What is the defining difference between computer security and information security?  Why can we argue that information security is really an application of social science?

---

Computer security generally has to deal with mitigating and preventing cyber attacks, and the damage they can cause to a system’s software, as well as dealing with the physical aspects of computer security. While computer security generally has to deal with outer layer, and physical security of a device, informational security has to do with the inner working, specifically the content of the device(s). Sensitive information, access credentials, financial information and the like fall under informational security. Informational security can also be physically protected, albeit outside of a system, by having the information printed off into physical copies, or transferred onto an external hard-drive that is then placed in a secure location. While it is much more efficient to have it all stored digitally on a network, it is much safer to have more important information either backed-up on or moved entirely onto a device that is either disconnected from the network and secured, or physically printed off and secured. Much of the time, lapses in information security are the result of human error, and failure to follow best practices as opposed to computer security, where issues can be more attributed to hardware/software malfunctions, or external threats acting on a network or device.

Information security can be an application of social science. Overtime, following safety procedures can be found annoying for some employees so they may cut corners, they may click an unsafe link without thinking about it, or they may, on accident, have their credentials fall into the hands of people who intend to use them for malicious intent. It ends up becoming a matter of keeping up with employees and people with access to the systems, and making sure they follow best practice to minimize potential breaches in security.