There are many debates and discussions on this topic. There are those that only use the term “Information Security” or InfoSec to encompass all, and those that specifically use the term “Cyber Security” or CyberSec to differentiate their responsibilities.
INFORMATION SECURITY
Information Security analysts have a concern and focus on the Confidentiality, Integrity, & Availability [CIA] of information and general work with Identity and Access Management [IAM] dealing with account creation and password management. This also involves authenticity, accountability, and non-repudiation. InfoSec manages information against unauthorized access, use, modification, or destruction in order to maintain CIA.
Within IAM, you must define, monitor & manage an end users privileges for a variety of applications and device access. One method of access supervision is Role-Based Access Control [RBAC] which offers a simple, granular overview that is less error-prone than manually assigning individual permissions.
The RBAC permissions are based and set according to the needs and responsibilities of the group and/or department instead of the individual employees requirements. A role within a department is assigned permissions, then an employee can be assigned to that department’s role or security group. This way their access is role based and manageable.
CYBER SECURITY
Cyber Security engineers deal with the monitoring and protection against cyberspace & internet risks, attacks and compromise of data via processes, procedures, safeguards and guidelines to protect information for CIA. CyberSec tools involve vulnerability management, email security, endpoint detection & response, and Cyber Threat Intelligence [CTI].
An important staple for CyberSec is Security Awareness. For corporations, end users and employees must be trained to be vigilant of phishing emails that would allow for viruses and malware to enter the company’s network, or social engineering tactics to retrieve credentials information and/or data, and physical security measures such as tailgating and shoulder surfing.
InfoSec and CyberSec each require separate tools, experience, and skill sets that need to be defined. By using the proper terminology, hiring managers, recruiters, and job applicants call all be on the same page for better job placement and work productivity.