Information Security refers on how to protect your information assets, meanwhile Data Privacy refers on how to protect your personal data.
The practices and skills to protect information or personal data are similar, with the big difference that personal data is protected by law in many countries, with the European GDPR as a legal frame adopted by many other countries.
Thus, Information Security is not ruled by law, there is ISO 27.000 series about “Information Security Management Systems” which is the de-facto standard in this topic.
Companies need to take care about its information assets on its own interest and data privacy to comply with the law. The basic things to be done are:
- Determine the scope
- Determine the leadership and responsibilities
- Determine and evaluate risks and opportunities
- Determine support functions and procedures
- Determine operations
- Determine effectivity
Regarding Cybersecurity. No doubt that the risk associated with this topic is significant and many companies are suffering attacks, but to strengthen awareness and to get secure and private in structured manner, Cybersecurity must be embedded in an overall information security and data privacy policy.
At the end, what counts in Information Security and Data Privacy is the result you get out of the investment in the project. Its not the activity, its the result.
More information: