How Cyber Security and Information Security Standards Work Together to Protect Your Organisation
While often used interchangeably, cyber security and information security cover different aspects of protecting organisational data. In short, cyber security is a subset of information security, dealing specifically with online and digital threats, while information security covers all methods of protecting information from various risks.
Information Security
Information Security, on the other hand, encompasses a broader approach to protecting all types of information—both digital and physical. The ISO/IEC 27000 series is the primary standard family here, with ISO/IEC 27001 as the core standard, setting requirements for an Information Security Management System (ISMS). This family aims to ensure the confidentiality, integrity, and availability of all information assets. Additional standards, like ISO/IEC 27002 (controls) and ISO/IEC 27701 (privacy), support organisations in comprehensive information protection.
ATOL are launching specialised courses in ISO 27001 Information Security Management Systems, equipping organisations with the skills to implement and maintain strong information security practices in line with international standards.
Cyber Security
Cyber Security focuses on defending digital assets—systems, networks, and data—from cyber threats such as hacking, malware, and phishing attacks. Standards like ISO/IEC 27032 provide guidelines for safeguarding against cyber threats, while others, like ISO/IEC 27033 (Network Security) and ISO/IEC 30111 (Vulnerability Handling), address specific areas within cyber security. These standards work together to create a secure cyber environment for online and network-based assets.