Cyber Security vs. Information Security?

Posted by Martin Holzke on 18th January 2018

Given all the recent cyber security incidents like WannaCry or the Experian breaches to name just two, yet information security high on the agenda everywhere, many people wonder how this goes together or not.

Should we concentrate on cyber security rather than information security?

The clear answer is NO, we need to deal with both.

Information security throws a much wider net in that it concerns itself with technical as non-technical aspects. Cyber security as just one of those various predominantly technical domains makes it merely one facet of information security. This in turn means that it might not always get the necessary attention to detail required to deal with cyber risks. So, having a dedicated cyber security program yet linked into the overall information security activities of the organisation makes a lot of sense.

How to approach cyber security? There are lots of approaches and frameworks around. The one I personally found very useful is NIST Cyber Security Framework because it is very hands-on walking you though a process yet without being overly prescriptive how to use it in detail. That way it nicely tailors to the needs of your organisation as well as promoting continual improvement rather than an one-size-fits-all approach.

Why not join us at ISO in the Sun to learn all about the concepts of NIST Cyber Security Framework 1.1:

  • The core functions Identify, Protect, Detect, Response and Recover with their categories and subcategories
  • The 4 tiers Partial, Risk informed, Repeatable and Adaptive
  • Current vs. target profile>7li>
Head over to to find out more and book. We would love to welcome you in Lanzarote.