Per DICE and based on the mining of the “nearly 80,000 jobs posted on Dice on any given day”, here are the latest top ten fastest growing skills. Note the breakout between “Cybersecurity” and “Information Security”; that’s the second time this week I have noticed the distinction as if it is obvious to everyone. I don’t even recall ever seeing the word back a few years ago when I studied for the CISSP and CISM.
According to NIST’s Glossary of Key Information Security Terms and the Committee on National Security Systems’ Information Assurance Glossary, cybersecurity is “The ability to protect or defend the use of cyberspace from cyber attacks”; while information security is defined much broader:
The protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability.
Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide— 1) integrity, which means guarding against improper information modification or destruction, and includes ensuring information nonrepudiation and authenticity; 2) confidentiality, which means preserving authorized restrictions on access and disclosure, including means for protecting personal privacy and proprietary information; and 3) availability, which means ensuring timely and reliable access to and use of information.
Googling around I find many seem to use the terms synonymously and some even confess to doing so. Many see “cybersecurity” a subset of “information security” with the former being more of a technical and forensics focus. That was my thoughts as well, with information security falling underneath “information assurance”, which according to the above documents is…
Measures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. These measures include providing for restoration of information systems by incorporating protection, detection, and reaction capabilities.
Looking at a few government security-based blogs, it seems the cybersecurity lingo originated in Washington or maybe academia, as it is a title in a favorite lecture series on The Great Courses (which I in fact purchased). Here cybersecurity seems to have more national/international implications.
ISACA has also jumped into the frey with a new knowledge platform and credential titled “Cybersecurity Nexus“.
So I guess we better stay tuned as the term evolves.