From the British government’s response to General Assembly resolution 71/28 “Developments in the field of information and telecommunications in the context of international security” in July 2017.
An articulation of the difference between cyber security and information security:
The United Kingdom continues to reiterate it will use its preferred terminology of ‘cyber security’ and related concepts throughout this submission. ‘Cyber security’ denotes efforts aimed at the preservation of confidentiality, availability and integrity of information in cyberspace, including the internet and other networks and forms of digital communication.
The term ‘information security’ may cause potential confusion as it is used by some countries and organisations as part of doctrine regarding information itself as a threat against which additional protection is needed. The United Kingdom does not recognise the validity of ‘information security’ when used in this context since it could be employed in attempts to legitimise controls on freedom of expression beyond the Universal Declaration on Human Rights (UDHR) and the International Covenant on Civil and Political Right (ICCPR).