What is the difference between cyber security and information system security?

Cybersecurity and information security practices are closely related but have some distinguishing features:

1. Scope: Cybersecurity is focused on protecting networks, systems, and data in the cyberspace, which includes the internet, while information security encompasses the protection of all forms of data, whether electronic or physical.

2. Focus: Cybersecurity primarily deals with protecting systems from cyber threats like hacking, malware, and phishing attacks, whereas information security includes broader aspects such as data privacy, compliance, and physical security.

3. Technical Complexity: Cybersecurity tends to be more technically focused, involving tools and technologies like firewalls, intrusion detection systems, and encryption, while information security includes policies, procedures, and risk management practices alongside technical measures.

4. Threat Landscape: Cybersecurity is often more concerned with external threats that come from the internet, while information security may also include internal threats like employee errors or malicious insiders.

5. Regulatory Compliance: Information security often has a stronger emphasis on regulatory compliance and industry standards like GDPR, HIPAA, or PCI DSS, while cybersecurity standards like NIST Cybersecurity Framework are more specifically targeted at cyber threats.

In summary, while both cyber security and information security share common goals of protecting data and systems, cyber security tends to be more targeted at external online threats, while information security has a broader scope that includes both digital and physical aspects of security.