LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

What is the difference between Informationssicherheit and Datensicherheit / Datenschutz?

Informationssicherheit covers ALL information the organisation handles — paper notes, conversations, software state — while Datenschutz (data protection) is specifically about personal data and legal compliance.

Three nested boxes: Datenschutz inside Datensicherheit inside Informationssicherheit

* Nested scope: Datenschutz within Datensicherheit within Informationssicherheit. *

Term Scope Driven by
Informationssicherheit Any information stored, processed or transmitted by the organisation ISO 27001, business risk
Datensicherheit Technical protection of data (a subset; engineer's view) IT controls
Datenschutz (Privacy / data protection) Personal data of customers, employees, citizens DSG (CH), GDPR/DSGVO (EU), HIPAA (US)

Don't conflate them: in everyday speech "Datensicherheit" is often used for everything, but in a formal ISMS context they're distinct.

Why this matters in audits:

  • A pen-tester finds a leaked customer email → Datenschutz incident (regulatory fines possible).
  • A pen-tester finds the leaked board-meeting strategy doc → Informationssicherheit incident (no privacy law, but huge business damage).

Both need protection, but the legal and reporting paths differ.

Tip: Datenschutz ⊂ Informationssicherheit. The privacy officer (DSB) and the CISO often disagree because their KPIs overlap but their constraints don't.

Go deeper:

From Quiz: ISF / ISMS & Security Standards (ISO 27k, NIST, BSI) | Updated: Jul 14, 2026