IT Security: Clarifying Terminology

IT Security and Cybersecurity – What’s the Difference?

by Cynthia Cavendish-Carey, Vice President, C4CS

Technology pervades many aspects of our lives in today’s connected world. It truly is a global village when it comes to the internet and The Digital Age. We must all be on our guard to avoid attempted or realized disruptions from increasing and evolving threats to this virtual world we now live in – personally and professionally.

This is the first of a series of articles pertaining to the security of information technology (IT). Understanding what we are dealing with should begin with grasping the terminology for disruptions across all forms of information technology assets. Often, cybersecurity is used erroneously when IT security is actually what is meant. Therefore, let’s begin with clear definitions.

Information Security is the umbrella term for all things related to information, intellectual property as well as information-oriented infrastructure. According to many experts in the IT field, this is the design and implementation to protect print, electronic, or any other form of confidential, private and sensitive information or data from unauthorized access, use, misuse, disclosure, destruction, modification, malfunction or disruption. Further, Information Technology Security or IT Security maintains the integrity, confidentiality and availability of an organization’s assets and infrastructure: computers, networks and data.

Cybersecurity refers to the actual methods that are employed to protect networks, devices and data, shielding them from digital – or “cyber” – attacks. This is a subset of information security – generally involving the actual procedures that protect the IT Security infrastructure and the information itself.

It is vital in today’s world to continually – and continuously via automation, firewalls and technological safeguards – shield against intrusions and disruptions. Failure to install adequate protections and practices invites the potential for disruptions, emergencies and crises that threaten an organization’s reputation, ability to deliver goods and services and erodes confidence that imperils the bottom line. Serious legal and additional financial damages could also result, particularly in the event of a breach of confidentiality such as customer information or employee personal identifying information or PII.

Our society is becoming more and more dependent on the internet of things. IT security events and incidents, whether potential or realized, pose direct threats to our ability to function productively in our day-to-day work and personal lives.

Every organization must have a well-established IT Security Plan that is regularly reviewed and tested for efficacy. Such a plan should be a living document that all employees are at least familiar with to at least a certain degree. Of course, those who are directly responsible for IT security should be intimately familiar and heavily involved in all aspects of the plan development, review and testing.

But, additionally, every member of an organization must understand the role and responsibility they have in protecting associated IT assets. Regular, periodic testing of the employee base in a safe environment (often through a third party service provider) trains team members to recognize, avoid and report attempted phishing efforts on the part of bad actors, for instance. Unfortunately, hackers, bots, malware and spammers, and others are only becoming increasingly sophisticated in their attempts to undermine the IT security of organizations worldwide.

To help the Catalyst Connection network, future articles will explore best practices specifically for manufacturers, types of IT security threats and related crisis preparedness, Chain of Custody and testing the plan, among other topics. As we delve into these subjects, your comments and questions are welcomed.

Check out other articles in this series:

IT Security Risks: Addressing the Scope and Variety of Threats

IT Security Risks: So What’s the Plan?

In partnership with Catalyst Connection, Pittsburgh-based C4CS® ( provides customized crisis management and IT security consulting and training. Available group training and one-on-one crisis leadership coaching includes virtual and in-person tabletop and other crisis exercises built around realistic scenarios such as industrial accidents, cybersecurity incidents, employee and product crises among other hypothetical situations. To learn more about how C4CS can assist your organization, email: