Information security, ICT/IT security, cyber security, or digital security? These terms are often used interchangeably and are synonyms for most people in everyday language. Do you find it difficult to distinguish all the concepts within digital security from each other? You are not alone!
Of all these terms, cybersecurity has gained the strongest foothold in recent years. The reason is probably because it is the most marketable since ‘cyber’ sounds exciting. But what does the concept entail?
Attempts have been made to establish a clearer description of these terms: In 2013, Von Solms and van Niekerk published the article “From information to cyber security.” This article forms the basis for clarifying these concepts and usually serves as the foundation when this topic is addressed in various professional forums, even though the quote often gets omitted. According to the authors, the choice of which term to use depends on the assets and vulnerabilities that can be exploited. These can be physical or digital assets in the form of hardware, information, or resources for an organization. Information and data have different values depending on factors such as confidentiality, integrity, and availability. For example, financial information, personal data, or trade secrets can have high value for organizations.
A vulnerability refers to a weakness or flaw in, for example, an IT system, an application, or an organization that could be exploited by a threat to gain access to a value and cause harm. Vulnerabilities can exist in software, hardware, physical infrastructure, and human factors and can arise for various reasons, such as poor design, incorrect configuration, lack of updates, or inadequate user training.
Figure 1: Relationship between information security, ICT security, and cybersecurity.
Source: Von Solms and Van Niekerk (2013)
When we work on security measures, we can consider the following division of areas:
- Information Security: Protecting information regardless of whether it is stored digitally or not.
- ICT/IT Security: Securing information and communication technology (ICT), including hardware and software. Hardware can range from PCs, servers, network equipment, mobile phones, and sensors to drones and satellites. Software includes software used for signal processing, analysis, data processing, algorithms, models, and control systems.
- Cybersecurity: Protecting everything vulnerable through the use of ICT. This can include drones, cars, telecommunications, or power supply. Since almost everything in our daily lives is controlled by ICT, cybersecurity forms the basis for societal security and safety in a broad sense.
In more recent versions of the model above, the concept of Digital Security has been introduced as the overarching term that encompasses parts of or the entirety of the other areas.
The terms information security, ICT/IT security, cyber security, and digital security are often intertwined in a complex digital world. Cybersecurity has gained increased prominence due to its appeal for excitement. Von Solms and van Niekerk clarified the concepts in 2013 with an organised categorisation: Information security protects all information regardless of form, ICT/IT security protects technology and software, and cybersecurity safeguards everything vulnerable through ICT. A future modification includes “Digital Security” as an inclusive term for everything digital.