diploma in Management in Supply Chain Management from Delhi School of Business.