Posted byon 18th January 2018
Should we concentrate on cyber security rather than information security?
The clear answer is NO, we need to deal with both.
Information security throws a much wider net in that it concerns itself with technical as non-technical aspects. Cyber security as just one of those various predominantly technical domains makes it merely one facet of information security. This in turn means that it might not always get the necessary attention to detail required to deal with cyber risks. So, having a dedicated cyber security program yet linked into the overall information security activities of the organisation makes a lot of sense.
How to approach cyber security? There are lots of approaches and frameworks around. The one I personally found very useful is NIST Cyber Security Framework because it is very hands-on walking you though a process yet without being overly prescriptive how to use it in detail. That way it nicely tailors to the needs of your organisation as well as promoting continual improvement rather than an one-size-fits-all approach.
Why not join us at ISO in the Sun to learn all about the concepts of NIST Cyber Security Framework 1.1: