“Computer Security” can mean a lot of different things depending on the specific context. Let’s use a potentially more general term - Information Security.

Information Security is the practice of securing data and information from threats to its confidentiality, integrity, or availability. That is to say, information stored in systems can be vulnerable to unintended disclosure (confidentiality). This is when someone obtains unauthorized access to information (or information systems), or when someone divulges information inappropriately (think along the lines of your doctor sharing your medical records without permission). Information can also be tampered with (integrity), and there are ramifications to this, too. For example, students tampering with their grades/records, someone tampering with an authentication system to gain unauthorized access (changing a password, basically), and so on. Then there’s availability, which is when information is just not available for the people, processes, or systems that need it when it is needed. This can be things like accidental or deliberate deletion of information, denial of service attacks, etc.

Why is this important? More and more businesses and individuals rely on the information and data they own and on information systems in general. An advertising agency could be devastated if they were to somehow lose all of their digital marketing collateral. A manufacturer could lose its competitive edge if a competitor learned their intellectual property like design specs or details of their manufacturing process. An accounting firm’s reputation could be trashed if someone maliciously altered their records so that the accounting firm provided incorrect financial and tax reporting. Even as individual private citizens, consider the amount of time you spend on a computing device, and the kinds of things you use that device for maybe mobile banking, maybe you use a ride-share application that saved your credit card info, maybe you do on-line shopping?

So, back to “Computer Security.” Sometimes people use this term interchangeably with Information Security. However, it could also specifically mean some of the tools, techniques, and processes used to secure computers within the broader context of Information Security. This can include things like using whole disk encryption, file-level encryption, anti-virus / anti-malware, web proxy software, password vaults, etc. It could even include things like password policies, biometrics, secure access cards, and even physical security measures like laptop locks/chains.

From a high level, this is generally how these things are talked about:

Information Security
-> Computer Security
-> Software Security
-> Network Security