Computer Security or Information Security? What are we talking about?

Thursday, June 10, 2010

Jorge Mieres


I usually receive consultations in which, conceptually speaking, there is a notable confusion about the difference between computer security and information security. Therefore, we will try to clarify the issue in question.

While both issues are complementary and interact constantly in computer systems, the truth is that they have different aims. For one thing, computer security is responsible for protecting computer systems, the latter being understood as a combination of information, computers information and support people who use it. Basically, everything is in a computer environment.

While, Information Security is a much broader process involving not only the protection of information stored in computer systems but also ensures the information without discrimination where it's. In other words, information security goes far beyond its purpose is to safeguard the information, regardless of the means by which circulates or the place where it's stored.

Information is a "significant" assets that can be stored in different ways, in different ways and through different channels, not only can be stored digitally it can also be printed, written on paper in hand.

Not limited to these forms but can also be found in films, recordings, using the spoken language (conversational) and even the memory of people. Besides being able to be transmitted through various means, be they conventional communication channels (analog) or late-generation (digital).

Regardless of the character to take the information, it collects or spreading, should be adequately protected to ensure at all times the confidentiality, integrity and availability of data.

Therefore, the main goal in information security is just a way appropriate to protect the information, preserving a number of basic parameters for the assets (anything that can be measured through a cost) can be considered safe and secure, minimizing potential damage from any eventuality that may impede the normal operation of the organization.

Cross-posted from SecurityIntelligence

Enterprise Security Security Awareness
Post Rating I Like this!
Dwayne Melancon Good thoughts - reminds me of comments I've heard from companies, like "I only paid $400 for this Linux box - why would I want to pay $600 to secure it?"

Because you're securing the data - not the box itself.

I often liken it to car insurance. You definitely want to insure the car itself against damage, but the most valuable / irreplaceable things are the passengers.
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.