IT security and information security are often used interchangeably, but there are significant differences between them:

IT security involves protecting computer systems, networks, and data from cyberattacks, theft, and damage. It safeguards the three core security objectives: confidentiality, integrity, and availability. IT security is a component of cybersecurity, as the latter also encompasses operational technologies (OT). It deals with technical measures such as firewalls, IPS, IDS, SIEM, etc.

Information security, on the other hand, encompasses both digital and analog security and thus refers to technical and organizational measures. One example would be the secure storage of paper documents and their proper disposal.

The conclusion, therefore, is that both IT security and cybersecurity are part of information security.