Network Security vs Information Security
Network security involves methods or practices used to protect a computer network from unauthorized accesses, misuses or modifications. Networks owned by different organizations require different levels of security. For example, level of security required by a home network would be different than the level of security required by a network of a large cooperation. Similarly, Information security prevents unauthorized accesses, misuses and modifications to information systems and basically it protects information.
What is Network Security?
Networks security is concerned with protecting a network from unauthorized accesses. The first step of this process is authenticating a user. Typically a username and a password are used for this. This is called one-factor authentication. In addition you can use two-factor or three-factor authentication schemes that involves verifying fingerprints or security tokens. After authenticating a user, a firewall is used to make sure that the user accesses only the services that are authorized to her. In addition to authenticating users, network should also provide security measures against computer viruses, worms or Trojans. To protect a network from these antivirus software and intrusion prevention systems (IPS) can be used. As mentioned earlier, different types of networks require different levels of security. For a small network of a home or a small business, a basic firewall, antivirus software and robust passwords would suffice, whereas a network of an important government organization might need to be protected using a strong firewall and proxy, encryption, strong antivirus software and a two- or three-factor authentication system, etc.
What is Information Security?
Information security is concerned with protecting information from getting in to the hands of unauthorized parties. Traditionally, main principles of information security are considered as providing confidentiality, integrity and availability. Later, some other elements like possession, authenticity and utility were proposed. Confidentiality concerns with preventing information from going in to unauthorized parties. Integrity makes sure that information cannot be modified secretly. Availability is concerned with whether the information is available when they are required. Availability also makes sure that the information system is not susceptible to attacks like denial-of-service (DOS). Authenticity is important for verifying the identities of two parties involved in a communication (that carry information). In addition, information security uses cryptography, especially when transferring information. Information would be encrypted such that it would be unusable to anyone other than the authorized users.
What is the difference between Network Security and Information Security?
Network security involves methods or practices used to protect a computer network from unauthorized accesses, misuses or modifications, whereas Information security prevents unauthorized accesses, misuses and modifications to information systems. In practice, software and tools used for achieving network security and information security might overlap. For example, antivirus software, firewalls and authentication schemes have to be employed by both the tasks. But the goals tried to be achieved by using them are different. Further, these two tasks complement each other in the sense if you cannot make sure that the network is secure, you can never guarantee that the information in the network is secure.