Comparing Infosec and Cybersecurity: Two Types of Data Security With a Common Goal

Originally published by New Context.

Infosec and cybersecurity are two primary concerns for modern organizations. While they’re separate areas, they’re very closely linked because so much information is in digital storage. This is especially true given the rapid digital acceleration of 2020, where we saw COVID-19 speed the adoption of digital tools by three to four years. Of course, with this rapid innovation comes an increased risk of security breaches.

Managing both infosec and cybersecurity effectively in such an environment requires a complete culture shift. Employees must be empowered to take ownership of their information security. On top of that, developers need to establish and follow best practices to protect the infrastructure that guards this information.

Comparing Infosec and Cybersecurity

Infosec and cybersecurity are closely linked, but not the same thing. The two have a parent/child relationship, with infosec being the parent and cybersecurity the child. As a result, they’re managed in different ways, often by disparate departments.

Addressing both of these components can be a challenge because they’re the purview of different parts of an organization with opposing skill sets. Attorneys managing the data compliance challenges of an organization will have little technical cybersecurity knowledge. Meanwhile, developers may not be familiar with all the ins and outs of the laws which must be codified into their system. Managing both requires a collaborative approach that becomes a standard part of the culture.

Addressing Cybersecurity and Infosec with Culture

Infosec and cybersecurity need to be addressed by the entire organization, which is often a challenge because two separate departments handle them. Ingraining security awareness into the overall culture of an organization helps to ensure adherence to most policies. Building that culture requires three key components:

1. Communication. Every person in an organization should know what is expected of them concerning infosec and confidentiality. Clearly written policies are a good start, but it’s important to reiterate these policies regularly.
2. Transparency. Transparency is where a lot of companies fall flat in their communication efforts. Often, they tell employees what to do, but they don’t explain why it’s essential. Employees should understand the risk of not following procedures. Tying the risks to current events either in the world or the organization can help to solidify this.
3. Example. Culture filters from the top down. To establish a secure culture, leaders must set the standard by following proper procedures and requiring managers to do the same.

When it comes to the development of cybersecurity procedures, best practices are vital. Developers should know what tactics they must follow in the code they write, the programs they adopt, and the strategies they use. Clear guidelines ensure a clean system that’s easier to manage.

Infosec and cybersecurity work together, so organizations must collaborate to support them. A supportive culture is one where employees are empowered to take ownership of security by managers who lead by example.