Information Security

Information security

By John Bandler

Information security is about protecting and securing information and information assets and systems.

Information security includes cybersecurity, as depicted in this Venn diagram.

For practical purposes, individuals and organizations should think of cybersecurity and information security together, rather than trying to tackle those endeavors separately.

In my books I define information security like this:

Information security: Similar to cybersecurity, but it has been around longer and could include non-cyber information (paper, verbal statements, etc.). For practical convenience think of it being the same as cybersecurity. The objectives of information security are confidentiality, integrity, and availability (CIA) of information assets.

From my book Cyberlaw (2025), p. 480 (adapted from my 2024 book on Policies and Procedures)

Since I believe cybersecurity and information security should be addressed together, and since so much information is stored and communicated digitally, most of my work in this area falls under my categories of "cybersecurity" and "cybersecurity and cybercrime prevention".

Learn about cybersecurity to protect yourself, your family, and your organization. With knowledge comes better decision making on the many issues surrounding cybersecurity.

I have extensive resources on cybersecurity on this cite, and have covered it thoroughly in my existing books, and will revisit it with an updated perspective in my forthcoming book on Cybersecurity (2026 I hope).

As I work on an organization's cybersecurity, I think of three main goals (1) protect from cybercrime, (2) comply with legal requirements, (3) improve efficiency and improve the management of information systems.

More learning

This is just a stub of an article, to learn more about my way of thinking about information security, consider these:

• Introduction to Cybersecurity and Information Security
• Cybersecurity Tips from John Bandler
• Bandler's Four Pillars of Security
• Build Bandler's cybersecurity program yourself
• Cybersecurity things to know
• Cybersecurity and Cybercrime Prevention (course outline)
• Cyberlaw Book
• Cybersecurity Book (coming someday)
• Policies and Procedures Book (includes cybersecurity policy work)
• Cybersecurity for attorneys (course outline)
• Cybersecurity and Cybercrime Prevention (course outline)
• Cybersecurity course at Udemy
• Key terms definitions
  • Cybersecurity
  • Information security (this article)
  • Information asset
  • Information system
  • Cybersecurity program
• Within my books
  • Cyberlaw book (2024), Chapter 17: Introduction to Cybersecurity and Cybercrime Prevention
    • Chapter resource page, https://johnbandler.com/cyberlawbook-resources-ch17/
  • Cybercrime Investigations (2020 book), Chapter 4, Introduction to Information Security and Cybersecurity
  • Cybersecurity for the Home and Office: The Lawyer's Guide to Taking Charge of Your Own Information Security (2017 book), entire book, introduction in Chapter 4, Basic Information Security Principles

This page is hosted at https://johnbandler.com/information-security. Copyright John Bandler, all rights reserved.

This page is a key terms definition and a stub and pointer to my main article, Introduction to Cybersecurity and Information Security

Page posted 2/2/2023. Updated 11/26/2025