NIST (National Institute of Standards and Technology) defines cybersecurity as “the ability to protect or defend the use of cyberspace from cyberattack.”

In general, cybersecurity refers to attacks from inside or outside an organization – it is the framework for protecting and securing anything that is vulnerable to hack, attack or unauthorized access, such as computers, cell phones, networks and servers belong to.

Cybersecurity refers exclusively to the protection of data that is in digital form. So that means that when we talk about cybersecurity, we are automatically talking about digital information, systems and networks.

Information security primarily refers to protecting the confidentiality, integrity and availability of data – the form doesn’t matter here. Information security could, in purely theoretical terms, be about protecting a filing cabinet containing important, highly sensitive documents, as well as protecting your company’s database.

NIST defines information security as protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction to ensure the following:

Confidentiality:

• Data may be viewed or disclosed only by those authorized to do so.

Integrity:

• Data must not be able to be altered without detection or without being noticed. This therefore involves the detection of changes to data.

Availability:

• Availability refers to the time during which the system is functioning. In terms of the protection goals, the aim here is, of course, to keep availability as high as possible. Important: The risk of system failures must be minimized!